Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with redirect virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 tichris08

tichris08

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 15 March 2013 - 01:32 AM

Hi everyone,

 

I'm trying to remove a variant of the nasty redirect virus and am having little luck with it.  I had one some while ago and was able to clear it out with combofix, but this one has me beat.  I've tried many things from antivirus tools (recovery disks runing linux with an antivirus etc) and none really found anything.  I've used hijackthis, MBRFix and a couple of other tools and everything on that front looks normal; but clearly the redirection still occurs so it's hooked somewhere.  I'd appreciate any help at this point.  As a disclaimer; I'm not afraid of advanced tools; I've been using/programming for two decade.  Here's the information requested by the forum:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.4.1
Run by leegnd at 23:31:04 on 2013-03-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2551.1349 [GMT -7:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\leegnd\Local Settings\Application Data\Updater19962\Updater19962.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3954CF41-8C83-11E2-A59E-001FBC019C61}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3954CF41-8C83-11E2-A59E-001FBC019C61}
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - c:\program files\supreme savings\Supreme Savings.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - c:\program files\updater by sweetpacks\Extension32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [Updater19962.exe] c:\documents and settings\leegnd\local settings\application data\updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300
uRunOnce: [*NPE] "c:\documents and settings\leegnd\my documents\downloads\NPE.exe" /POSTFIX
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{02015947-FA6C-4502-B42C-5A916A5EE266} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5195F07D-410D-4E91-81B9-1506BF84CD64} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\leegnd\application data\mozilla\firefox\profiles\gauggt9v.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={3954CF41-8C83-11E2-A59E-001FBC019C61}
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\leegnd\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\leegnd\application data\mozilla\plugins\npo3dautoplugin.dll
FF - plugin: c:\documents and settings\leegnd\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\gamespy\comrade\npcomrade.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-02-20 22:06; firebug@software.joehewitt.com; c:\documents and settings\leegnd\application data\mozilla\firefox\profiles\gauggt9v.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-03-14 01:43; crossriderapp19962@crossrider.com; c:\documents and settings\leegnd\application data\mozilla\firefox\profiles\gauggt9v.default\extensions\crossriderapp19962@crossrider.com
FF - ExtSQL: 2013-03-14 01:44; {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}; c:\program files\updater by sweetpacks\Firefox
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2013-3-14 97440]
R1 sepdrv;sepdrv;c:\windows\system32\drivers\sepdrv.sys [2007-3-15 77040]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [2013-3-14 188760]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-9-30 210224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 115808]
S3 cpuz126;cpuz126; [x]
S3 cpuz130;cpuz130;\??\c:\docume~1\leegnd\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\leegnd\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-3-14 30616]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-9-30 31872]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\RpcAgentSrv.exe [2013-1-21 68760]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-8-19 26112]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 vpn-x;VPN-X Virtual Network Interface Card(NIC);c:\windows\system32\drivers\vpn-x.sys [2012-2-1 24960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\visualstudio\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2013-03-15 06:21:41    29600    ----a-w-    c:\windows\system32\drivers\SMR311.dat
2013-03-15 06:11:55    97440    ----a-w-    c:\windows\system32\drivers\SMR311.SYS
2013-03-15 06:11:53    --------    d-----w-    c:\documents and settings\leegnd\local settings\application data\NPE
2013-03-15 06:11:53    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2013-03-14 08:46:47    30616    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-03-14 08:46:46    --------    d-----w-    c:\program files\HitmanPro
2013-03-14 08:44:23    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
2013-03-14 08:44:17    --------    d-----w-    c:\program files\Updater By SweetPacks
2013-03-14 08:44:03    --------    d-----w-    c:\documents and settings\leegnd\local settings\application data\Updater19962
2013-03-14 08:43:57    --------    d-----w-    c:\program files\Optimizer Pro
2013-03-14 08:43:55    --------    d-----w-    c:\program files\SweetIM
2013-03-14 08:43:33    --------    d-----w-    c:\program files\Supreme Savings
2013-03-14 08:37:07    --------    d-s---w-    C:\ComboFix
2013-03-14 08:10:39    --------    d-----w-    c:\program files\Max Spyware Detector
2013-03-14 08:09:05    --------    d-----w-    c:\documents and settings\all users\application data\Max Secure
2013-03-14 07:58:10    --------    d-----w-    c:\documents and settings\leegnd\local settings\application data\Max Secure Software
2013-03-14 05:18:07    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-03-14 04:55:33    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-14 04:55:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-14 04:50:46    --------    d-----w-    c:\program files\GridinSoft Trojan Killer
2013-03-14 02:55:36    --------    d-----w-    c:\program files\Enigma Software Group
2013-03-14 02:55:21    --------    d-----w-    c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-03-14 02:34:16    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-13 08:14:04    --------    d-----w-    c:\documents and settings\all users\application data\Simply Super Software
2013-03-08 01:15:29    --------    d-----w-    c:\program files\Mozilla
2013-02-27 06:11:11    --------    d-----w-    c:\program files\Git
2013-02-15 22:31:23    186432    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-03-13 06:28:24    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 06:28:24    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-05 20:05:47    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-02-05 20:05:46    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57    385024    ----a-w-    c:\windows\system32\html.iec
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2002-05-31 08:42:00    1222144    ----a-w-    c:\program files\PerlIDE.exe
.
============= FINISH: 23:31:10.09 ===============
 

 

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 15 March 2013 - 01:41 AM

SInce I know that there are many variants of this sucker around;

I should add that I see no side-effects beyond the redirection.  I can run every program without a problem.  There's 9 svchost (which seems a little high) in the task manager.  The redirection doesn't happen at every click and it typically send what i type into a serach engine and shows me a pick from it (at least it seems that way) since the searches are seemingly related vs random.



#3 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 15 March 2013 - 02:58 AM

I updated my system to remove the nag-ware that all the free AA tools added and this is the updated DDS file:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.4.1
Run by leegnd at 0:55:57 on 2013-03-15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2551.1939 [GMT -7:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\findstr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SWEETIE: {EEE6C35C-6118-11DC-9C72-001320C79847} - LocalServer32 - <no file>
TB: <No Name>: {EEE6C35B-6118-11DC-9C72-001320C79847} - LocalServer32 - <no file>
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRunOnce: [SpUninstallDeleteDir] rmdir /s /q "c:\documents and settings\leegnd\application data\SearchProtect"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{02015947-FA6C-4502-B42C-5A916A5EE266} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5195F07D-410D-4E91-81B9-1506BF84CD64} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\leegnd\application data\mozilla\firefox\profiles\gauggt9v.default\
FF - prefs.js: browser.search.selectedEngine - appbario7 Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\leegnd\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\leegnd\application data\mozilla\plugins\npo3dautoplugin.dll
FF - plugin: c:\documents and settings\leegnd\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\gamespy\comrade\npcomrade.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-02-20 22:06; firebug@software.joehewitt.com; c:\documents and settings\leegnd\application data\mozilla\firefox\profiles\gauggt9v.default\extensions\firebug@software.joehewitt.com.xpi
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R1 sepdrv;sepdrv;c:\windows\system32\drivers\sepdrv.sys [2007-3-15 77040]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-9-30 210224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 115808]
S3 cpuz126;cpuz126; [x]
S3 cpuz130;cpuz130;\??\c:\docume~1\leegnd\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\leegnd\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-3-14 30616]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-9-30 31872]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\RpcAgentSrv.exe [2013-1-21 68760]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-8-19 26112]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 vpn-x;VPN-X Virtual Network Interface Card(NIC);c:\windows\system32\drivers\vpn-x.sys [2012-2-1 24960]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\visualstudio\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2013-03-15 07:14:48    --------    d-----w-    c:\documents and settings\leegnd\application data\PerformerSoft
2013-03-15 07:14:46    18096    ----a-w-    c:\windows\system32\roboot.exe
2013-03-15 07:14:40    --------    d-----w-    c:\program files\Conduit
2013-03-15 07:14:38    --------    d-----w-    c:\documents and settings\leegnd\local settings\application data\Conduit
2013-03-15 07:14:31    --------    d-----w-    c:\documents and settings\leegnd\local settings\application data\CRE
2013-03-15 07:13:44    --------    d-----w-    c:\documents and settings\all users\application data\IBUpdaterService
2013-03-15 07:13:43    --------    d-----w-    c:\documents and settings\leegnd\application data\File Scout
2013-03-15 06:35:48    --------    d-----w-    c:\program files\ESET
2013-03-15 06:11:53    --------    d-----w-    c:\documents and settings\leegnd\local settings\application data\NPE
2013-03-15 06:11:53    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2013-03-14 08:46:47    30616    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-03-14 08:46:46    --------    d-----w-    c:\program files\HitmanPro
2013-03-14 08:44:23    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
2013-03-14 08:43:57    --------    d-----w-    c:\program files\Optimizer Pro
2013-03-14 08:37:07    --------    d-s---w-    C:\ComboFix
2013-03-14 08:10:39    --------    d-----w-    c:\program files\Max Spyware Detector
2013-03-14 08:09:05    --------    d-----w-    c:\documents and settings\all users\application data\Max Secure
2013-03-14 07:58:10    --------    d-----w-    c:\documents and settings\leegnd\local settings\application data\Max Secure Software
2013-03-14 05:18:07    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-03-14 04:55:33    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-14 04:55:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-14 04:50:46    --------    d-----w-    c:\program files\GridinSoft Trojan Killer
2013-03-14 02:55:36    --------    d-----w-    c:\program files\Enigma Software Group
2013-03-14 02:55:21    --------    d-----w-    c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-03-14 02:34:16    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-13 08:14:04    --------    d-----w-    c:\documents and settings\all users\application data\Simply Super Software
2013-03-08 01:15:29    --------    d-----w-    c:\program files\Mozilla
2013-02-27 06:11:11    --------    d-----w-    c:\program files\Git
2013-02-15 22:31:23    186432    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-03-13 06:28:24    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 06:28:24    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-06 10:38:36    770384    ----a-w-    c:\windows\system32\msvcr100.dll
2013-03-06 10:38:36    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-02-05 20:05:47    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-02-05 20:05:46    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57    385024    ----a-w-    c:\windows\system32\html.iec
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2002-05-31 08:42:00    1222144    ----a-w-    c:\program files\PerlIDE.exe
.
============= FINISH:  0:56:01.39 ===============
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 15 March 2013 - 05:53 AM


Hello tichris08

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 15 March 2013 - 10:33 PM

 Results of screen317's Security Check version 0.99.61  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Internet Security 2011   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 JavaFX 2.1.0    
 Java™ 6 Update 26  
 Java™ 7 Update 4  
 Java version out of Date!
 Adobe Flash Player     11.6.602.180  
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (19.0.2)
 Mozilla Thunderbird (17.0.4)
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
 


Edited by tichris08, 15 March 2013 - 10:38 PM.


#6 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 15 March 2013 - 10:35 PM

# AdwCleaner v2.114 - Logfile created 03/15/2013 at 20:27:31
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : leegnd - HOMER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\leegnd\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\searchplugins\Conduit.xml
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\leegnd\Application Data\file scout
Folder Deleted : C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\jetpack
Folder Deleted : C:\Documents and Settings\leegnd\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\leegnd\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\leegnd\Local Settings\Application Data\Coupon Companion Plugin
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Optimizer Pro

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227981
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\Software\Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\prefs.js

C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.aniweather.timeShifted", 1610404);
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"64\": {\"id\": \"64\",\"tit[...]
Deleted : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Deleted : user_pref("surfcanyon.last_checked_ts", "1267004048254");
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"browser":{"last_known_google_url":"hxxps://www.google.com/","last_prompted_google_url":"hxxps://ww[...]

*************************

AdwCleaner[S1].txt - [8006 octets] - [15/03/2013 20:27:31]

########## EOF - C:\AdwCleaner[S1].txt - [8066 octets] ##########


 



#7 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 15 March 2013 - 10:38 PM

RogueKiller V8.5.3 [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : leegnd [Admin rights]
Mode : Scan -- Date : 03/15/2013 20:36:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ +++++
--- User ---
[MBR] 8b760c09202c5f4623aaa758e268f721
[BSP] 0fe0feeffd45089a5a12572c43343ec5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03152013_02d2036.txt >>
RKreport[1]_S_03152013_02d2036.txt


 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 15 March 2013 - 10:47 PM


Hello tichris08

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 15 March 2013 - 11:37 PM

ComboFix 13-03-15.01 - leegnd 03/15/2013  21:07:16.5.8 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2551.1576 [GMT -7:00]
Running from: c:\documents and settings\leegnd\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\roboot.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_amsint32
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-16 to 2013-03-16  )))))))))))))))))))))))))))))))
.
.
2013-03-16 04:03 . 2013-03-16 04:03    --------    d-----w-    c:\documents and settings\leegnd\Local Settings\Application Data\AVG SafeGuard toolbar
2013-03-16 04:01 . 2013-03-16 04:01    --------    d-----w-    c:\documents and settings\leegnd\Application Data\AVG2013
2013-03-16 03:59 . 2013-03-16 03:59    --------    d-----w-    c:\documents and settings\leegnd\Application Data\TuneUp Software
2013-03-16 03:59 . 2013-03-16 03:59    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-03-16 03:59 . 2013-03-16 03:59    --------    d-----w-    c:\documents and settings\leegnd\Application Data\AVG SafeGuard toolbar
2013-03-16 03:59 . 2013-03-16 03:59    31576    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-03-16 03:59 . 2013-03-16 03:59    --------    d-----w-    c:\program files\Common Files\AVG Secure Search
2013-03-16 03:59 . 2013-03-16 03:59    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2013-03-16 03:59 . 2013-03-16 03:59    --------    d-----w-    c:\documents and settings\All Users\AVG SafeGuard toolbar
2013-03-16 03:55 . 2013-03-16 04:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG2013
2013-03-16 03:55 . 2013-03-16 03:55    --------    d-----w-    C:\$AVG
2013-03-16 03:51 . 2013-03-16 03:51    --------    d-----w-    c:\documents and settings\leegnd\Local Settings\Application Data\Avg2013
2013-03-16 03:51 . 2013-03-16 03:51    --------    d-----w-    c:\documents and settings\leegnd\Local Settings\Application Data\MFAData
2013-03-15 08:26 . 2013-03-15 08:26    2721168    ----a-w-    C:\Windows7-USB-DVD-tool.exe
2013-03-15 07:14 . 2013-03-15 07:14    --------    d-----w-    c:\documents and settings\leegnd\Local Settings\Application Data\CRE
2013-03-15 06:35 . 2013-03-15 06:35    --------    d-----w-    c:\program files\ESET
2013-03-15 06:11 . 2013-03-15 06:57    --------    d-----w-    c:\documents and settings\leegnd\Local Settings\Application Data\NPE
2013-03-15 06:11 . 2013-03-15 06:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2013-03-14 08:46 . 2013-03-14 08:46    30616    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-03-14 08:46 . 2013-03-14 08:46    --------    d-----w-    c:\program files\HitmanPro
2013-03-14 08:44 . 2013-03-14 08:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-03-14 08:10 . 2013-03-14 08:37    --------    d-----w-    c:\program files\Max Spyware Detector
2013-03-14 08:09 . 2013-03-14 08:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Max Secure
2013-03-14 07:58 . 2013-03-14 07:58    --------    d-----w-    c:\documents and settings\leegnd\Local Settings\Application Data\Max Secure Software
2013-03-14 05:18 . 2013-03-14 05:18    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-03-14 04:55 . 2013-03-14 04:55    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-14 04:55 . 2012-12-14 23:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-14 04:50 . 2013-03-14 06:14    --------    d-----w-    c:\program files\GridinSoft Trojan Killer
2013-03-14 02:55 . 2013-03-14 02:55    --------    d-----w-    c:\program files\Enigma Software Group
2013-03-14 02:55 . 2013-03-14 04:48    --------    d-----w-    c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-03-14 02:34 . 2013-03-14 02:34    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-13 08:14 . 2013-03-13 08:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Simply Super Software
2013-03-12 06:28 . 2013-03-13 02:32    --------    d-----w-    c:\program files\Mozilla Thunderbird
2013-03-08 01:15 . 2013-03-08 19:54    --------    d-----w-    c:\program files\Mozilla
2013-03-01 17:32 . 2013-03-01 17:32    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-27 06:11 . 2013-02-27 06:11    --------    d-----w-    c:\program files\Git
2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 10:52 . 2013-02-14 10:52    182072    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 06:28 . 2012-05-25 08:31    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 06:28 . 2012-05-25 08:31    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-08 11:37 . 2013-02-08 11:37    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37    245048    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2013-02-08 11:37    170808    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2013-02-08 11:37    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 20:05 . 2006-02-28 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2006-02-28 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2006-02-28 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2006-02-28 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-01-26 03:55 . 2006-02-28 12:00    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2006-02-28 12:00    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2006-02-28 12:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2006-02-28 12:00    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2006-02-28 12:00    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-16 12:23 . 2006-02-28 12:00    290560    ----a-w-    c:\windows\system32\atmfd.dll
2002-05-31 08:42 . 2008-05-17 22:20    1222144    ----a-w-    c:\program files\PerlIDE.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-06 1622016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-06 4394032]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-03-16 1101488]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NovacomD"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Games\\ET\\ET.exe"=
"c:\\Games\\Quake 4\\Quake4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Games\\ASE\\eye.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Games\\Duke3D\\eduke32.exe"=
"c:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=
"c:\\Program Files\\Mozilla\\firefox.exe"=
"c:\\Program Files\\ASUS\\WL-700gE Wireless Router Utilities\\Download.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\ASUS\\WL-700gE Wireless Router Utilities\\nasload.exe"=
"c:\\Program Files\\ASUS\\WL-700gE Wireless Router Utilities\\Discovery700g.exe"=
"c:\\Program Files\\Tftpd32\\tftpd32.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\GameSpyArcade\\Aphex.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Mumble\\murmur.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Games\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos behind enemy lines\\Comandos.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos behind enemy lines\\readme.doc"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos beyond the call of duty\\coman_mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos beyond the call of duty\\Tutorial.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos strike force\\CommXPC.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos strike force\\readme.rtf"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos 2 men of courage\\comm2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos 2 men of courage\\Readme.rtf"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos 3 destination berlin\\commandos3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos 3 destination berlin\\readme.rtf"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\enemy territory quake wars\\etqw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal ii the awakening\\System\\Unreal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal gold\\System\\Unreal.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Dungeon Defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\duke nukem forever\\System\\DukeForever.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Games\\StarCraft II\\StarCraft II Public Test.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1544\\Agent.exe"=
"c:\\Program Files\\StarCraft II 2012 Beta\\StarCraft II Beta.exe"=
"c:\\Games\\StarCraft II\\Versions\\Base23260\\SC2.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2012.SP5c\\RpcAgentSrv.exe"=
"c:\\Documents and Settings\\leegnd\\Desktop\\mongoose-3.6.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1637\\Agent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2012.SP5c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [9/30/2007 9:27 AM 210224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/15/2013 8:59 PM 31576]
R1 sepdrv;sepdrv;c:\windows\system32\drivers\sepdrv.sys [3/15/2007 3:20 AM 77040]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [2/19/2013 4:02 AM 1418184]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:07 AM 35088]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 11:38 AM 3289208]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [3/15/2013 8:59 PM 945328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30944]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30944]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [6/4/2011 1:14 PM 115808]
S3 cpuz126;cpuz126; [x]
S3 cpuz130;cpuz130;\??\c:\docume~1\leegnd\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\leegnd\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [3/14/2013 1:46 AM 30616]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [9/30/2007 2:03 AM 31872]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [1/21/2013 1:25 AM 68760]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/19/2011 2:46 AM 26112]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [1/4/2012 7:28 AM 16128]
S3 vpn-x;VPN-X Virtual Network Interface Card(NIC);c:\windows\system32\drivers\vpn-x.sys [2/1/2012 10:58 PM 24960]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\VisualStudio\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGFWS
*NewlyCreated* - AVGIDSHX
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 03:03    1629648    ----a-w-    c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 06:28]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 05:30]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 05:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={D9021910-EBAF-406A-9F0E-3A86D417C71E}&mid=55c999d6e22c47d18131d156fae57592-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=pr&d=&v=&pid=safeguard&sg=&sap=hp
FF - ExtSQL: 2013-02-20 22:06; firebug@software.joehewitt.com; c:\documents and settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-03-15 20:59; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
SafeBoot-47337503.sys
SafeBoot-88488473.sys
AddRemove-Blaze Media Pro - c:\documents and settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}\setup_blazemp.exe
AddRemove-sl-dlc - c:\program files\OApps\sl-dlc_uninstall.exe
AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\documents and settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}\setup_blazemp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-15 21:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1284227242-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E25F33C8-50F7-8981-BAE9-4A0A7A7509CC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaenkbdigpkodbenjf"=hex:63,62,68,6f,69,62,61,63,64,68,6d,62,6c,64,6b,6d,68,68,
   70,6a,6e,6f,6b,6f,64,61,61,64,62,63,6b,6c,6d,67,64,63,63,6c,00,00
"haknbjbdengpppeh"=hex:63,62,68,6f,69,62,61,63,64,68,6b,62,6f,66,6e,6b,66,6f,
   6e,65,63,69,69,69,6a,70,61,6a,64,69,6b,6e,61,67,6b,6d,62,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(9300)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-15  21:34:01 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-16 04:33
ComboFix2.txt  2013-03-13 07:51
ComboFix3.txt  2013-03-12 09:01
ComboFix4.txt  2011-07-11 21:24
.
Pre-Run: 199,761,924,096 bytes free
Post-Run: 199,892,885,504 bytes free
.
- - End Of File - - CA1E2590843E2EB0050F0EAFED505434



Everything went through ok; but I still get redirected.  I had to re-install AVG so that I would be able to disable the antivirus; otherwise combofix would complain that it was running and I had no means of turning it off since the buttons were disbled.


Edited by tichris08, 15 March 2013 - 11:39 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 16 March 2013 - 12:14 AM

Hello tichris08


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo

Edited by gringo_pr, 16 March 2013 - 12:15 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 16 March 2013 - 12:28 AM

22:23:42.0515 2784  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:23:44.0515 2784  ============================================================
22:23:44.0515 2784  Current date / time: 2013/03/15 22:23:44.0515
22:23:44.0515 2784  SystemInfo:
22:23:44.0515 2784  
22:23:44.0515 2784  OS Version: 5.1.2600 ServicePack: 3.0
22:23:44.0515 2784  Product type: Workstation
22:23:44.0531 2784  ComputerName: HOMER
22:23:44.0531 2784  UserName: leegnd
22:23:44.0531 2784  Windows directory: C:\WINDOWS
22:23:44.0531 2784  System windows directory: C:\WINDOWS
22:23:44.0531 2784  Processor architecture: Intel x86
22:23:44.0531 2784  Number of processors: 8
22:23:44.0531 2784  Page size: 0x1000
22:23:44.0531 2784  Boot type: Normal boot
22:23:44.0531 2784  ============================================================
22:24:06.0093 2784  BG loaded
22:24:07.0078 2784  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:24:07.0109 2784  ============================================================
22:24:07.0109 2784  \Device\Harddisk0\DR0:
22:24:07.0109 2784  MBR partitions:
22:24:07.0109 2784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:24:07.0109 2784  ============================================================
22:24:11.0015 2784  C: <-> \Device\Harddisk0\DR0\Partition1
22:24:11.0062 2784  ============================================================
22:24:11.0062 2784  Initialize success
22:24:11.0062 2784  ============================================================
22:24:24.0484 3536  ============================================================
22:24:24.0484 3536  Scan started
22:24:24.0484 3536  Mode: Manual; SigCheck; TDLFS;
22:24:24.0484 3536  ============================================================
22:24:30.0390 3536  ================ Scan system memory ========================
22:24:30.0390 3536  System memory - ok
22:24:30.0390 3536  ================ Scan services =============================
22:24:33.0406 3536  Abiosdsk - ok
22:24:33.0406 3536  abp480n5 - ok
22:24:33.0437 3536  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:24:37.0406 3536  ACPI - ok
22:24:37.0421 3536  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:24:37.0562 3536  ACPIEC - ok
22:24:37.0656 3536  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:24:37.0671 3536  AdobeFlashPlayerUpdateSvc - ok
22:24:37.0671 3536  adpu160m - ok
22:24:37.0718 3536  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:24:37.0781 3536  aec - ok
22:24:37.0875 3536  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:24:37.0953 3536  AFD - ok
22:24:37.0968 3536  Aha154x - ok
22:24:37.0968 3536  aic78u2 - ok
22:24:37.0968 3536  aic78xx - ok
22:24:38.0000 3536  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:24:38.0078 3536  Alerter - ok
22:24:38.0093 3536  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
22:24:38.0156 3536  ALG - ok
22:24:38.0156 3536  AliIde - ok
22:24:38.0218 3536  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD          C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
22:24:38.0250 3536  AmdLLD - ok
22:24:38.0312 3536  amsint - ok
22:24:38.0406 3536  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:24:38.0421 3536  Apple Mobile Device - ok
22:24:38.0453 3536  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
22:24:38.0515 3536  AppMgmt - ok
22:24:38.0578 3536  AresChatServer - ok
22:24:38.0593 3536  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:24:38.0656 3536  Arp1394 - ok
22:24:38.0687 3536  asc - ok
22:24:38.0687 3536  asc3350p - ok
22:24:38.0703 3536  asc3550 - ok
22:24:38.0734 3536  [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5         C:\WINDOWS\system32\ASNDIS5.SYS
22:24:38.0750 3536  ASNDIS5 ( UnsignedFile.Multi.Generic ) - warning
22:24:38.0750 3536  ASNDIS5 - detected UnsignedFile.Multi.Generic (1)
22:24:38.0890 3536  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:24:39.0046 3536  aspnet_state - ok
22:24:39.0078 3536  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:24:39.0218 3536  AsyncMac - ok
22:24:39.0250 3536  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:24:39.0343 3536  atapi - ok
22:24:39.0343 3536  Atdisk - ok
22:24:39.0484 3536  [ 368BE3DB3A6B9621DF51216D323CDA23 ] ATI Remote Wonder II C:\WINDOWS\system32\drivers\ATIRWVD.SYS
22:24:39.0578 3536  ATI Remote Wonder II - ok
22:24:39.0609 3536  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:24:39.0687 3536  Atmarpc - ok
22:24:39.0812 3536  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:24:39.0906 3536  AudioSrv - ok
22:24:40.0078 3536  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:24:40.0203 3536  audstub - ok
22:24:40.0312 3536  [ 5A3DF3C98F3883394F8E4B703EB270CA ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
22:24:40.0359 3536  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:24:40.0359 3536  Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:24:40.0390 3536  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:24:40.0421 3536  Avgfwdx - ok
22:24:40.0421 3536  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:24:40.0437 3536  Avgfwfd - ok
22:24:42.0218 3536  [ DC4739DD82EAFD85299B4E87B5F63207 ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe
22:24:42.0343 3536  avgfws - ok
22:24:43.0156 3536  [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
22:24:43.0265 3536  AVGIDSAgent - ok
22:24:43.0406 3536  [ 1A2213B7D94944861449CB07BF2D099E ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
22:24:43.0421 3536  AVGIDSDriver - ok
22:24:43.0437 3536  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
22:24:43.0453 3536  AVGIDSHX - ok
22:24:43.0500 3536  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
22:24:43.0515 3536  AVGIDSShim - ok
22:24:43.0531 3536  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:24:43.0546 3536  Avgldx86 - ok
22:24:43.0625 3536  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
22:24:43.0656 3536  Avglogx - ok
22:24:43.0671 3536  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:24:43.0703 3536  Avgmfx86 - ok
22:24:43.0859 3536  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:24:43.0875 3536  Avgrkx86 - ok
22:24:43.0921 3536  [ 52448A41CF1769CB3627677A0509627B ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:24:43.0937 3536  Avgtdix - ok
22:24:43.0968 3536  [ 3FCF9368255525FDD929A48B2AA9EDF4 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
22:24:44.0000 3536  avgtp - ok
22:24:44.0078 3536  [ DC98337F0D2A9F6C0B6FB682297ECE3B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
22:24:44.0093 3536  avgwd - ok
22:24:44.0125 3536  [ 1BAB373A270207F600C9CF8F167F3F03 ] BazisVirtualCDBus C:\WINDOWS\system32\DRIVERS\BazisVirtualCDBus.sys
22:24:44.0156 3536  BazisVirtualCDBus - ok
22:24:44.0218 3536  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:24:44.0296 3536  Beep - ok
22:24:44.0328 3536  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:24:44.0484 3536  BITS - ok
22:24:44.0593 3536  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:24:44.0625 3536  Bonjour Service - ok
22:24:44.0656 3536  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
22:24:44.0781 3536  Browser - ok
22:24:45.0000 3536  catchme - ok
22:24:45.0078 3536  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:24:45.0187 3536  cbidf2k - ok
22:24:45.0281 3536  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
22:24:45.0312 3536  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
22:24:45.0312 3536  CCALib8 - detected UnsignedFile.Multi.Generic (1)
22:24:45.0343 3536  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:24:45.0421 3536  CCDECODE - ok
22:24:45.0421 3536  cd20xrnt - ok
22:24:45.0453 3536  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:24:45.0531 3536  Cdaudio - ok
22:24:45.0578 3536  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:24:45.0640 3536  Cdfs - ok
22:24:45.0703 3536  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:24:45.0796 3536  Cdrom - ok
22:24:45.0796 3536  Changer - ok
22:24:45.0812 3536  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:24:45.0890 3536  CiSvc - ok
22:24:45.0906 3536  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:24:45.0984 3536  ClipSrv - ok
22:24:46.0000 3536  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:46.0203 3536  clr_optimization_v2.0.50727_32 - ok
22:24:46.0437 3536  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:46.0453 3536  clr_optimization_v4.0.30319_32 - ok
22:24:46.0453 3536  CmdIde - ok
22:24:46.0453 3536  COMSysApp - ok
22:24:46.0453 3536  Cpqarray - ok
22:24:46.0468 3536  cpuz126 - ok
22:24:46.0468 3536  cpuz130 - ok
22:24:46.0500 3536  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:24:46.0593 3536  CryptSvc - ok
22:24:46.0593 3536  dac2w2k - ok
22:24:46.0593 3536  dac960nt - ok
22:24:46.0656 3536  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:24:46.0734 3536  DcomLaunch - ok
22:24:46.0781 3536  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:24:46.0859 3536  Dhcp - ok
22:24:46.0859 3536  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:24:47.0000 3536  Disk - ok
22:24:47.0015 3536  dmadmin - ok
22:24:47.0093 3536  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:24:52.0484 3536  dmboot - ok
22:24:52.0515 3536  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:24:52.0609 3536  dmio - ok
22:24:52.0625 3536  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:24:52.0687 3536  dmload - ok
22:24:52.0734 3536  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:24:52.0828 3536  dmserver - ok
22:24:52.0828 3536  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:24:52.0906 3536  DMusic - ok
22:24:52.0937 3536  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:24:53.0078 3536  Dnscache - ok
22:24:53.0109 3536  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:24:53.0187 3536  Dot3svc - ok
22:24:53.0187 3536  dpti2o - ok
22:24:53.0218 3536  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:24:53.0281 3536  drmkaud - ok
22:24:53.0281 3536  dsNcAdpt - ok
22:24:53.0312 3536  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:24:53.0421 3536  EapHost - ok
22:24:53.0468 3536  [ 6E883BF518296A40959131C2304AF714 ] EL90XBC         C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
22:24:53.0546 3536  EL90XBC - ok
22:24:53.0578 3536  [ 16EBD8BF1D5090923694CC972C7CE1B4 ] ENTECH          C:\WINDOWS\system32\drivers\ENTECH.sys
22:24:53.0609 3536  ENTECH - ok
22:24:53.0640 3536  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:24:53.0718 3536  ERSvc - ok
22:24:53.0796 3536  esgiguard - ok
22:24:53.0843 3536  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
22:24:53.0890 3536  Eventlog - ok
22:24:53.0953 3536  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
22:24:54.0000 3536  EventSystem - ok
22:24:54.0031 3536  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:24:54.0109 3536  Fastfat - ok
22:24:54.0156 3536  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:24:54.0281 3536  FastUserSwitchingCompatibility - ok
22:24:54.0296 3536  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
22:24:54.0390 3536  Fdc - ok
22:24:54.0421 3536  [ 50104C5F1EE1E295781CAF9521CA2E56 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
22:24:54.0437 3536  FilterService - ok
22:24:54.0484 3536  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:24:54.0562 3536  Fips - ok
22:24:54.0578 3536  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
22:24:54.0656 3536  Flpydisk - ok
22:24:54.0687 3536  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:24:54.0796 3536  FltMgr - ok
22:24:54.0875 3536  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:24:54.0906 3536  FontCache3.0.0.0 - ok
22:24:54.0937 3536  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:24:55.0015 3536  Fs_Rec - ok
22:24:55.0015 3536  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:24:55.0109 3536  Ftdisk - ok
22:24:55.0140 3536  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:24:55.0156 3536  GEARAspiWDM - ok
22:24:55.0156 3536  GMSIPCI - ok
22:24:55.0203 3536  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:24:55.0312 3536  Gpc - ok
22:24:55.0375 3536  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:24:55.0375 3536  gupdate - ok
22:24:55.0375 3536  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:24:55.0390 3536  gupdatem - ok
22:24:55.0421 3536  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:24:55.0500 3536  HDAudBus - ok
22:24:55.0593 3536  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:24:55.0640 3536  helpsvc - ok
22:24:55.0687 3536  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:24:55.0750 3536  HidServ - ok
22:24:55.0796 3536  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:24:55.0875 3536  HidUsb - ok
22:24:55.0921 3536  [ 7EAB073BF5949ED639660787A01B623D ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
22:24:55.0968 3536  hitmanpro37 - ok
22:24:55.0984 3536  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:24:56.0062 3536  hkmsvc - ok
22:24:56.0062 3536  hpn - ok
22:24:56.0125 3536  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:24:56.0187 3536  HTTP - ok
22:24:56.0203 3536  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:24:56.0296 3536  HTTPFilter - ok
22:24:56.0296 3536  i2omgmt - ok
22:24:56.0296 3536  i2omp - ok
22:24:56.0343 3536  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:24:56.0421 3536  i8042prt - ok
22:24:56.0484 3536  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:24:56.0687 3536  idsvc - ok
22:24:56.0703 3536  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:24:56.0796 3536  Imapi - ok
22:24:56.0828 3536  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:24:56.0890 3536  ImapiService - ok
22:24:56.0906 3536  ini910u - ok
22:24:57.0046 3536  [ FB4293B1EAB313C28D4A1B8DB61ACA72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:24:57.0328 3536  IntcAzAudAddService - ok
22:24:57.0343 3536  IntelIde - ok
22:24:57.0375 3536  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:24:57.0421 3536  intelppm - ok
22:24:57.0531 3536  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:24:57.0562 3536  IntuitUpdateService - ok
22:24:57.0609 3536  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:24:57.0609 3536  IntuitUpdateServiceV4 - ok
22:24:57.0609 3536  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:24:57.0703 3536  Ip6Fw - ok
22:24:57.0718 3536  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:24:57.0765 3536  IpFilterDriver - ok
22:24:57.0781 3536  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:24:57.0843 3536  IpInIp - ok
22:24:57.0875 3536  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:24:57.0937 3536  IpNat - ok
22:24:57.0984 3536  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:24:58.0031 3536  iPod Service - ok
22:24:58.0031 3536  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:24:58.0093 3536  IPSec - ok
22:24:58.0093 3536  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:24:58.0140 3536  IRENUM - ok
22:24:58.0156 3536  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:24:58.0218 3536  isapnp - ok
22:24:58.0265 3536  [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
22:24:58.0265 3536  JavaQuickStarterService - ok
22:24:58.0296 3536  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:24:58.0359 3536  Kbdclass - ok
22:24:58.0390 3536  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:24:58.0437 3536  kbdhid - ok
22:24:58.0468 3536  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:24:58.0546 3536  kmixer - ok
22:24:58.0562 3536  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:24:58.0625 3536  KSecDD - ok
22:24:58.0656 3536  [ DC61F15187372D164769C841655E58F3 ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
22:24:58.0671 3536  L8042Kbd - ok
22:24:58.0671 3536  [ CB6E007D3A67CB80EE9DF2AFD4B0FC9D ] L8042mou        C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
22:24:58.0687 3536  L8042mou - ok
22:24:58.0718 3536  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:24:58.0750 3536  lanmanserver - ok
22:24:58.0796 3536  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:24:58.0828 3536  lanmanworkstation - ok
22:24:58.0828 3536  lbrtfdc - ok
22:24:58.0843 3536  [ DD83DC92463FCE6324FD30A13D17D0DA ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:24:58.0859 3536  LHidFilt - ok
22:24:58.0875 3536  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:24:58.0953 3536  LmHosts - ok
22:24:58.0953 3536  [ 8FE0008E183FF0293A925B78A5581C5F ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:24:58.0968 3536  LMouFilt - ok
22:24:58.0968 3536  [ 58597A99792461E89BB5C44E17508D70 ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
22:24:58.0984 3536  LMouKE - ok
22:24:59.0000 3536  [ 081CAF42D5DB1FCF8794FD77BEFD1B11 ] lusbaudio       C:\WINDOWS\system32\drivers\OVSound2.sys
22:24:59.0078 3536  lusbaudio - ok
22:24:59.0140 3536  [ 38440FE1A65B1FE3D246C5C4CAD22F53 ] LVCOMSer        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
22:24:59.0156 3536  LVCOMSer - ok
22:24:59.0171 3536  [ A6919138F29AE45E90E99FA94737E04C ] LVPr2Mon        C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
22:24:59.0171 3536  LVPr2Mon - ok
22:24:59.0171 3536  [ 28BD0E4B6C050B591B8CB35B9AD284E6 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:24:59.0187 3536  LVPrcSrv - ok
22:24:59.0234 3536  [ B895839B8743E400D7C7DAE156F74E7E ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
22:24:59.0250 3536  LVRS - ok
22:24:59.0281 3536  [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta        C:\WINDOWS\system32\drivers\LVUSBSta.sys
22:24:59.0296 3536  LVUSBSta - ok
22:24:59.0406 3536  [ 8BC0D5F6E3898F465A94C6D03AFB5A20 ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:24:59.0500 3536  LVUVC - ok
22:24:59.0593 3536  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:24:59.0671 3536  Messenger - ok
22:24:59.0781 3536  [ AA0C4A2C33CE075DF2C272D678734991 ] mi-raysat_3dsmax8 C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
22:24:59.0812 3536  mi-raysat_3dsmax8 ( UnsignedFile.Multi.Generic ) - warning
22:24:59.0812 3536  mi-raysat_3dsmax8 - detected UnsignedFile.Multi.Generic (1)
22:24:59.0859 3536  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:24:59.0921 3536  mnmdd - ok
22:24:59.0937 3536  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
22:25:00.0015 3536  mnmsrvc - ok
22:25:00.0031 3536  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:25:00.0093 3536  Modem - ok
22:25:00.0109 3536  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:25:00.0187 3536  Mouclass - ok
22:25:00.0187 3536  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:25:00.0265 3536  mouhid - ok
22:25:00.0281 3536  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:25:00.0359 3536  MountMgr - ok
22:25:00.0390 3536  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:25:00.0421 3536  MozillaMaintenance - ok
22:25:00.0421 3536  mraid35x - ok
22:25:00.0421 3536  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:25:00.0468 3536  MRxDAV - ok
22:25:00.0500 3536  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:25:00.0546 3536  MRxSmb - ok
22:25:00.0562 3536  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
22:25:00.0609 3536  MSDTC - ok
22:25:00.0609 3536  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:25:00.0671 3536  Msfs - ok
22:25:00.0671 3536  MSIServer - ok
22:25:00.0671 3536  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:25:00.0734 3536  MSKSSRV - ok
22:25:00.0734 3536  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:25:00.0796 3536  MSPCLOCK - ok
22:25:00.0796 3536  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:25:00.0875 3536  MSPQM - ok
22:25:00.0875 3536  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:25:00.0937 3536  mssmbios - ok
22:25:00.0953 3536  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:25:01.0000 3536  MSTEE - ok
22:25:01.0171 3536  [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80       C:\Program Files\VisualStudio\Common7\IDE\Remote Debugger\x86\msvsmon.exe
22:25:01.0234 3536  msvsmon80 - ok
22:25:01.0250 3536  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:25:01.0312 3536  Mup - ok
22:25:01.0312 3536  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:25:01.0375 3536  NABTSFEC - ok
22:25:01.0453 3536  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:25:01.0531 3536  napagent - ok
22:25:01.0546 3536  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:25:01.0625 3536  NDIS - ok
22:25:01.0625 3536  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:25:01.0687 3536  NdisIP - ok
22:25:01.0718 3536  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:25:01.0781 3536  NdisTapi - ok
22:25:01.0781 3536  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:25:01.0859 3536  Ndisuio - ok
22:25:01.0859 3536  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:25:01.0921 3536  NdisWan - ok
22:25:01.0953 3536  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:25:01.0984 3536  NDProxy - ok
22:25:01.0984 3536  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:25:02.0062 3536  NetBIOS - ok
22:25:02.0093 3536  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:25:02.0156 3536  NetBT - ok
22:25:02.0171 3536  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:25:02.0250 3536  NetDDE - ok
22:25:02.0250 3536  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:25:02.0500 3536  NetDDEdsdm - ok
22:25:02.0515 3536  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:25:02.0593 3536  Netlogon - ok
22:25:02.0640 3536  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
22:25:02.0687 3536  Netman - ok
22:25:02.0718 3536  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:25:02.0859 3536  NetTcpPortSharing - ok
22:25:02.0890 3536  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:25:02.0953 3536  NIC1394 - ok
22:25:03.0000 3536  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:25:03.0000 3536  Nla - ok
22:25:03.0000 3536  [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm              C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:25:03.0078 3536  nm - ok
22:25:03.0109 3536  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
22:25:03.0125 3536  NPF - ok
22:25:03.0125 3536  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:25:03.0171 3536  Npfs - ok
22:25:03.0203 3536  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:25:03.0281 3536  Ntfs - ok
22:25:03.0281 3536  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
22:25:03.0343 3536  NtLmSsp - ok
22:25:03.0359 3536  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:25:03.0437 3536  NtmsSvc - ok
22:25:03.0468 3536  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:25:03.0546 3536  Null - ok
22:25:03.0859 3536  [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:25:04.0328 3536  nv - ok
22:25:04.0375 3536  [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata           C:\WINDOWS\system32\DRIVERS\nvata.sys
22:25:04.0421 3536  nvata - ok
22:25:04.0421 3536  [ 69033CEF4B268858E96197AA93C73BD8 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:25:04.0468 3536  NVENETFD - ok
22:25:04.0468 3536  [ 06C4F3194C5DA021563D3017FED3164B ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:25:04.0500 3536  nvnetbus - ok
22:25:04.0531 3536  [ 971B4344ABA9B79ED0E9D0BB2A5283C1 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
22:25:04.0531 3536  NVSvc - ok
22:25:04.0640 3536  [ 4CDE6D8E0A07DCE9E568F58A5DC8086C ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:25:04.0687 3536  nvUpdatusService - ok
22:25:04.0750 3536  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:25:04.0828 3536  NwlnkFlt - ok
22:25:04.0843 3536  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:25:04.0937 3536  NwlnkFwd - ok
22:25:05.0250 3536  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:25:05.0359 3536  odserv - ok
22:25:05.0421 3536  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:25:05.0515 3536  ohci1394 - ok
22:25:05.0578 3536  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:25:05.0640 3536  ose - ok
22:25:05.0656 3536  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
22:25:05.0750 3536  Parport - ok
22:25:05.0781 3536  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:25:05.0859 3536  PartMgr - ok
22:25:05.0906 3536  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:25:06.0000 3536  ParVdm - ok
22:25:06.0031 3536  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:25:06.0140 3536  PCI - ok
22:25:06.0140 3536  PCIDump - ok
22:25:06.0171 3536  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:25:06.0265 3536  PCIIde - ok
22:25:06.0281 3536  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:25:06.0375 3536  Pcmcia - ok
22:25:06.0375 3536  PDCOMP - ok
22:25:06.0375 3536  PDFRAME - ok
22:25:06.0375 3536  PDRELI - ok
22:25:06.0375 3536  PDRFRAME - ok
22:25:06.0375 3536  perc2 - ok
22:25:06.0375 3536  perc2hib - ok
22:25:06.0406 3536  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
22:25:06.0437 3536  PlugPlay - ok
22:25:06.0484 3536  [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
22:25:06.0500 3536  PnkBstrA - ok
22:25:06.0546 3536  [ CEBDF70A57E8358C8A8F3E8400714C4C ] PnkBstrB        C:\WINDOWS\system32\PnkBstrB.exe
22:25:06.0562 3536  PnkBstrB - ok
22:25:06.0578 3536  [ 799FCCEA58F7A1990B2E0E8A8B85FB19 ] PnkBstrK        C:\WINDOWS\system32\drivers\PnkBstrK.sys
22:25:06.0609 3536  PnkBstrK - ok
22:25:06.0609 3536  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:25:07.0562 3536  PolicyAgent - ok
22:25:07.0609 3536  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:25:07.0687 3536  PptpMiniport - ok
22:25:07.0718 3536  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:25:07.0765 3536  ProtectedStorage - ok
22:25:07.0828 3536  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:25:07.0906 3536  PSched - ok
22:25:07.0953 3536  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:25:08.0031 3536  Ptilink - ok
22:25:08.0078 3536  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:25:08.0093 3536  PxHelp20 - ok
22:25:08.0140 3536  [ 90849934D37133E069F31F3E9A66C9BC ] QCEmerald       C:\WINDOWS\system32\DRIVERS\OVCE.sys
22:25:08.0218 3536  QCEmerald - ok
22:25:08.0218 3536  ql1080 - ok
22:25:08.0218 3536  Ql10wnt - ok
22:25:08.0218 3536  ql12160 - ok
22:25:08.0218 3536  ql1240 - ok
22:25:08.0218 3536  ql1280 - ok
22:25:08.0250 3536  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:25:08.0296 3536  RasAcd - ok
22:25:08.0343 3536  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:25:08.0390 3536  RasAuto - ok
22:25:08.0453 3536  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:25:08.0531 3536  Rasl2tp - ok
22:25:08.0578 3536  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:25:08.0625 3536  RasMan - ok
22:25:08.0625 3536  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:25:08.0718 3536  RasPppoe - ok
22:25:08.0718 3536  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:25:08.0781 3536  Raspti - ok
22:25:08.0796 3536  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:25:08.0859 3536  Rdbss - ok
22:25:08.0859 3536  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:25:08.0937 3536  RDPCDD - ok
22:25:08.0937 3536  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:25:09.0000 3536  rdpdr - ok
22:25:09.0031 3536  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:25:09.0078 3536  RDPWD - ok
22:25:09.0109 3536  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:25:09.0156 3536  RDSessMgr - ok
22:25:09.0187 3536  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:25:09.0250 3536  redbook - ok
22:25:09.0281 3536  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:25:09.0343 3536  RemoteAccess - ok
22:25:09.0359 3536  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:25:09.0406 3536  RemoteRegistry - ok
22:25:09.0500 3536  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
22:25:09.0515 3536  rpcapd - ok
22:25:09.0515 3536  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:25:09.0593 3536  RpcLocator - ok
22:25:09.0625 3536  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:25:09.0656 3536  RpcSs - ok
22:25:09.0671 3536  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
22:25:09.0718 3536  RSVP - ok
22:25:09.0765 3536  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:25:09.0812 3536  rtl8139 - ok
22:25:09.0843 3536  [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:25:09.0890 3536  RTLE8023xp - ok
22:25:09.0906 3536  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:25:09.0953 3536  SamSs - ok
22:25:10.0062 3536  [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\Sandra.sys
22:25:10.0078 3536  SANDRA - ok
22:25:10.0093 3536  [ 5FDF2605205C73E05316795DCC6663EC ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe
22:25:10.0093 3536  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
22:25:10.0093 3536  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
22:25:10.0093 3536  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:25:10.0171 3536  SCardSvr - ok
22:25:10.0203 3536  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:25:10.0250 3536  Schedule - ok
22:25:10.0296 3536  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:25:10.0343 3536  Secdrv - ok
22:25:10.0343 3536  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:25:10.0406 3536  seclogon - ok
22:25:10.0406 3536  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
22:25:10.0453 3536  SENS - ok
22:25:10.0484 3536  [ 04320220D3312BC881C255A84265DAFF ] sepdrv          C:\WINDOWS\system32\drivers\sepdrv.sys
22:25:10.0500 3536  sepdrv - ok
22:25:10.0531 3536  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
22:25:10.0593 3536  serenum - ok
22:25:10.0593 3536  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
22:25:10.0656 3536  Serial - ok
22:25:10.0687 3536  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:25:10.0734 3536  Sfloppy - ok
22:25:10.0781 3536  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:25:10.0843 3536  SharedAccess - ok
22:25:10.0859 3536  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:25:10.0890 3536  ShellHWDetection - ok
22:25:10.0921 3536  [ 7471CF7CBB4CC7D92FDB7F6527A9008C ] Si3531          C:\WINDOWS\system32\DRIVERS\Si3531.sys
22:25:10.0937 3536  Si3531 - ok
22:25:10.0953 3536  [ 72CF151FB410E544904DBC7D7F29B796 ] SiFilter        C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
22:25:11.0000 3536  SiFilter - ok
22:25:11.0000 3536  Simbad - ok
22:25:11.0000 3536  [ 41A59F484188BE629087BA391FF60D74 ] SiRemFil        C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
22:25:11.0031 3536  SiRemFil - ok
22:25:11.0609 3536  [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:25:11.0765 3536  Skype C2C Service - ok
22:25:11.0937 3536  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:25:11.0937 3536  SkypeUpdate - ok
22:25:11.0968 3536  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:25:12.0046 3536  SLIP - ok
22:25:12.0046 3536  Sparrow - ok
22:25:12.0078 3536  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:25:12.0156 3536  splitter - ok
22:25:12.0218 3536  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:25:12.0281 3536  Spooler - ok
22:25:12.0312 3536  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:25:12.0406 3536  sr - ok
22:25:12.0500 3536  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:25:12.0531 3536  srservice - ok
22:25:12.0609 3536  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:25:12.0703 3536  Srv - ok
22:25:12.0734 3536  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:25:12.0796 3536  SSDPSRV - ok
22:25:12.0921 3536  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:25:13.0046 3536  stisvc - ok
22:25:13.0093 3536  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:25:13.0187 3536  streamip - ok
22:25:13.0203 3536  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:25:13.0281 3536  swenum - ok
22:25:13.0296 3536  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:25:13.0375 3536  swmidi - ok
22:25:13.0375 3536  SwPrv - ok
22:25:13.0375 3536  symc810 - ok
22:25:13.0375 3536  symc8xx - ok
22:25:13.0375 3536  sym_hi - ok
22:25:13.0375 3536  sym_u3 - ok
22:25:13.0421 3536  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:25:13.0500 3536  sysaudio - ok
22:25:14.0234 3536  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:25:14.0359 3536  SysmonLog - ok
22:25:14.0437 3536  [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
22:25:14.0453 3536  tap0901 ( UnsignedFile.Multi.Generic ) - warning
22:25:14.0453 3536  tap0901 - detected UnsignedFile.Multi.Generic (1)
22:25:14.0531 3536  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:25:14.0609 3536  TapiSrv - ok
22:25:14.0656 3536  [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas          C:\WINDOWS\system32\DRIVERS\tapoas.sys
22:25:14.0718 3536  tapoas ( UnsignedFile.Multi.Generic ) - warning
22:25:14.0718 3536  tapoas - detected UnsignedFile.Multi.Generic (1)
22:25:14.0953 3536  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:25:15.0062 3536  Tcpip - ok
22:25:15.0109 3536  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:25:15.0234 3536  TDPIPE - ok
22:25:15.0265 3536  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:25:15.0359 3536  TDTCP - ok
22:25:15.0390 3536  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:25:15.0468 3536  TermDD - ok
22:25:15.0531 3536  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
22:25:15.0593 3536  TermService - ok
22:25:15.0640 3536  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:25:15.0656 3536  Themes - ok
22:25:15.0687 3536  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
22:25:15.0734 3536  TlntSvr - ok
22:25:15.0734 3536  TosIde - ok
22:25:15.0765 3536  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:25:15.0921 3536  TrkWks - ok
22:25:15.0984 3536  [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\WINDOWS\system32\DRIVERS\gtkdrv.sys
22:25:16.0015 3536  TrojanKillerDriver - ok
22:25:16.0046 3536  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:25:16.0125 3536  Udfs - ok
22:25:16.0125 3536  ultra - ok
22:25:16.0218 3536  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:25:16.0312 3536  Update - ok
22:25:16.0375 3536  [ 3F9A3232E5F942874488981F3242C989 ] UPHClean        C:\Program Files\UPHClean\uphclean.exe
22:25:16.0406 3536  UPHClean ( UnsignedFile.Multi.Generic ) - warning
22:25:16.0406 3536  UPHClean - detected UnsignedFile.Multi.Generic (1)
22:25:16.0484 3536  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:25:16.0562 3536  upnphost - ok
22:25:16.0578 3536  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
22:25:16.0656 3536  UPS - ok
22:25:16.0687 3536  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
22:25:16.0750 3536  USBAAPL - ok
22:25:16.0781 3536  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
22:25:16.0859 3536  usbaudio - ok
22:25:16.0890 3536  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:25:16.0968 3536  usbccgp - ok
22:25:17.0000 3536  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:25:17.0078 3536  usbehci - ok
22:25:17.0125 3536  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:25:17.0187 3536  usbhub - ok
22:25:17.0218 3536  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:25:17.0296 3536  usbohci - ok
22:25:17.0312 3536  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:25:17.0390 3536  usbscan - ok
22:25:17.0421 3536  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:25:17.0500 3536  USBSTOR - ok
22:25:17.0546 3536  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:25:17.0625 3536  usbuhci - ok
22:25:17.0640 3536  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:25:17.0703 3536  VgaSave - ok
22:25:17.0718 3536  ViaIde - ok
22:25:17.0734 3536  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:25:18.0937 3536  VolSnap - ok
22:25:18.0968 3536  [ BD15A9D8EA928A9E4F4AAD22286EFEB5 ] vpn-x           C:\WINDOWS\system32\DRIVERS\vpn-x.sys
22:25:19.0000 3536  vpn-x ( UnsignedFile.Multi.Generic ) - warning
22:25:19.0000 3536  vpn-x - detected UnsignedFile.Multi.Generic (1)
22:25:19.0078 3536  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
22:25:19.0156 3536  VSS - ok
22:25:19.0515 3536  [ 6AE0A4978225CC6656D45504D6D78D0A ] vToolbarUpdater14.0.1 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
22:25:19.0562 3536  vToolbarUpdater14.0.1 - ok
22:25:19.0625 3536  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
22:25:19.0703 3536  W32Time - ok
22:25:19.0718 3536  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:25:19.0796 3536  Wanarp - ok
22:25:19.0875 3536  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:25:19.0937 3536  Wdf01000 - ok
22:25:19.0937 3536  WDICA - ok
22:25:19.0953 3536  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:25:20.0046 3536  wdmaud - ok
22:25:20.0093 3536  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:25:20.0171 3536  WebClient - ok
22:25:20.0265 3536  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:25:20.0343 3536  winmgmt - ok
22:25:20.0390 3536  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:25:20.0421 3536  WinUSB - ok
22:25:20.0468 3536  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:25:20.0593 3536  WmdmPmSN - ok
22:25:20.0687 3536  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
22:25:20.0750 3536  Wmi - ok
22:25:20.0796 3536  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:25:20.0859 3536  WmiAcpi - ok
22:25:20.0890 3536  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:25:21.0015 3536  WmiApSrv - ok
22:25:21.0140 3536  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
22:25:21.0296 3536  WMPNetworkSvc - ok
22:25:21.0562 3536  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:25:21.0687 3536  WPFFontCache_v0400 - ok
22:25:21.0718 3536  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:25:21.0796 3536  WS2IFSL - ok
22:25:21.0828 3536  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:25:21.0906 3536  wscsvc - ok
22:25:21.0937 3536  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:25:22.0015 3536  WSTCODEC - ok
22:25:22.0062 3536  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:25:22.0156 3536  wuauserv - ok
22:25:22.0203 3536  [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:25:22.0296 3536  WudfPf - ok
22:25:22.0328 3536  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:25:22.0390 3536  WudfRd - ok
22:25:22.0421 3536  [ 575A4190D989F64732119E4114045A4F ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:25:22.0468 3536  WudfSvc - ok
22:25:22.0531 3536  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:25:22.0625 3536  WZCSVC - ok
22:25:22.0640 3536  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:25:22.0875 3536  xmlprov - ok
22:25:22.0906 3536  [ 41CF36A3CC7786575247ED456918E112 ] XUIF            C:\WINDOWS\system32\Drivers\x10ufx2.sys
22:25:22.0953 3536  XUIF - ok
22:25:22.0968 3536  ================ Scan global ===============================
22:25:23.0000 3536  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:25:23.0046 3536  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:25:23.0062 3536  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:25:23.0093 3536  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:25:23.0093 3536  [Global] - ok
22:25:23.0093 3536  ================ Scan MBR ==================================
22:25:23.0109 3536  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:25:24.0203 3536  \Device\Harddisk0\DR0 - ok
22:25:24.0203 3536  ================ Scan VBR ==================================
22:25:24.0218 3536  [ BBB2BE80B2652B4323F8E5EF20C9F881 ] \Device\Harddisk0\DR0\Partition1
22:25:24.0218 3536  \Device\Harddisk0\DR0\Partition1 - ok
22:25:24.0218 3536  ================ Scan active images ========================
22:25:24.0218 3536  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
22:25:24.0218 3536  C:\WINDOWS\system32\drivers\intelppm.sys - ok
22:25:24.0218 3536  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
22:25:24.0218 3536  C:\WINDOWS\system32\drivers\videoprt.sys - ok
22:25:24.0218 3536  [ 0DC79B60CEDC3A8854C27B3C6E4B3414 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
22:25:24.0218 3536  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
22:25:24.0218 3536  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
22:25:24.0218 3536  C:\WINDOWS\system32\drivers\usbport.sys - ok
22:25:24.0218 3536  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
22:25:24.0218 3536  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
22:25:24.0218 3536  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
22:25:24.0218 3536  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
22:25:24.0218 3536  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\imapi.sys - ok
22:25:24.0234 3536  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\usbehci.sys - ok
22:25:24.0234 3536  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\cdrom.sys - ok
22:25:24.0234 3536  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\ks.sys - ok
22:25:24.0234 3536  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\redbook.sys - ok
22:25:24.0234 3536  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
22:25:24.0234 3536  [ F0A21C62B9B835E1C96268EAAE31D239 ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
22:25:24.0234 3536  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\nic1394.sys - ok
22:25:24.0234 3536  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
22:25:24.0234 3536  C:\WINDOWS\system32\drivers\serial.sys - ok
22:25:24.0250 3536  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\serenum.sys - ok
22:25:24.0250 3536  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
22:25:24.0250 3536  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
22:25:24.0250 3536  [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
22:25:24.0250 3536  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\audstub.sys - ok
22:25:24.0250 3536  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] C:\WINDOWS\system32\drivers\avgfwdx.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\avgfwdx.sys - ok
22:25:24.0250 3536  [ 23F8EF78BB9553E465A476F3CEE5CA18 ] C:\WINDOWS\system32\drivers\LVUSBSta.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\LVUSBSta.sys - ok
22:25:24.0250 3536  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
22:25:24.0250 3536  C:\WINDOWS\system32\drivers\usbd.sys - ok
22:25:24.0265 3536  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
22:25:24.0265 3536  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
22:25:24.0265 3536  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
22:25:24.0265 3536  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
22:25:24.0265 3536  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\tdi.sys - ok
22:25:24.0265 3536  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\msgpc.sys - ok
22:25:24.0265 3536  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\psched.sys - ok
22:25:24.0265 3536  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\raspptp.sys - ok
22:25:24.0265 3536  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
22:25:24.0265 3536  C:\WINDOWS\system32\drivers\mouclass.sys - ok
22:25:24.0281 3536  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\ptilink.sys - ok
22:25:24.0281 3536  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\raspti.sys - ok
22:25:24.0281 3536  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
22:25:24.0281 3536  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\swenum.sys - ok
22:25:24.0281 3536  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\termdd.sys - ok
22:25:24.0281 3536  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\update.sys - ok
22:25:24.0281 3536  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] C:\WINDOWS\system32\drivers\AmdLLD.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\AmdLLD.sys - ok
22:25:24.0281 3536  [ 368BE3DB3A6B9621DF51216D323CDA23 ] C:\WINDOWS\system32\drivers\atirwvd.sys
22:25:24.0281 3536  C:\WINDOWS\system32\drivers\atirwvd.sys - ok
22:25:24.0296 3536  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
22:25:24.0296 3536  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
22:25:24.0296 3536  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\usbhub.sys - ok
22:25:24.0296 3536  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\drmk.sys - ok
22:25:24.0296 3536  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\portcls.sys - ok
22:25:24.0296 3536  [ FB4293B1EAB313C28D4A1B8DB61ACA72 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
22:25:24.0296 3536  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
22:25:24.0296 3536  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\fdc.sys - ok
22:25:24.0296 3536  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
22:25:24.0296 3536  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
22:25:24.0312 3536  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
22:25:24.0312 3536  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
22:25:24.0312 3536  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\beep.sys - ok
22:25:24.0312 3536  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\null.sys - ok
22:25:24.0312 3536  [ 3FCF9368255525FDD929A48B2AA9EDF4 ] C:\WINDOWS\system32\drivers\avgtpx86.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\avgtpx86.sys - ok
22:25:24.0312 3536  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\hidparse.sys - ok
22:25:24.0312 3536  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
22:25:24.0312 3536  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
22:25:24.0312 3536  C:\WINDOWS\system32\drivers\vga.sys - ok
22:25:24.0328 3536  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
22:25:24.0328 3536  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
22:25:24.0328 3536  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\msfs.sys - ok
22:25:24.0328 3536  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\ipsec.sys - ok
22:25:24.0328 3536  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\npfs.sys - ok
22:25:24.0328 3536  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\rasacd.sys - ok
22:25:24.0328 3536  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\tcpip.sys - ok
22:25:24.0328 3536  [ 52448A41CF1769CB3627677A0509627B ] C:\WINDOWS\system32\drivers\avgtdix.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\avgtdix.sys - ok
22:25:24.0328 3536  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
22:25:24.0328 3536  C:\WINDOWS\system32\drivers\ipnat.sys - ok
22:25:24.0343 3536  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\netbt.sys - ok
22:25:24.0343 3536  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\wanarp.sys - ok
22:25:24.0343 3536  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\arp1394.sys - ok
22:25:24.0343 3536  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\afd.sys - ok
22:25:24.0343 3536  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\netbios.sys - ok
22:25:24.0343 3536  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\rdbss.sys - ok
22:25:24.0343 3536  [ 04320220D3312BC881C255A84265DAFF ] C:\WINDOWS\system32\drivers\sepdrv.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\sepdrv.sys - ok
22:25:24.0343 3536  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
22:25:24.0343 3536  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
22:25:24.0359 3536  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
22:25:24.0359 3536  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
22:25:24.0359 3536  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\fips.sys - ok
22:25:24.0359 3536  [ 081CAF42D5DB1FCF8794FD77BEFD1B11 ] C:\WINDOWS\system32\drivers\OVSound2.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\OVSound2.sys - ok
22:25:24.0359 3536  [ 3E5D89099DED9E86E5639F411693218F ] C:\WINDOWS\system32\drivers\stream.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\stream.sys - ok
22:25:24.0359 3536  [ 08FA13787D77A75DC413E27FD92B44E8 ] C:\WINDOWS\system32\drivers\avgldx86.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\avgldx86.sys - ok
22:25:24.0359 3536  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
22:25:24.0359 3536  [ 41CF36A3CC7786575247ED456918E112 ] C:\WINDOWS\system32\drivers\x10ufx2.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\x10ufx2.sys - ok
22:25:24.0359 3536  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
22:25:24.0359 3536  C:\WINDOWS\system32\drivers\hidclass.sys - ok
22:25:24.0375 3536  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\hidusb.sys - ok
22:25:24.0375 3536  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\mouhid.sys - ok
22:25:24.0375 3536  [ 50104C5F1EE1E295781CAF9521CA2E56 ] C:\WINDOWS\system32\drivers\lvuvcflt.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\lvuvcflt.sys - ok
22:25:24.0375 3536  [ 8BC0D5F6E3898F465A94C6D03AFB5A20 ] C:\WINDOWS\system32\drivers\lvuvc.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\lvuvc.sys - ok
22:25:24.0375 3536  [ E919708DB44ED8543A7C017953148330 ] C:\WINDOWS\system32\drivers\USBAUDIO.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\USBAUDIO.sys - ok
22:25:24.0375 3536  [ B895839B8743E400D7C7DAE156F74E7E ] C:\WINDOWS\system32\drivers\lvrs.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\lvrs.sys - ok
22:25:24.0375 3536  [ A426B2DC795531D99E2EE1952AEC051A ] C:\WINDOWS\system32\drivers\avgidsshimx.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\avgidsshimx.sys - ok
22:25:24.0375 3536  [ 1A2213B7D94944861449CB07BF2D099E ] C:\WINDOWS\system32\drivers\avgidsdriverx.sys
22:25:24.0375 3536  C:\WINDOWS\system32\drivers\avgidsdriverx.sys - ok
22:25:24.0390 3536  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
22:25:24.0390 3536  C:\WINDOWS\system32\smss.exe - ok
22:25:24.0390 3536  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
22:25:24.0390 3536  C:\WINDOWS\system32\ntdll.dll - ok
22:25:24.0390 3536  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
22:25:24.0390 3536  C:\WINDOWS\system32\autochk.exe - ok
22:25:24.0390 3536  [ B9CB6D4E5A30968330F6E32ACB945641 ] C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
22:25:24.0390 3536  C:\PROGRA~1\AVG\AVG2013\avgrsx.exe - ok
22:25:24.0390 3536  [ 3B3D5E94A5F24417BE2C179DDD883702 ] C:\Program Files\AVG\AVG2013\avgsysx.dll
22:25:24.0390 3536  C:\Program Files\AVG\AVG2013\avgsysx.dll - ok
22:25:24.0390 3536  [ AE4D9DC676A2517DEE3E51978BCFE47C ] C:\Program Files\AVG\AVG2013\avgntopensslx.dll
22:25:24.0390 3536  C:\Program Files\AVG\AVG2013\avgntopensslx.dll - ok
22:25:24.0390 3536  [ 21139ED432EFB4A8CDF715862DBDF9E0 ] C:\Program Files\AVG\AVG2013\avglogx.dll
22:25:24.0390 3536  C:\Program Files\AVG\AVG2013\avglogx.dll - ok
22:25:24.0390 3536  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
22:25:24.0390 3536  C:\WINDOWS\system32\drivers\cdfs.sys - ok
22:25:24.0390 3536  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
22:25:24.0390 3536  C:\WINDOWS\system32\msvcr100.dll - ok
22:25:24.0406 3536  [ 734E22CB61EC4BEDE5B08251C75B66A6 ] C:\Program Files\AVG\AVG2013\avgcorex.dll
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgcorex.dll - ok
22:25:24.0406 3536  [ 126B84EAB69BD5116CC5A89C5F9E23FF ] C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll - ok
22:25:24.0406 3536  [ BBAD10F039069325326CDA0A68D55356 ] C:\Program Files\AVG\AVG2013\avgcfgx.dll
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgcfgx.dll - ok
22:25:24.0406 3536  [ 7F2A2DDA32A0CDF28868864A87A05B23 ] C:\Program Files\AVG\AVG2013\avgsecapix.dll
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgsecapix.dll - ok
22:25:24.0406 3536  [ 54E4523A889C04CAA974543972961699 ] C:\Program Files\AVG\AVG2013\avgwd.dll
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgwd.dll - ok
22:25:24.0406 3536  [ 6EDBF91C10EE47AC4AC1C58E71F0245A ] C:\Program Files\AVG\AVG2013\avgkrnlapix.dll
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgkrnlapix.dll - ok
22:25:24.0406 3536  [ 32DFEEF66057184481ECC3C6116CE895 ] C:\Program Files\AVG\AVG2013\avgcertx.dll
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgcertx.dll - ok
22:25:24.0406 3536  [ C899F9459AF5358B7B9C3B6D19647B8B ] C:\Program Files\AVG\AVG2013\avgemcx.exe
22:25:24.0406 3536  C:\Program Files\AVG\AVG2013\avgemcx.exe - ok
22:25:24.0421 3536  [ 414F57444511B818DB23FA5CF89F3205 ] C:\Program Files\AVG\AVG2013\avgclitx.dll
22:25:24.0421 3536  C:\Program Files\AVG\AVG2013\avgclitx.dll - ok
22:25:24.0421 3536  [ 2FEF21EEE9934BB10165AA02E530183C ] C:\Program Files\AVG\AVG2013\avglngx.dll
22:25:24.0421 3536  C:\Program Files\AVG\AVG2013\avglngx.dll - ok
22:25:24.0421 3536  [ 4763CE0B8CF4CA355DB2FE6C74675DB8 ] C:\WINDOWS\system32\twext.dll
22:25:24.0421 3536  C:\WINDOWS\system32\twext.dll - ok
22:25:24.0421 3536  [ 2C58EB7106AB5316127CAAC366B5EC29 ] C:\Program Files\AVG\AVG2013\winspamcatcher.dll
22:25:24.0421 3536  C:\Program Files\AVG\AVG2013\winspamcatcher.dll - ok
22:25:24.0421 3536  [ DC98337F0D2A9F6C0B6FB682297ECE3B ] C:\Program Files\AVG\AVG2013\avgwdsvc.exe
22:25:24.0421 3536  C:\Program Files\AVG\AVG2013\avgwdsvc.exe - ok
22:25:24.0421 3536  [ 5BDB1E096DEA119A4D205ACB6E958175 ] C:\Program Files\AVG\AVG2013\avgopensslx.dll
22:25:24.0421 3536  C:\Program Files\AVG\AVG2013\avgopensslx.dll - ok
22:25:24.0421 3536  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
22:25:24.0421 3536  C:\WINDOWS\system32\msvcp100.dll - ok
22:25:24.0421 3536  [ 1931311AF80A54A4FE8F0862820FE015 ] C:\Program Files\AVG\AVG2013\avgwdwsc.dll
22:25:24.0421 3536  C:\Program Files\AVG\AVG2013\avgwdwsc.dll - ok
22:25:24.0421 3536  [ 099D9F937F6EE23672391B3A5BD6D7E5 ] C:\Program Files\AVG\AVG2013\avgntsqlitex.dll
22:25:24.0421 3536  C:\Program Files\AVG\AVG2013\avgntsqlitex.dll - ok
22:25:24.0437 3536  [ 6A0A8D20469EFD39A4A3463A88811A57 ] C:\Program Files\AVG\AVG2013\avgsched.dll
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgsched.dll - ok
22:25:24.0437 3536  [ 2E967B05E5D1EF57632819BDC54F19B1 ] C:\Program Files\AVG\AVG2013\avgchclx.dll
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgchclx.dll - ok
22:25:24.0437 3536  [ 6D2EDE5CC51FF35004BD07E9EF3E1996 ] C:\Program Files\AVG\AVG2013\avgcclix.dll
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgcclix.dll - ok
22:25:24.0437 3536  [ DC4739DD82EAFD85299B4E87B5F63207 ] C:\Program Files\AVG\AVG2013\avgfws.exe
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgfws.exe - ok
22:25:24.0437 3536  [ 40E12972BB73C2927E19553E30EAEE3C ] C:\Program Files\AVG\AVG2013\avgcommx.dll
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgcommx.dll - ok
22:25:24.0437 3536  [ E69A7AD873CAF58D3A39DD8B0DB94724 ] C:\Program Files\AVG\AVG2013\avgcslx.dll
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgcslx.dll - ok
22:25:24.0437 3536  [ 53B18D940D7155C49D507F076AF43554 ] C:\Program Files\AVG\AVG2013\avgcsrvx.exe
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgcsrvx.exe - ok
22:25:24.0437 3536  [ C68153ECC557A0C841D976543E493EF6 ] C:\Program Files\AVG\AVG2013\avgxpl.dll
22:25:24.0437 3536  C:\Program Files\AVG\AVG2013\avgxpl.dll - ok
22:25:24.0453 3536  [ 91CA748B04BF0E2CAB06BE29116E05C5 ] C:\Program Files\AVG\AVG2013\avgidpsdkx.dll
22:25:24.0453 3536  C:\Program Files\AVG\AVG2013\avgidpsdkx.dll - ok
22:25:24.0453 3536  [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] C:\Program Files\AVG\AVG2013\avgidsagent.exe
22:25:24.0453 3536  C:\Program Files\AVG\AVG2013\avgidsagent.exe - ok
22:25:24.0453 3536  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
22:25:24.0453 3536  C:\WINDOWS\system32\cnbjmon.dll - ok
22:25:24.0453 3536  [ D90FC006F04612E0486B0858CDADDA2E ] C:\WINDOWS\system32\dopdfmn5.dll
22:25:24.0453 3536  C:\WINDOWS\system32\dopdfmn5.dll - ok
22:25:24.0453 3536  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
22:25:24.0453 3536  C:\WINDOWS\system32\localspl.dll - ok
22:25:24.0453 3536  [ 95647F820CBC025676D7B407E2BCFBE6 ] C:\WINDOWS\system32\mdimon.dll
22:25:24.0453 3536  C:\WINDOWS\system32\mdimon.dll - ok
22:25:24.0453 3536  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
22:25:24.0453 3536  C:\WINDOWS\system32\spoolss.dll - ok
22:25:24.0453 3536  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
22:25:24.0453 3536  C:\WINDOWS\system32\inetpp.dll - ok
22:25:24.0468 3536  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
22:25:24.0468 3536  C:\WINDOWS\system32\pjlmon.dll - ok
22:25:24.0468 3536  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
22:25:24.0468 3536  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
22:25:24.0468 3536  [ 4424AE65F7AF8181AC99FE46BC2700C9 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
22:25:24.0468 3536  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
22:25:24.0468 3536  [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll
22:25:24.0468 3536  C:\WINDOWS\system32\srclient.dll - ok
22:25:24.0468 3536  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
22:25:24.0468 3536  C:\WINDOWS\system32\tcpmon.dll - ok
22:25:24.0468 3536  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
22:25:24.0468 3536  C:\WINDOWS\system32\usbmon.dll - ok
22:25:24.0468 3536  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
22:25:24.0468 3536  C:\WINDOWS\system32\win32spl.dll - ok
22:25:24.0468 3536  [ E365ABAA34D50987B33E02E53AEC30B4 ] C:\Program Files\AVG\AVG2013\avgnsx.exe
22:25:24.0468 3536  C:\Program Files\AVG\AVG2013\avgnsx.exe - ok
22:25:24.0468 3536  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
22:25:24.0468 3536  C:\WINDOWS\system32\oledlg.dll - ok
22:25:24.0484 3536  [ DD5A89274B47499CCFF7ADCA3A3C560E ] C:\WINDOWS\system32\ntoskrnl.exe
22:25:24.0484 3536  C:\WINDOWS\system32\ntoskrnl.exe - ok
22:25:24.0484 3536  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
22:25:24.0484 3536  C:\WINDOWS\system32\advapi32.dll - ok
22:25:24.0484 3536  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
22:25:24.0484 3536  C:\WINDOWS\system32\comdlg32.dll - ok
22:25:24.0484 3536  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
22:25:24.0484 3536  C:\WINDOWS\system32\gdi32.dll - ok
22:25:24.0484 3536  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
22:25:24.0484 3536  C:\WINDOWS\system32\imagehlp.dll - ok
22:25:24.0484 3536  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
22:25:24.0484 3536  C:\WINDOWS\system32\kernel32.dll - ok
22:25:24.0484 3536  [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
22:25:24.0484 3536  C:\WINDOWS\system32\lz32.dll - ok
22:25:24.0484 3536  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
22:25:24.0484 3536  C:\WINDOWS\system32\ole32.dll - ok
22:25:24.0484 3536  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
22:25:24.0484 3536  C:\WINDOWS\system32\oleaut32.dll - ok
22:25:24.0500 3536  [ FA1B9CAE64B23C950DA3D96ABBF23BD0 ] C:\WINDOWS\system32\olecli32.dll
22:25:24.0500 3536  C:\WINDOWS\system32\olecli32.dll - ok
22:25:24.0500 3536  [ 86440EDFF27095E03741AEDC5752AA51 ] C:\WINDOWS\system32\olecnv32.dll
22:25:24.0500 3536  C:\WINDOWS\system32\olecnv32.dll - ok
22:25:24.0500 3536  [ D8361BEAB7109AB8B069F7F5028E37B1 ] C:\WINDOWS\system32\olesvr32.dll
22:25:24.0500 3536  C:\WINDOWS\system32\olesvr32.dll - ok
22:25:24.0500 3536  [ AE9543F20FCC1E7BCAA13051CC076147 ] C:\WINDOWS\system32\olethk32.dll
22:25:24.0500 3536  C:\WINDOWS\system32\olethk32.dll - ok
22:25:24.0500 3536  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
22:25:24.0500 3536  C:\WINDOWS\system32\rpcrt4.dll - ok
22:25:24.0500 3536  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
22:25:24.0500 3536  C:\WINDOWS\system32\shell32.dll - ok
22:25:24.0500 3536  [ 67B165C399B91B6323484EC65936348C ] C:\WINDOWS\system32\url.dll
22:25:24.0500 3536  C:\WINDOWS\system32\url.dll - ok
22:25:24.0500 3536  [ C332870084DB9164F465D6F1B7472728 ] C:\WINDOWS\system32\urlmon.dll
22:25:24.0500 3536  C:\WINDOWS\system32\urlmon.dll - ok
22:25:24.0515 3536  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
22:25:24.0515 3536  C:\WINDOWS\system32\user32.dll - ok
22:25:24.0515 3536  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
22:25:24.0515 3536  C:\WINDOWS\system32\version.dll - ok
22:25:24.0515 3536  [ 5AACF4B4DEE1972B7952E8A747122232 ] C:\WINDOWS\system32\wininet.dll
22:25:24.0515 3536  C:\WINDOWS\system32\wininet.dll - ok
22:25:24.0515 3536  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
22:25:24.0515 3536  C:\WINDOWS\system32\wldap32.dll - ok
22:25:24.0515 3536  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
22:25:24.0515 3536  C:\WINDOWS\system32\comctl32.dll - ok
22:25:24.0515 3536  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
22:25:24.0515 3536  C:\WINDOWS\system32\msvcrt.dll - ok
22:25:24.0515 3536  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
22:25:24.0515 3536  C:\WINDOWS\system32\shlwapi.dll - ok
22:25:24.0515 3536  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
22:25:24.0515 3536  C:\WINDOWS\system32\mpr.dll - ok
22:25:24.0515 3536  [ 681B807E53BDADA337735C28C0E48A1B ] C:\WINDOWS\system32\ntvdm.exe
22:25:24.0515 3536  C:\WINDOWS\system32\ntvdm.exe - ok
22:25:24.0531 3536  [ 045DF7AE14CAAED71338916D6FB66812 ] C:\WINDOWS\system32\wow32.dll
22:25:24.0531 3536  C:\WINDOWS\system32\wow32.dll - ok
22:25:24.0531 3536  [ 47464CA4943F82E1B8FCB2C57DA15F83 ] C:\WINDOWS\system32\iertutil.dll
22:25:24.0531 3536  C:\WINDOWS\system32\iertutil.dll - ok
22:25:24.0531 3536  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
22:25:24.0531 3536  C:\WINDOWS\system32\secur32.dll - ok
22:25:24.0531 3536  [ 59570CA554C9D75E72241AC3252E84BD ] C:\WINDOWS\system32\ieframe.dll
22:25:24.0531 3536  C:\WINDOWS\system32\ieframe.dll - ok
22:25:24.0531 3536  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
22:25:24.0531 3536  C:\WINDOWS\system32\apphelp.dll - ok
22:25:24.0531 3536  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
22:25:24.0531 3536  C:\WINDOWS\system32\normaliz.dll - ok
22:25:24.0531 3536  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
22:25:24.0531 3536  C:\WINDOWS\system32\userenv.dll - ok
22:25:24.0531 3536  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
22:25:24.0531 3536  C:\WINDOWS\system32\csrss.exe - ok
22:25:24.0546 3536  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:25:24.0546 3536  C:\WINDOWS\system32\basesrv.dll - ok
22:25:24.0546 3536  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
22:25:24.0546 3536  C:\WINDOWS\system32\csrsrv.dll - ok
22:25:24.0546 3536  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:25:24.0546 3536  C:\WINDOWS\system32\winsrv.dll - ok
22:25:24.0546 3536  [ 2E5F65B8A1D1A6894F6A5DBD08665F87 ] C:\WINDOWS\system32\nv4_disp.dll
22:25:24.0546 3536  C:\WINDOWS\system32\nv4_disp.dll - ok
22:25:24.0546 3536  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
22:25:24.0546 3536  C:\WINDOWS\system32\vga.dll - ok
22:25:24.0546 3536  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
22:25:24.0546 3536  C:\WINDOWS\system32\winlogon.exe - ok
22:25:24.0546 3536  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
22:25:24.0546 3536  C:\WINDOWS\system32\authz.dll - ok
22:25:24.0546 3536  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
22:25:24.0546 3536  C:\WINDOWS\system32\crypt32.dll - ok
22:25:24.0546 3536  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
22:25:24.0546 3536  C:\WINDOWS\system32\msasn1.dll - ok
22:25:24.0562 3536  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
22:25:24.0562 3536  C:\WINDOWS\system32\nddeapi.dll - ok
22:25:24.0562 3536  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
22:25:24.0562 3536  C:\WINDOWS\system32\netapi32.dll - ok
22:25:24.0562 3536  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
22:25:24.0562 3536  C:\WINDOWS\system32\profmap.dll - ok
22:25:24.0562 3536  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
22:25:24.0562 3536  C:\WINDOWS\system32\psapi.dll - ok
22:25:24.0562 3536  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
22:25:24.0562 3536  C:\WINDOWS\system32\regapi.dll - ok
22:25:24.0562 3536  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
22:25:24.0562 3536  C:\WINDOWS\system32\setupapi.dll - ok
22:25:24.0562 3536  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
22:25:24.0562 3536  C:\WINDOWS\system32\imm32.dll - ok
22:25:24.0562 3536  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
22:25:24.0562 3536  C:\WINDOWS\system32\kbdus.dll - ok
22:25:24.0578 3536  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
22:25:24.0578 3536  C:\WINDOWS\system32\msgina.dll - ok
22:25:24.0578 3536  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
22:25:24.0578 3536  C:\WINDOWS\system32\winsta.dll - ok
22:25:24.0578 3536  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
22:25:24.0578 3536  C:\WINDOWS\system32\wintrust.dll - ok
22:25:24.0578 3536  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
22:25:24.0578 3536  C:\WINDOWS\system32\ws2help.dll - ok
22:25:24.0578 3536  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
22:25:24.0578 3536  C:\WINDOWS\system32\ws2_32.dll - ok
22:25:24.0578 3536  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
22:25:24.0578 3536  C:\WINDOWS\system32\odbc32.dll - ok
22:25:24.0578 3536  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
22:25:24.0578 3536  C:\WINDOWS\system32\sxs.dll - ok
22:25:24.0578 3536  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
22:25:24.0578 3536  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
22:25:24.0578 3536  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
22:25:24.0578 3536  C:\WINDOWS\system32\odbcint.dll - ok
22:25:24.0593 3536  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:25:24.0593 3536  C:\WINDOWS\system32\services.exe - ok
22:25:24.0593 3536  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
22:25:24.0593 3536  C:\WINDOWS\system32\sfc.dll - ok
22:25:24.0593 3536  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
22:25:24.0593 3536  C:\WINDOWS\system32\sfc_os.dll - ok
22:25:24.0593 3536  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
22:25:24.0593 3536  C:\WINDOWS\system32\shsvcs.dll - ok
22:25:24.0593 3536  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
22:25:24.0593 3536  C:\WINDOWS\system32\lsass.exe - ok
22:25:24.0593 3536  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
22:25:24.0593 3536  C:\WINDOWS\system32\msvcp60.dll - ok
22:25:24.0593 3536  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
22:25:24.0593 3536  C:\WINDOWS\system32\ncobjapi.dll - ok
22:25:24.0593 3536  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
22:25:24.0593 3536  C:\WINDOWS\system32\scesrv.dll - ok
22:25:24.0609 3536  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
22:25:24.0609 3536  C:\WINDOWS\system32\lsasrv.dll - ok
22:25:24.0609 3536  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
22:25:24.0609 3536  C:\WINDOWS\system32\shimeng.dll - ok
22:25:24.0609 3536  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
22:25:24.0609 3536  C:\WINDOWS\system32\umpnpmgr.dll - ok
22:25:24.0609 3536  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
22:25:24.0609 3536  C:\WINDOWS\AppPatch\acadproc.dll - ok
22:25:24.0609 3536  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
22:25:24.0609 3536  C:\WINDOWS\system32\dnsapi.dll - ok
22:25:24.0609 3536  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
22:25:24.0609 3536  C:\WINDOWS\system32\ntdsapi.dll - ok
22:25:24.0609 3536  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
22:25:24.0609 3536  C:\WINDOWS\system32\samlib.dll - ok
22:25:24.0609 3536  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
22:25:24.0609 3536  C:\WINDOWS\system32\samsrv.dll - ok
22:25:24.0609 3536  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
22:25:24.0609 3536  C:\WINDOWS\AppPatch\acgenral.dll - ok
22:25:24.0625 3536  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
22:25:24.0625 3536  C:\WINDOWS\system32\cryptdll.dll - ok
22:25:24.0625 3536  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
22:25:24.0625 3536  C:\WINDOWS\system32\msacm32.dll - ok
22:25:24.0625 3536  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
22:25:24.0625 3536  C:\WINDOWS\system32\uxtheme.dll - ok
22:25:24.0625 3536  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
22:25:24.0625 3536  C:\WINDOWS\system32\winmm.dll - ok
22:25:24.0625 3536  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
22:25:24.0625 3536  C:\WINDOWS\system32\digest.dll - ok
22:25:24.0625 3536  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
22:25:24.0625 3536  C:\WINDOWS\system32\msapsspc.dll - ok
22:25:24.0625 3536  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
22:25:24.0625 3536  C:\WINDOWS\system32\msnsspc.dll - ok
22:25:24.0625 3536  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
22:25:24.0625 3536  C:\WINDOWS\system32\msvcrt40.dll - ok
22:25:24.0640 3536  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
22:25:24.0640 3536  C:\WINDOWS\system32\schannel.dll - ok
22:25:24.0640 3536  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
22:25:24.0640 3536  C:\WINDOWS\system32\kerberos.dll - ok
22:25:24.0640 3536  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
22:25:24.0640 3536  C:\WINDOWS\system32\msprivs.dll - ok
22:25:24.0640 3536  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
22:25:24.0640 3536  C:\WINDOWS\system32\sfcfiles.dll - ok
22:25:24.0640 3536  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
22:25:24.0640 3536  C:\WINDOWS\system32\iphlpapi.dll - ok
22:25:24.0640 3536  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
22:25:24.0640 3536  C:\WINDOWS\system32\msv1_0.dll - ok
22:25:24.0640 3536  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
22:25:24.0640 3536  C:\WINDOWS\system32\netlogon.dll - ok
22:25:24.0640 3536  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
22:25:24.0640 3536  C:\WINDOWS\system32\atmfd.dll - ok
22:25:24.0640 3536  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
22:25:24.0640 3536  C:\WINDOWS\system32\rsaenh.dll - ok
22:25:24.0656 3536  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
22:25:24.0656 3536  C:\WINDOWS\system32\w32time.dll - ok
22:25:24.0656 3536  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
22:25:24.0656 3536  C:\WINDOWS\system32\wdigest.dll - ok
22:25:24.0656 3536  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
22:25:24.0656 3536  C:\WINDOWS\system32\winscard.dll - ok
22:25:24.0656 3536  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
22:25:24.0656 3536  C:\WINDOWS\system32\wtsapi32.dll - ok
22:25:24.0656 3536  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
22:25:24.0656 3536  C:\WINDOWS\system32\msctf.dll - ok
22:25:24.0656 3536  [ 2C9091C3350E369BBB2464AABE2FD7CA ] C:\WINDOWS\system32\ntkrnlpa.exe
22:25:24.0656 3536  C:\WINDOWS\system32\ntkrnlpa.exe - ok
22:25:24.0656 3536  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
22:25:24.0656 3536  C:\WINDOWS\system32\duser.dll - ok
22:25:24.0656 3536  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
22:25:24.0656 3536  C:\WINDOWS\system32\logonui.exe - ok
22:25:24.0671 3536  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
22:25:24.0671 3536  C:\WINDOWS\system32\scecli.dll - ok
22:25:24.0671 3536  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
22:25:24.0671 3536  C:\WINDOWS\system32\clbcatq.dll - ok
22:25:24.0671 3536  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
22:25:24.0671 3536  C:\WINDOWS\system32\msimg32.dll - ok
22:25:24.0671 3536  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
22:25:24.0671 3536  C:\WINDOWS\system32\oleacc.dll - ok
22:25:24.0671 3536  [ 99F59B3392AD68F08BB528791F5D880D ] C:\WINDOWS\system32\oleaccrc.dll
22:25:24.0671 3536  C:\WINDOWS\system32\oleaccrc.dll - ok
22:25:24.0671 3536  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
22:25:24.0671 3536  C:\WINDOWS\system32\rpcss.dll - ok
22:25:24.0671 3536  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
22:25:24.0671 3536  C:\WINDOWS\system32\svchost.exe - ok
22:25:24.0671 3536  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
22:25:24.0671 3536  C:\WINDOWS\system32\ntmarta.dll - ok
22:25:24.0671 3536  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
22:25:24.0671 3536  C:\WINDOWS\system32\xpsp2res.dll - ok
22:25:24.0687 3536  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
22:25:24.0687 3536  C:\WINDOWS\system32\comres.dll - ok
22:25:24.0687 3536  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
22:25:24.0687 3536  C:\WINDOWS\system32\eventlog.dll - ok
22:25:24.0687 3536  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
22:25:24.0687 3536  C:\WINDOWS\system32\mswsock.dll - ok
22:25:24.0687 3536  [ DA45AD502B4F2B7FC4ADEBA2E309F384 ] C:\WINDOWS\system32\netevent.dll
22:25:24.0687 3536  C:\WINDOWS\system32\netevent.dll - ok
22:25:24.0687 3536  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
22:25:24.0687 3536  C:\WINDOWS\system32\shgina.dll - ok
22:25:24.0687 3536  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
22:25:24.0687 3536  C:\Program Files\Bonjour\mdnsNSP.dll - ok
22:25:24.0687 3536  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
22:25:24.0687 3536  C:\WINDOWS\system32\dhcpcsvc.dll - ok
22:25:24.0687 3536  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
22:25:24.0687 3536  C:\WINDOWS\system32\hnetcfg.dll - ok
22:25:24.0703 3536  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
22:25:24.0703 3536  C:\WINDOWS\system32\rasadhlp.dll - ok
22:25:24.0703 3536  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
22:25:24.0703 3536  C:\WINDOWS\system32\winrnr.dll - ok
22:25:24.0703 3536  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
22:25:24.0703 3536  C:\WINDOWS\system32\wshtcpip.dll - ok
22:25:24.0703 3536  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
22:25:24.0703 3536  C:\WINDOWS\system32\cscdll.dll - ok
22:25:24.0703 3536  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
22:25:24.0703 3536  C:\WINDOWS\system32\dimsntfy.dll - ok
22:25:24.0703 3536  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
22:25:24.0703 3536  C:\WINDOWS\system32\dnsrslvr.dll - ok
22:25:24.0703 3536  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
22:25:24.0703 3536  C:\WINDOWS\system32\WgaLogon.dll - ok
22:25:24.0703 3536  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
22:25:24.0703 3536  C:\WINDOWS\system32\wlnotify.dll - ok
22:25:24.0718 3536  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
22:25:24.0718 3536  C:\WINDOWS\system32\msxml3.dll - ok
22:25:24.0718 3536  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
22:25:24.0718 3536  C:\WINDOWS\system32\audiosrv.dll - ok
22:25:24.0718 3536  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
22:25:24.0718 3536  C:\WINDOWS\system32\lmhsvc.dll - ok
22:25:24.0718 3536  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
22:25:24.0718 3536  C:\WINDOWS\system32\msidle.dll - ok
22:25:24.0718 3536  [ 572334E13E0D4C8A2986CCA2A736DCE5 ] C:\WINDOWS\system32\msxml3r.dll
22:25:24.0718 3536  C:\WINDOWS\system32\msxml3r.dll - ok
22:25:24.0718 3536  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
22:25:24.0718 3536  C:\WINDOWS\system32\schedsvc.dll - ok
22:25:24.0718 3536  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
22:25:24.0718 3536  C:\WINDOWS\system32\spoolsv.exe - ok
22:25:24.0718 3536  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
22:25:24.0718 3536  C:\WINDOWS\system32\wkssvc.dll - ok
22:25:24.0718 3536  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
22:25:24.0718 3536  C:\WINDOWS\system32\cscui.dll - ok
22:25:24.0734 3536  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
22:25:24.0734 3536  C:\WINDOWS\system32\dpcdll.dll - ok
22:25:24.0734 3536  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
22:25:24.0734 3536  C:\WINDOWS\system32\mprapi.dll - ok
22:25:24.0734 3536  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
22:25:24.0734 3536  C:\WINDOWS\system32\powrprof.dll - ok
22:25:24.0734 3536  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
22:25:24.0734 3536  C:\WINDOWS\system32\activeds.dll - ok
22:25:24.0734 3536  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
22:25:24.0734 3536  C:\WINDOWS\system32\adsldpc.dll - ok
22:25:24.0734 3536  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
22:25:24.0734 3536  C:\WINDOWS\system32\atl.dll - ok
22:25:24.0734 3536  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
22:25:24.0734 3536  C:\WINDOWS\system32\drprov.dll - ok
22:25:24.0734 3536  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
22:25:24.0734 3536  C:\WINDOWS\system32\midimap.dll - ok
22:25:24.0734 3536  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
22:25:24.0734 3536  C:\WINDOWS\system32\rtutils.dll - ok
22:25:24.0750 3536  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
22:25:24.0750 3536  C:\WINDOWS\system32\davclnt.dll - ok
22:25:24.0750 3536  [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll
22:25:24.0750 3536  C:\WINDOWS\system32\mprui.dll - ok
22:25:24.0750 3536  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
22:25:24.0750 3536  C:\WINDOWS\system32\netrap.dll - ok
22:25:24.0750 3536  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
22:25:24.0750 3536  C:\WINDOWS\system32\netui0.dll - ok
22:25:24.0750 3536  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
22:25:24.0750 3536  C:\WINDOWS\system32\netui1.dll - ok
22:25:24.0750 3536  [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll
22:25:24.0750 3536  C:\WINDOWS\system32\netui2.dll - ok
22:25:24.0750 3536  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
22:25:24.0750 3536  C:\WINDOWS\system32\ntlanman.dll - ok
22:25:24.0750 3536  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
22:25:24.0750 3536  C:\WINDOWS\system32\netmsg.dll - ok
22:25:24.0765 3536  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
22:25:24.0765 3536  C:\WINDOWS\system32\userinit.exe - ok
22:25:24.0765 3536  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
22:25:24.0765 3536  C:\WINDOWS\system32\webclnt.dll - ok
22:25:24.0765 3536  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
22:25:24.0765 3536  C:\WINDOWS\system32\WgaTray.exe - ok
22:25:24.0765 3536  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
22:25:24.0765 3536  C:\WINDOWS\explorer.exe - ok
22:25:24.0765 3536  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
22:25:24.0765 3536  C:\WINDOWS\system32\browseui.dll - ok
22:25:24.0765 3536  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
22:25:24.0765 3536  C:\WINDOWS\system32\shdocvw.dll - ok
22:25:24.0765 3536  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
22:25:24.0765 3536  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
22:25:24.0765 3536  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
22:25:24.0765 3536  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
22:25:24.0765 3536  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
22:25:24.0765 3536  C:\WINDOWS\system32\cryptui.dll - ok
22:25:24.0781 3536  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
22:25:24.0781 3536  C:\WINDOWS\system32\msi.dll - ok
22:25:24.0781 3536  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
22:25:24.0781 3536  C:\WINDOWS\system32\dbghelp.dll - ok
22:25:24.0781 3536  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
22:25:24.0781 3536  C:\WINDOWS\system32\riched20.dll - ok
22:25:24.0781 3536  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
22:25:24.0781 3536  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
22:25:24.0781 3536  [ A9A3DAA780CA6C9671A19D52456705B4 ] C:\WINDOWS\system32\alrsvc.dll
22:25:24.0781 3536  C:\WINDOWS\system32\alrsvc.dll - ok
22:25:24.0781 3536  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
22:25:24.0781 3536  C:\WINDOWS\system32\mstask.dll - ok
22:25:24.0781 3536  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
22:25:24.0781 3536  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
22:25:24.0781 3536  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
22:25:24.0781 3536  C:\WINDOWS\system32\themeui.dll - ok
22:25:24.0796 3536  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
22:25:24.0796 3536  C:\WINDOWS\system32\wsock32.dll - ok
22:25:24.0796 3536  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
22:25:24.0796 3536  C:\WINDOWS\system32\actxprxy.dll - ok
22:25:24.0796 3536  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
22:25:24.0796 3536  C:\Program Files\Bonjour\mDNSResponder.exe - ok
22:25:24.0796 3536  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:25:24.0796 3536  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
22:25:24.0796 3536  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
22:25:24.0796 3536  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
22:25:24.0796 3536  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
22:25:24.0796 3536  C:\WINDOWS\system32\certcli.dll - ok
22:25:24.0796 3536  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
22:25:24.0796 3536  C:\WINDOWS\system32\cryptsvc.dll - ok
22:25:24.0796 3536  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
22:25:24.0796 3536  C:\WINDOWS\system32\esent.dll - ok
22:25:24.0796 3536  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
22:25:24.0796 3536  C:\WINDOWS\system32\mscoree.dll - ok
22:25:24.0812 3536  [ 35DB83C4DE9FA3889E937125D115EAA0 ] C:\Program Files\Google\Update\1.3.21.135\goopdateres_en.dll
22:25:24.0812 3536  C:\Program Files\Google\Update\1.3.21.135\goopdateres_en.dll - ok
22:25:24.0812 3536  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
22:25:24.0812 3536  C:\WINDOWS\system32\dsound.dll - ok
22:25:24.0812 3536  [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
22:25:24.0812 3536  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
22:25:24.0812 3536  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
22:25:24.0812 3536  C:\WINDOWS\system32\dmserver.dll - ok
22:25:24.0812 3536  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
22:25:24.0812 3536  C:\WINDOWS\system32\ersvc.dll - ok
22:25:24.0812 3536  [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
22:25:24.0812 3536  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
22:25:24.0812 3536  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
22:25:24.0812 3536  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
22:25:24.0812 3536  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
22:25:24.0812 3536  C:\WINDOWS\system32\cryptnet.dll - ok
22:25:24.0828 3536  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
22:25:24.0828 3536  C:\WINDOWS\system32\es.dll - ok
22:25:24.0828 3536  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
22:25:24.0828 3536  C:\WINDOWS\system32\hid.dll - ok
22:25:24.0828 3536  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
22:25:24.0828 3536  C:\WINDOWS\system32\hidserv.dll - ok
22:25:24.0828 3536  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
22:25:24.0828 3536  C:\WINDOWS\system32\sensapi.dll - ok
22:25:24.0828 3536  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
22:25:24.0828 3536  C:\WINDOWS\system32\winhttp.dll - ok
22:25:24.0828 3536  [ 1986443C2F2C0E2A18E908DD241BF84D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll
22:25:24.0828 3536  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll - ok
22:25:24.0828 3536  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
22:25:24.0828 3536  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
22:25:24.0828 3536  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
22:25:24.0828 3536  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
22:25:24.0828 3536  [ 07BBB3CBB86D2626B46BC1D210C4781B ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
22:25:24.0828 3536  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
22:25:24.0843 3536  [ E5BC8D93CDCB957146D971647849A154 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
22:25:24.0843 3536  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
22:25:24.0843 3536  [ 5472D771C0197355C1D347F20392B982 ] C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
22:25:24.0843 3536  C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe - ok
22:25:24.0843 3536  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\msvcr100.dll
22:25:24.0843 3536  C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\msvcr100.dll - ok
22:25:24.0843 3536  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
22:25:24.0843 3536  C:\WINDOWS\system32\pdh.dll - ok
22:25:24.0843 3536  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
22:25:24.0843 3536  C:\WINDOWS\system32\shfolder.dll - ok
22:25:24.0843 3536  [ 38440FE1A65B1FE3D246C5C4CAD22F53 ] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
22:25:24.0843 3536  C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - ok
22:25:24.0843 3536  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
22:25:24.0843 3536  C:\WINDOWS\system32\odbcbcp.dll - ok
22:25:24.0843 3536  [ 28BD0E4B6C050B591B8CB35B9AD284E6 ] C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:25:24.0843 3536  C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - ok
22:25:24.0859 3536  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
22:25:24.0859 3536  C:\WINDOWS\system32\netman.dll - ok
22:25:24.0859 3536  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
22:25:24.0859 3536  C:\WINDOWS\system32\netshell.dll - ok
22:25:24.0859 3536  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
22:25:24.0859 3536  C:\WINDOWS\system32\credui.dll - ok
22:25:24.0859 3536  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
22:25:24.0859 3536  C:\WINDOWS\system32\dot3api.dll - ok
22:25:24.0859 3536  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
22:25:24.0859 3536  C:\WINDOWS\system32\dot3dlg.dll - ok
22:25:24.0859 3536  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
22:25:24.0859 3536  C:\WINDOWS\system32\eappcfg.dll - ok
22:25:24.0859 3536  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
22:25:24.0859 3536  C:\WINDOWS\system32\eappprxy.dll - ok
22:25:24.0859 3536  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
22:25:24.0859 3536  C:\WINDOWS\system32\onex.dll - ok
22:25:24.0859 3536  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
22:25:24.0859 3536  C:\WINDOWS\system32\rasapi32.dll - ok
22:25:24.0875 3536  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
22:25:24.0875 3536  C:\WINDOWS\system32\rasman.dll - ok
22:25:24.0875 3536  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
22:25:24.0875 3536  C:\WINDOWS\system32\tapi32.dll - ok
22:25:24.0875 3536  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
22:25:24.0875 3536  C:\WINDOWS\system32\wzcsapi.dll - ok
22:25:24.0875 3536  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
22:25:24.0875 3536  C:\WINDOWS\system32\wzcsvc.dll - ok
22:25:24.0875 3536  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
22:25:24.0875 3536  C:\WINDOWS\system32\eapolqec.dll - ok
22:25:24.0875 3536  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
22:25:24.0875 3536  C:\WINDOWS\system32\linkinfo.dll - ok
22:25:24.0875 3536  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
22:25:24.0875 3536  C:\WINDOWS\system32\ntshrui.dll - ok
22:25:24.0875 3536  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
22:25:24.0875 3536  C:\WINDOWS\system32\qutil.dll - ok
22:25:24.0890 3536  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
22:25:24.0890 3536  C:\WINDOWS\system32\rundll32.exe - ok
22:25:24.0890 3536  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
22:25:24.0890 3536  C:\WINDOWS\system32\wmi.dll - ok
22:25:24.0890 3536  [ B894BEF436CD7B7CF89BC0A53D4AE624 ] C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
22:25:24.0890 3536  C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll - ok
22:25:24.0890 3536  [ 971B4344ABA9B79ED0E9D0BB2A5283C1 ] C:\WINDOWS\system32\nvsvc32.exe
22:25:24.0890 3536  C:\WINDOWS\system32\nvsvc32.exe - ok
22:25:24.0890 3536  [ 8E48527B937286988507D23D212563A9 ] C:\WINDOWS\system32\nvcpl.dll
22:25:24.0890 3536  C:\WINDOWS\system32\nvcpl.dll - ok
22:25:24.0890 3536  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
22:25:24.0890 3536  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
22:25:24.0890 3536  [ 7B78FB6A050DF1739E69B2DF4D93B4AB ] C:\Program Files\Winamp\winamp.exe
22:25:24.0890 3536  C:\Program Files\Winamp\winamp.exe - ok
22:25:24.0890 3536  [ 805618D06F7E79E39D0841AD1DCE1EFA ] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
22:25:24.0890 3536  C:\Program Files\NVIDIA Corporation\nView\nwiz.exe - ok
22:25:24.0906 3536  [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
22:25:24.0906 3536  C:\WINDOWS\system32\ksuser.dll - ok
22:25:24.0906 3536  [ DCA342DBCA005902AAFF6D2337701CDF ] C:\WINDOWS\system32\nvmctray.dll
22:25:24.0906 3536  C:\WINDOWS\system32\nvmctray.dll - ok
22:25:24.0906 3536  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
22:25:24.0906 3536  C:\WINDOWS\system32\perfdisk.dll - ok
22:25:24.0906 3536  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
22:25:24.0906 3536  C:\WINDOWS\system32\perfos.dll - ok
22:25:24.0906 3536  [ 0E3605A5E7C23F1139C5C448E1EAF494 ] C:\WINDOWS\system32\shimgvw.dll
22:25:24.0906 3536  C:\WINDOWS\system32\shimgvw.dll - ok
22:25:24.0906 3536  [ 0BABC17CECB996961BEDC74723D51741 ] C:\WINDOWS\system32\nvapi.dll
22:25:24.0906 3536  C:\WINDOWS\system32\nvapi.dll - ok
22:25:24.0906 3536  [ 6AC98A49183172D561B2BBEB845CAED3 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
22:25:24.0906 3536  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
22:25:24.0906 3536  [ 550B4E5C33E4707ADE0DC73E323140FB ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
22:25:24.0906 3536  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
22:25:24.0906 3536  [ A40D8503D0C5E856350DFE950CD55913 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
22:25:24.0906 3536  C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
22:25:24.0921 3536  [ EF1F0007E32EBE92371D7026B0D8D4C0 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
22:25:24.0921 3536  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll - ok
22:25:24.0921 3536  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
22:25:24.0921 3536  C:\WINDOWS\system32\mlang.dll - ok
22:25:24.0921 3536  [ 4CDE6D8E0A07DCE9E568F58A5DC8086C ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:25:24.0921 3536  C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
22:25:24.0921 3536  [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\WINDOWS\system32\MFC71.dll
22:25:24.0921 3536  C:\WINDOWS\system32\MFC71.dll - ok
22:25:24.0921 3536  [ A1DD33D16F277CE34124EE52AB2C0F14 ] C:\WINDOWS\system32\PnkBstrA.exe
22:25:24.0921 3536  C:\WINDOWS\system32\PnkBstrA.exe - ok
22:25:24.0921 3536  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
22:25:24.0921 3536  C:\WINDOWS\system32\msvcr71.dll - ok
22:25:24.0921 3536  [ 3B66C1B84D798E7471EEBD3486EE8F34 ] C:\Program Files\NVIDIA Corporation\nView\nView.dll
22:25:24.0921 3536  C:\Program Files\NVIDIA Corporation\nView\nView.dll - ok
22:25:24.0921 3536  [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\Microsoft.VC90.CRT\msvcr90.dll
22:25:24.0921 3536  C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\Microsoft.VC90.CRT\msvcr90.dll - ok
22:25:24.0937 3536  [ 4BF940A921BFAC209EC6CF31E091EA05 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceme40.dll
22:25:24.0937 3536  C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceme40.dll - ok
22:25:24.0937 3536  [ FEB37F733994B4D3E686A8446F576AB7 ] C:\Program Files\ATI Multimedia\AtiSServ.dll
22:25:24.0937 3536  C:\Program Files\ATI Multimedia\AtiSServ.dll - ok
22:25:24.0937 3536  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
22:25:24.0937 3536  C:\WINDOWS\system32\ipsecsvc.dll - ok
22:25:24.0937 3536  [ B4C3383A07A357410997CEEDE9D15DC0 ] C:\WINDOWS\system32\nvwddi.dll
22:25:24.0937 3536  C:\WINDOWS\system32\nvwddi.dll - ok
22:25:24.0937 3536  [ CEBDF70A57E8358C8A8F3E8400714C4C ] C:\WINDOWS\system32\PnkBstrB.exe
22:25:24.0937 3536  C:\WINDOWS\system32\PnkBstrB.exe - ok
22:25:24.0937 3536  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
22:25:24.0937 3536  C:\WINDOWS\system32\oakley.dll - ok
22:25:24.0937 3536  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
22:25:24.0937 3536  C:\WINDOWS\system32\psbase.dll - ok
22:25:24.0937 3536  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
22:25:24.0937 3536  C:\WINDOWS\system32\pstorsvc.dll - ok
22:25:24.0937 3536  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
22:25:24.0937 3536  C:\WINDOWS\system32\winipsec.dll - ok
22:25:24.0953 3536  [ 23E3C83DFF7B09A97B01A85ED8A44478 ] C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:25:24.0953 3536  C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe - ok
22:25:24.0953 3536  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
22:25:24.0953 3536  C:\WINDOWS\system32\regsvc.dll - ok
22:25:24.0953 3536  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
22:25:24.0953 3536  C:\WINDOWS\system32\seclogon.dll - ok
22:25:24.0953 3536  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
22:25:24.0953 3536  C:\WINDOWS\system32\sens.dll - ok
22:25:24.0953 3536  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] C:\Program Files\Skype\Updater\Updater.exe
22:25:24.0953 3536  C:\Program Files\Skype\Updater\Updater.exe - ok
22:25:24.0953 3536  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
22:25:24.0953 3536  C:\WINDOWS\system32\dssenh.dll - ok
22:25:24.0953 3536  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
22:25:24.0953 3536  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
22:25:24.0953 3536  [ 0BFAC83C8524B054A0BFBD6E8ABFC5C1 ] C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\MLRmtPgn.dll
22:25:24.0953 3536  C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\MLRmtPgn.dll - ok
22:25:24.0968 3536  [ 55E506DC2191EA7D1CBD3895CBA6BA75 ] C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\Winamp.dll
22:25:24.0968 3536  C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\Winamp.dll - ok
22:25:24.0968 3536  [ 78799ABF49639B91396C9BACDBED6722 ] C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\WMP10.dll
22:25:24.0968 3536  C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\WMP10.dll - ok
22:25:24.0968 3536  [ CEDF8F90766BDF32411E9397A0F1BA4F ] C:\Program Files\ATI Multimedia\RemCtrl\x10net.dll
22:25:24.0968 3536  C:\Program Files\ATI Multimedia\RemCtrl\x10net.dll - ok
22:25:24.0968 3536  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
22:25:24.0968 3536  C:\WINDOWS\system32\srsvc.dll - ok
22:25:24.0968 3536  [ AB97D171A77B5F4BAFB033BF539BED42 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceqp40.dll
22:25:24.0968 3536  C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceqp40.dll - ok
22:25:24.0968 3536  [ EC133C3E2A97AA6FBC276DCCCD0645BF ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlcese40.dll
22:25:24.0968 3536  C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlcese40.dll - ok
22:25:24.0968 3536  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
22:25:24.0968 3536  C:\WINDOWS\system32\wiaservc.dll - ok
22:25:24.0968 3536  [ 3F9A3232E5F942874488981F3242C989 ] C:\Program Files\UPHClean\uphclean.exe
22:25:24.0968 3536  C:\Program Files\UPHClean\uphclean.exe - ok
22:25:24.0968 3536  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
22:25:24.0968 3536  C:\WINDOWS\system32\cfgmgr32.dll - ok
22:25:24.0984 3536  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
22:25:24.0984 3536  C:\WINDOWS\system32\mscms.dll - ok
22:25:24.0984 3536  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
22:25:24.0984 3536  C:\WINDOWS\system32\trkwks.dll - ok
22:25:24.0984 3536  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
22:25:24.0984 3536  C:\WINDOWS\system32\vssapi.dll - ok
22:25:24.0984 3536  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
22:25:24.0984 3536  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
22:25:24.0984 3536  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
22:25:24.0984 3536  C:\WINDOWS\system32\wuaueng.dll - ok
22:25:24.0984 3536  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
22:25:24.0984 3536  C:\WINDOWS\system32\wuauserv.dll - ok
22:25:24.0984 3536  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
22:25:24.0984 3536  C:\WINDOWS\system32\cabinet.dll - ok
22:25:24.0984 3536  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
22:25:24.0984 3536  C:\WINDOWS\system32\comsvcs.dll - ok
22:25:24.0984 3536  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
22:25:24.0984 3536  C:\WINDOWS\system32\ipnathlp.dll - ok
22:25:25.0000 3536  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
22:25:25.0000 3536  C:\WINDOWS\system32\mspatcha.dll - ok
22:25:25.0000 3536  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
22:25:25.0000 3536  C:\WINDOWS\system32\wscsvc.dll - ok
22:25:25.0000 3536  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
22:25:25.0000 3536  C:\WINDOWS\system32\colbact.dll - ok
22:25:25.0000 3536  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
22:25:25.0000 3536  C:\WINDOWS\system32\clusapi.dll - ok
22:25:25.0000 3536  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
22:25:25.0000 3536  C:\WINDOWS\system32\mtxclu.dll - ok
22:25:25.0000 3536  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
22:25:25.0000 3536  C:\WINDOWS\system32\resutils.dll - ok
22:25:25.0000 3536  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
22:25:25.0000 3536  C:\WINDOWS\system32\wbem\esscli.dll - ok
22:25:25.0000 3536  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
22:25:25.0000 3536  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
22:25:25.0000 3536  [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
22:25:25.0000 3536  C:\WINDOWS\system32\mtxoci.dll - ok
22:25:25.0015 3536  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wbem\fastprox.dll - ok
22:25:25.0015 3536  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
22:25:25.0015 3536  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
22:25:25.0015 3536  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
22:25:25.0015 3536  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wups.dll - ok
22:25:25.0015 3536  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wups2.dll - ok
22:25:25.0015 3536  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
22:25:25.0015 3536  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
22:25:25.0015 3536  C:\WINDOWS\system32\wbem\wbemess.dll - ok
22:25:25.0031 3536  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
22:25:25.0031 3536  C:\WINDOWS\system32\wuapi.dll - ok
22:25:25.0031 3536  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
22:25:25.0031 3536  C:\WINDOWS\system32\wbem\ncprov.dll - ok
22:25:25.0031 3536  [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
22:25:25.0031 3536  C:\WINDOWS\system32\wiavusd.dll - ok
22:25:25.0031 3536  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
22:25:25.0031 3536  C:\WINDOWS\system32\wuauclt.exe - ok
22:25:25.0031 3536  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] C:\Program Files\Canon\CAL\CALMAIN.exe
22:25:25.0031 3536  C:\Program Files\Canon\CAL\CALMAIN.exe - ok
22:25:25.0031 3536  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
22:25:25.0031 3536  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
22:25:25.0031 3536  [ 3CAEAE7608F1BD7BA873A3B02895B106 ] C:\WINDOWS\system32\sti.dll
22:25:25.0031 3536  C:\WINDOWS\system32\sti.dll - ok
22:25:25.0031 3536  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
22:25:25.0031 3536  C:\WINDOWS\system32\cmd.exe - ok
22:25:25.0031 3536  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
22:25:25.0031 3536  C:\WINDOWS\system32\webcheck.dll - ok
22:25:25.0046 3536  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
22:25:25.0046 3536  C:\WINDOWS\system32\stobject.dll - ok
22:25:25.0046 3536  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
22:25:25.0046 3536  C:\WINDOWS\system32\batmeter.dll - ok
22:25:25.0046 3536  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
22:25:25.0046 3536  C:\WINDOWS\system32\termsrv.dll - ok
22:25:25.0046 3536  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
22:25:25.0046 3536  C:\WINDOWS\system32\icaapi.dll - ok
22:25:25.0046 3536  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
22:25:25.0046 3536  C:\WINDOWS\system32\mstlsapi.dll - ok
22:25:25.0046 3536  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
22:25:25.0046 3536  C:\WINDOWS\system32\qmgr.dll - ok
22:25:25.0046 3536  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
22:25:25.0046 3536  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
22:25:25.0046 3536  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
22:25:25.0046 3536  C:\WINDOWS\system32\licdll.dll - ok
22:25:25.0062 3536  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
22:25:25.0062 3536  C:\WINDOWS\system32\licwmi.dll - ok
22:25:25.0062 3536  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
22:25:25.0062 3536  C:\WINDOWS\system32\wbem\framedyn.dll - ok
22:25:25.0062 3536  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
22:25:25.0062 3536  C:\WINDOWS\system32\msxml6.dll - ok
22:25:25.0062 3536  [ 89AFA12F6A1AD5837377E0B01C11E40E ] C:\WINDOWS\system32\msxml6r.dll
22:25:25.0062 3536  C:\WINDOWS\system32\msxml6r.dll - ok
22:25:25.0062 3536  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
22:25:25.0062 3536  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
22:25:25.0062 3536  [ 96A0066AB9872D3575575A463C53FF6C ] C:\WINDOWS\system32\aclui.dll
22:25:25.0062 3536  C:\WINDOWS\system32\aclui.dll - ok
22:25:25.0062 3536  [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
22:25:25.0062 3536  C:\WINDOWS\system32\advpack.dll - ok
22:25:25.0062 3536  [ 45814FE9FBD6F569A0468D229455B3A2 ] C:\WINDOWS\system32\iernonce.dll
22:25:25.0062 3536  C:\WINDOWS\system32\iernonce.dll - ok
22:25:25.0062 3536  [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
22:25:25.0062 3536  C:\WINDOWS\system32\qmgrprxy.dll - ok
22:25:25.0078 3536  [ 751068D5D0ECD64A4810379729A1F0BC ] C:\WINDOWS\system32\ulib.dll
22:25:25.0078 3536  C:\WINDOWS\system32\ulib.dll - ok
22:25:25.0078 3536  [ 5D0521C0C8DD070CD087BC57F586A238 ] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll
22:25:25.0078 3536  C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll - ok
22:25:25.0078 3536  [ 527920C6AFBDF448824474871FD772FA ] C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
22:25:25.0078 3536  C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll - ok
22:25:25.0078 3536  [ 37461F2C3F212CF508A20FDC729ABDE5 ] C:\WINDOWS\system32\clb.dll
22:25:25.0078 3536  C:\WINDOWS\system32\clb.dll - ok
22:25:25.0078 3536  [ A99BF515C0ED89096DD93AEDDDEDCAE2 ] C:\WINDOWS\system32\dpv11.dll
22:25:25.0078 3536  C:\WINDOWS\system32\dpv11.dll - ok
22:25:25.0078 3536  [ 75951D8A85067F8ECCD0076F21E9E4E8 ] C:\WINDOWS\system32\findstr.exe
22:25:25.0078 3536  C:\WINDOWS\system32\findstr.exe - ok
22:25:25.0078 3536  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
22:25:25.0078 3536  C:\WINDOWS\system32\netcfgx.dll - ok
22:25:25.0078 3536  [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
22:25:25.0078 3536  C:\WINDOWS\system32\d3d9.dll - ok
22:25:25.0093 3536  [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
22:25:25.0093 3536  C:\WINDOWS\system32\inetmib1.dll - ok
22:25:25.0093 3536  [ 6AE0A4978225CC6656D45504D6D78D0A ] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
22:25:25.0093 3536  C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe - ok
22:25:25.0093 3536  [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
22:25:25.0093 3536  C:\WINDOWS\system32\snmpapi.dll - ok
22:25:25.0093 3536  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
22:25:25.0093 3536  C:\WINDOWS\system32\ssdpapi.dll - ok
22:25:25.0093 3536  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
22:25:25.0093 3536  C:\WINDOWS\system32\upnp.dll - ok
22:25:25.0093 3536  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
22:25:25.0093 3536  C:\WINDOWS\system32\rasmans.dll - ok
22:25:25.0093 3536  [ 172BE63FE4CCB653446687BFB97E61C9 ] C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll
22:25:25.0093 3536  C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll - ok
22:25:25.0093 3536  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
22:25:25.0093 3536  C:\WINDOWS\system32\drivers\wmilib.sys - ok
22:25:25.0093 3536  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
22:25:25.0093 3536  C:\WINDOWS\system32\drivers\atapi.sys - ok
22:25:25.0109 3536  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
22:25:25.0109 3536  C:\WINDOWS\system32\drivers\dxapi.sys - ok
22:25:25.0109 3536  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
22:25:25.0109 3536  C:\WINDOWS\system32\watchdog.sys - ok
22:25:25.0109 3536  [ BD39EC6064A1B5DFDABCF312A38A37EE ] C:\WINDOWS\system32\win32k.sys
22:25:25.0109 3536  C:\WINDOWS\system32\win32k.sys - ok
22:25:25.0109 3536  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
22:25:25.0109 3536  C:\WINDOWS\system32\drivers\dxg.sys - ok
22:25:25.0109 3536  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
22:25:25.0109 3536  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
22:25:25.0109 3536  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
22:25:25.0109 3536  C:\WINDOWS\system32\msctfime.ime - ok
22:25:25.0109 3536  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
22:25:25.0109 3536  C:\WINDOWS\system32\winspool.drv - ok
22:25:25.0109 3536  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
22:25:25.0109 3536  C:\WINDOWS\system32\wdmaud.drv - ok
22:25:25.0125 3536  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
22:25:25.0125 3536  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\splitter.sys - ok
22:25:25.0125 3536  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\aec.sys - ok
22:25:25.0125 3536  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\swmidi.sys - ok
22:25:25.0125 3536  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\dmusic.sys - ok
22:25:25.0125 3536  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\kmixer.sys - ok
22:25:25.0125 3536  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
22:25:25.0125 3536  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
22:25:25.0125 3536  C:\WINDOWS\system32\msacm32.drv - ok
22:25:25.0125 3536  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
22:25:25.0125 3536  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
22:25:25.0140 3536  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
22:25:25.0140 3536  C:\WINDOWS\system32\drivers\parport.sys - ok
22:25:25.0140 3536  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:25:25.0140 3536  C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe - ok
22:25:25.0140 3536  [ FDA1BA7B2179F29D6DEB3DEC9C9037D0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
22:25:25.0140 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll - ok
22:25:25.0140 3536  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
22:25:25.0140 3536  C:\WINDOWS\system32\desk.cpl - ok
22:25:25.0140 3536  [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
22:25:25.0140 3536  C:\WINDOWS\system32\LegitCheckControl.dll - ok
22:25:25.0140 3536  [ 44AD39A50E3E4956E0BB91917DD7D619 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
22:25:25.0140 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll - ok
22:25:25.0140 3536  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\leegnd\LOCALS~1\temp\F3DF8661-8C01-4D6A-8400-2A3B046ECF1A.exe
22:25:25.0140 3536  C:\DOCUME~1\leegnd\LOCALS~1\temp\F3DF8661-8C01-4D6A-8400-2A3B046ECF1A.exe - ok
22:25:25.0140 3536  [ 3B1764F98494B0C93F0DF5572C7629E8 ] C:\WINDOWS\RTHDCPL.EXE
22:25:25.0140 3536  C:\WINDOWS\RTHDCPL.EXE - ok
22:25:25.0156 3536  [ C787134668CE582D599BCF61EE859F0E ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll
22:25:25.0156 3536  C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok
22:25:25.0156 3536  [ 8272095E7C60477BA1CE6F2F451CF3B4 ] C:\Program Files\AVG\AVG2013\avgui.exe
22:25:25.0156 3536  C:\Program Files\AVG\AVG2013\avgui.exe - ok
22:25:25.0156 3536  [ 6C4B5DFA3C8706D3FEC335701B058FA3 ] C:\Program Files\AVG SafeGuard toolbar\vprot.exe
22:25:25.0156 3536  C:\Program Files\AVG SafeGuard toolbar\vprot.exe - ok
22:25:25.0156 3536  [ 2D6291C260A9DAC9B4BD48B80244A0BC ] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
22:25:25.0156 3536  C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE - ok
22:25:25.0156 3536  [ ABFA19E156B6C9A8139966A1575027EB ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
22:25:25.0156 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll - ok
22:25:25.0156 3536  [ 4B7AF7BEB9B97A66B0D19690DC9364B5 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
22:25:25.0156 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll - ok
22:25:25.0156 3536  [ E18C76E32C9E2DAF7FC929E6D13412CF ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
22:25:25.0156 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll - ok
22:25:25.0156 3536  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
22:25:25.0156 3536  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
22:25:25.0156 3536  [ F32077DF74EFD435A1DCDF415E189DF1 ] C:\WINDOWS\system32\mfc100u.dll
22:25:25.0156 3536  C:\WINDOWS\system32\mfc100u.dll - ok
22:25:25.0171 3536  [ 0EF54B7814EFA5C1364A7C6495BD1DBD ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
22:25:25.0171 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll - ok
22:25:25.0171 3536  [ 848449F41B6E9553FF5D5F864191B834 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll
22:25:25.0171 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll - ok
22:25:25.0171 3536  [ 36B31861AD1B53433E8C9D09035E23D1 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll
22:25:25.0171 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll - ok
22:25:25.0171 3536  [ EAD7F8749BB2B19EF7DA62E20E008D6B ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
22:25:25.0171 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll - ok
22:25:25.0171 3536  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
22:25:25.0171 3536  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
22:25:25.0171 3536  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
22:25:25.0171 3536  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
22:25:25.0171 3536  [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
22:25:25.0171 3536  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
22:25:25.0171 3536  [ A072B04165C379DFEF863214EF14EB5F ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\log4net\v4.0_1.2.11.0__669e0ddf0bb1aa2a\log4net.dll
22:25:25.0171 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\log4net\v4.0_1.2.11.0__669e0ddf0bb1aa2a\log4net.dll - ok
22:25:25.0187 3536  [ 6CCADF81A2CE922D169C2B57D7ABCDC3 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
22:25:25.0187 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - ok
22:25:25.0187 3536  [ F59AAB3F1195B0D41D3BCFAA8C2E0D8D ] C:\Program Files\ATI Multimedia\RemCtrl\RWEnu.Rsc
22:25:25.0187 3536  C:\Program Files\ATI Multimedia\RemCtrl\RWEnu.Rsc - ok
22:25:25.0187 3536  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\49814313.sys
22:25:25.0187 3536  C:\WINDOWS\system32\drivers\49814313.sys - ok
22:25:25.0187 3536  [ C5DCF85E964F6E4D13AE3BCBB5400567 ] C:\Program Files\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll
22:25:25.0187 3536  C:\Program Files\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll - ok
22:25:25.0187 3536  [ 1EE316574719D1FDF285AB464BBD80BA ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
22:25:25.0187 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll - ok
22:25:25.0187 3536  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] C:\WINDOWS\system32\drivers\npf.sys
22:25:25.0187 3536  C:\WINDOWS\system32\drivers\npf.sys - ok
22:25:25.0187 3536  [ 151375A2F276FBE67A31FC43C2799981 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
22:25:25.0187 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - ok
22:25:25.0187 3536  [ 0404124AD180B07668390693B285B09F ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
22:25:25.0187 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll - ok
22:25:25.0187 3536  [ F908FE45F8FE9E0D4CBE65F9FF5DF6DA ] C:\WINDOWS\system32\mfc100enu.dll
22:25:25.0187 3536  C:\WINDOWS\system32\mfc100enu.dll - ok
22:25:25.0203 3536  [ 1D3F4A449E30008F76A739EC2F8CCC9B ] C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\PowerPoint.dll
22:25:25.0203 3536  C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\PowerPoint.dll - ok
22:25:25.0203 3536  [ 5D999BF519415D1C8EE0B97FF6A254DB ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
22:25:25.0203 3536  C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
22:25:25.0203 3536  [ EA02C32DF4B25296540634C45CD90340 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
22:25:25.0203 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll - ok
22:25:25.0203 3536  [ 7460D7EED8A97FD7603B254C9F1EC354 ] C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
22:25:25.0203 3536  C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll - ok
22:25:25.0203 3536  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
22:25:25.0203 3536  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
22:25:25.0203 3536  [ 90A3935D05B494A5A39D37E71F09A677 ] C:\WINDOWS\system32\drivers\secdrv.sys
22:25:25.0203 3536  C:\WINDOWS\system32\drivers\secdrv.sys - ok
22:25:25.0203 3536  [ 9EED448E2C6306BFD8B2B19063FC21A1 ] C:\Program Files\AVG\AVG2013\avgidpmx.dll
22:25:25.0203 3536  C:\Program Files\AVG\AVG2013\avgidpmx.dll - ok
22:25:25.0203 3536  [ E6F9143B9607A682ED439900AA99D586 ] C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\14.0.1\avgdttbx.dll
22:25:25.0203 3536  C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\14.0.1\avgdttbx.dll - ok
22:25:25.0218 3536  [ CBDB42644849DC69D7D6169680272E1E ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll
22:25:25.0218 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll - ok
22:25:25.0218 3536  [ 884DAE44F9C4A5C662F22ADD3193F205 ] C:\WINDOWS\system32\ATIRWRF.DLL
22:25:25.0218 3536  C:\WINDOWS\system32\ATIRWRF.DLL - ok
22:25:25.0218 3536  [ ED85C080DE4AA4C90FFF941CFD839D4C ] C:\WINDOWS\system32\drivers\uphcleanhlp.sys
22:25:25.0218 3536  C:\WINDOWS\system32\drivers\uphcleanhlp.sys - ok
22:25:25.0218 3536  [ DF150B1D8AC2BCD91BDE25E2E2AB4634 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll
22:25:25.0218 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll - ok
22:25:25.0218 3536  [ E8F87E9951F1BA6CB6DB9CDA1B22F9A4 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll
22:25:25.0218 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll - ok
22:25:25.0218 3536  [ 650464CA12ED30AC31A8D4FE0353223C ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\System.Data.SqlServerCe.dll
22:25:25.0218 3536  C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\System.Data.SqlServerCe.dll - ok
22:25:25.0218 3536  [ 4AB06E59C0813AFEBCD9F5E6166B3EBF ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
22:25:25.0218 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll - ok
22:25:25.0218 3536  [ ECE9B82C7696AD211F9BD64E41DF598B ] C:\Program Files\AVG\AVG2013\avguires.dll
22:25:25.0218 3536  C:\Program Files\AVG\AVG2013\avguires.dll - ok
22:25:25.0234 3536  [ 0719DA56ABC6B3A3D6711084E9020314 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll
22:25:25.0234 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll - ok
22:25:25.0234 3536  [ 730E90935150048A4E5F392FCDD49DA3 ] C:\Program Files\AVG\AVG2013\avgapps.dll
22:25:25.0234 3536  C:\Program Files\AVG\AVG2013\avgapps.dll - ok
22:25:25.0234 3536  [ 621B8A1AA85635B59837F44D853B5859 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
22:25:25.0234 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - ok
22:25:25.0234 3536  [ 0B00F2B2917E643FD47A47F328D81613 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll
22:25:25.0234 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll - ok
22:25:25.0234 3536  [ 41962D5E18E9874390BC1F074571A6BB ] C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
22:25:25.0234 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
22:25:25.0234 3536  [ 484E37FF77E377C4B8D3A439F4D2D173 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll
22:25:25.0234 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll - ok
22:25:25.0234 3536  [ A836803227004B6F513C825B25665E73 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceer40EN.dll
22:25:25.0234 3536  C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceer40EN.dll - ok
22:25:25.0234 3536  [ EA076CF4BAAACD2735475FF3C0878822 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll
22:25:25.0234 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll - ok
22:25:25.0234 3536  [ F8C1508FAF0DD3CC9A61A02BF0CEC2B6 ] C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
22:25:25.0234 3536  C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll - ok
22:25:25.0250 3536  [ C755E17BAC396F9A9F468320B3F6CF46 ] C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
22:25:25.0250 3536  C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll - ok
22:25:25.0250 3536  [ 4A6FC31F8B24C1C641731C9DBC7815C0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
22:25:25.0250 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll - ok
22:25:25.0250 3536  [ 937091E40652C6B1B6C1A71EB90C08E1 ] C:\WINDOWS\system32\mshtml.dll
22:25:25.0250 3536  C:\WINDOWS\system32\mshtml.dll - ok
22:25:25.0250 3536  [ ED6463919045F584C9696D4876F65DDE ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
22:25:25.0250 3536  C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - ok
22:25:25.0250 3536  [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll
22:25:25.0250 3536  C:\WINDOWS\system32\mmcshext.dll - ok
22:25:25.0250 3536  [ AD739DC6E2EFB5F55F181A3EF54A206E ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
22:25:25.0250 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll - ok
22:25:25.0250 3536  [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
22:25:25.0250 3536  C:\WINDOWS\system32\hhsetup.dll - ok
22:25:25.0250 3536  [ 08C8FD7B2F760CC6A1D25279DD6BBDA0 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
22:25:25.0250 3536  C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll - ok
22:25:25.0265 3536  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
22:25:25.0265 3536  C:\WINDOWS\system32\msls31.dll - ok
22:25:25.0265 3536  ============================================================
22:25:25.0265 3536  Scan finished
22:25:25.0265 3536  ============================================================
22:25:25.0375 3476  Detected object count: 9
22:25:25.0375 3476  Actual detected object count: 9
22:26:19.0281 3476  ASNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  ASNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  mi-raysat_3dsmax8 ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  mi-raysat_3dsmax8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  tapoas ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  tapoas ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:19.0281 3476  vpn-x ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:19.0281 3476  vpn-x ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:45.0875 2176  Deinitialize success
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 16 March 2013 - 12:39 AM

Hello


Did you run the MBAR program?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 16 March 2013 - 12:55 AM

Update:

 

mbar returned "no cleanup required".  It found nothing at all & generated no log.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 AM

Posted 16 March 2013 - 12:57 AM


Hello tichris08

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
  • Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tichris08

tichris08
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 16 March 2013 - 01:31 AM

OTL logfile created on: 3/15/2013 11:20:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\leegnd\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 48.34% Memory free
4.34 Gb Paging File | 3.22 Gb Available in Paging File | 74.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 182.41 Gb Free Space | 39.17% Space Free | Partition Type: NTFS
 
Computer Name: HOMER | User Name: leegnd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\leegnd\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\tixati\tixati.exe (Tixati Software Inc.)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll ()
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Program Files\Mozilla\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\Git\git-cheetah\git_shell_ext.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\7-Zip\7-zip.dll ()
MOD - C:\Program Files\ATI Multimedia\RemCtrl\Plug-Ins\WMP10.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AresChatServer) -- C:\Program Files\Ares\chatServer.exe File not found
SRV - (vToolbarUpdater14.0.1) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe (SiSoftware)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (msvsmon80) -- C:\Program Files\VisualStudio\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax8) -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe ()
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (dsNcAdpt) -- system32\DRIVERS\dsNcAdpt.sys File not found
DRV - (cpuz130) -- C:\DOCUME~1\leegnd\LOCALS~1\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (cpuz126) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\leegnd\LOCALS~1\Temp\catchme.sys File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (TrojanKillerDriver) -- C:\WINDOWS\system32\drivers\gtkdrv.sys (Windows ® Win 7 DDK provider)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (tapoas) -- C:\WINDOWS\system32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (BazisVirtualCDBus) -- C:\WINDOWS\system32\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x86\sandra.sys (SiSoftware)
DRV - (vpn-x) -- C:\WINDOWS\system32\drivers\vpn-x.sys (BirdsSoft)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (sepdrv) -- C:\WINDOWS\system32\drivers\sepdrv.sys (Intel Corporation)
DRV - (Si3531) -- C:\WINDOWS\system32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ATI Remote Wonder II) -- C:\WINDOWS\system32\drivers\atirwvd.sys (Jungo)
DRV - (ASNDIS5) -- C:\WINDOWS\system32\ASNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (QCEmerald) -- C:\WINDOWS\system32\drivers\OVCE.sys (Microsoft Corporation)
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\SearchScopes\{39888CB7-AF5F-459B-892A-471DC1B0700C}: "URL" = http://search.avg.com/route/?d=4e1b8c4c&v=7.5.30.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\SearchScopes\{45AFCF10-4F70-4591-BF04-15775C1DEE5C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = http://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\SearchScopes\{829B4FCC-68D7-44FE-954F-DFC5EEBEE9F6}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981&CUI=UN30841078917613923&UM=2
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-220523388-1284227242-839522115-1006\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={D9021910-EBAF-406A-9F0E-3A86D417C71E}&mid=55c999d6e22c47d18131d156fae57592-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=pr&d=&v=&pid=safeguard&sg=&sap=hp"
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6
FF - prefs.js..extensions.enabledAddons: %7Bc07d1a49-9894-49ff-a594-38960ede8fb9%7D:3.1.10
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.37
FF - prefs.js..extensions.enabledAddons: xovawoqwdp%40xovawoqwdp.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.0.0.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/25 01:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14 [2013/03/15 20:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla\components [2013/03/15 00:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2013/03/07 18:15:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.7\extensions\\Components: C:\Program Files\Sunbird\components [2008/11/03 01:15:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.7\extensions\\Plugins: C:\Program Files\Sunbird\plugins [2013/02/20 16:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/03/11 23:28:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Thunderbird\plugins [2013/02/20 16:52:52 | 000,000,000 | ---D | M]
 
[2011/07/29 23:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Extensions
[2010/01/26 02:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/29 23:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2013/03/15 00:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions
[2013/03/14 01:20:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/01 05:22:13 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2008/01/09 17:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Sunbird\Profiles\ibqyy7p4.default\extensions
[2013/02/23 01:03:01 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\firebug@software.joehewitt.com.xpi
[2013/02/05 23:23:34 | 000,218,916 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\info@priceblink.com.xpi
[2012/12/29 03:17:53 | 000,140,594 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\jid0-oAHk5XD3Or7eTCnXcCnyFvEfNqo@jetpack.xpi
[2011/08/12 18:18:25 | 000,246,802 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\lazarus@interclue.com.xpi
[2006/02/28 05:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\xovawoqwdp@xovawoqwdp.org.xpi
[2012/12/18 01:12:53 | 000,222,578 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2012/07/31 23:28:02 | 000,447,304 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2013/02/13 22:41:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/29 00:13:20 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\leegnd\Application Data\Mozilla\Firefox\Profiles\gauggt9v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/03/15 20:59:45 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\14.0.0.14
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Documents and Settings\leegnd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/03/15 21:27:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-21-220523388-1284227242-839522115-1003..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE (ATI Technologies Inc.)
O4 - HKLM..\RunOnce: [Z1] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-220523388-1284227242-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-220523388-1284227242-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02015947-FA6C-4502-B42C-5A916A5EE266}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5195F07D-410D-4E91-81B9-1506BF84CD64}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\leegnd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\leegnd\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/30 09:14:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/15 22:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Desktop\mbar
[2013/03/15 22:21:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\leegnd\Recent
[2013/03/15 21:59:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/15 21:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Desktop\downloads
[2013/03/15 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Application Data\tixati
[2013/03/15 21:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Start Menu\Programs\Tixati
[2013/03/15 21:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\tixati
[2013/03/15 21:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/03/15 21:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Application Data\AVG2013
[2013/03/15 20:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Application Data\TuneUp Software
[2013/03/15 20:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/15 20:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/03/15 20:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Application Data\AVG SafeGuard toolbar
[2013/03/15 20:59:39 | 000,031,576 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/03/15 20:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/03/15 20:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/03/15 20:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG SafeGuard toolbar
[2013/03/15 20:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/03/15 20:55:51 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/03/15 20:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Local Settings\Application Data\Avg2013
[2013/03/15 20:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Local Settings\Application Data\MFAData
[2013/03/15 20:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Desktop\RK_Quarantine
[2013/03/15 01:26:27 | 002,721,168 | ---- | C] (Microsoft Corporation) -- C:\Windows7-USB-DVD-tool.exe
[2013/03/15 00:43:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\leegnd\Desktop\dds.com
[2013/03/15 00:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Local Settings\Application Data\CRE
[2013/03/14 23:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/14 23:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Local Settings\Application Data\NPE
[2013/03/14 23:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/03/14 01:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/03/14 01:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/03/14 01:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Max Spyware Detector
[2013/03/14 01:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Max Secure
[2013/03/14 01:08:31 | 172,609,888 | ---- | C] (Max Secure Software                                         ) -- C:\Documents and Settings\leegnd\Desktop\maxspywaredetectorM.exe
[2013/03/14 00:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\leegnd\Local Settings\Application Data\Max Secure Software
[2013/03/13 22:18:07 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/03/13 21:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/13 21:55:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/13 21:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/13 21:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GridinSoft Trojan Killer
[2013/03/13 21:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013/03/13 19:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/13 19:34:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/13 01:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2013/03/12 01:27:29 | 005,040,250 | R--- | C] (Swearware) -- C:\Documents and Settings\leegnd\Desktop\ComboFix.exe
[2013/03/12 01:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/03/11 23:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/03/07 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla
[2013/03/06 18:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/03/01 10:32:20 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/02/26 23:40:46 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/02/26 23:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Git
[2013/02/26 23:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2013/02/14 03:52:46 | 000,182,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/05/17 15:20:39 | 001,222,144 | ---- | C] (LostSunglasses Software) -- C:\Program Files\PerlIDE.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/15 23:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/15 22:30:21 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/15 22:28:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/15 22:24:36 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/15 22:23:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/15 22:23:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/15 22:22:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/03/15 22:22:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/03/15 22:18:14 | 011,636,736 | ---- | M] () -- C:\Documents and Settings\leegnd\Application Data\Sandra.mdb
[2013/03/15 21:54:39 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\leegnd\Desktop\Tixati.lnk
[2013/03/15 21:27:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/15 20:59:54 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/15 20:59:07 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/03/15 20:53:50 | 005,040,250 | R--- | M] (Swearware) -- C:\Documents and Settings\leegnd\Desktop\ComboFix.exe
[2013/03/15 01:26:22 | 002,721,168 | ---- | M] (Microsoft Corporation) -- C:\Windows7-USB-DVD-tool.exe
[2013/03/15 00:43:13 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\leegnd\Desktop\dds.com
[2013/03/15 00:13:20 | 000,449,043 | ---- | M] () -- C:\Documents and Settings\leegnd\Desktop\RegSeeker.zip
[2013/03/15 00:09:33 | 000,280,492 | ---- | M] () -- C:\Documents and Settings\leegnd\My Documents\cc_20130315_000925.reg
[2013/03/15 00:05:47 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/14 23:31:44 | 000,006,543 | ---- | M] () -- C:\Documents and Settings\leegnd\My Documents\attach.zip
[2013/03/14 23:22:17 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013/03/14 20:04:33 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/14 01:46:47 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/03/14 01:46:47 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/03/14 01:21:10 | 000,473,334 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/14 01:21:10 | 000,076,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/14 01:16:43 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/14 01:08:52 | 172,609,888 | ---- | M] (Max Secure Software                                         ) -- C:\Documents and Settings\leegnd\Desktop\maxspywaredetectorM.exe
[2013/03/13 22:18:01 | 000,256,904 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/03/13 21:55:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/13 21:50:52 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2013/03/13 19:41:40 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\leegnd\Desktop\HiJackThis.lnk
[2013/03/12 23:28:24 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 23:28:24 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/06 22:05:05 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\leegnd\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/03/01 00:07:17 | 000,114,626 | ---- | M] () -- C:\green-lightbulb.jpg
[2013/02/28 23:17:41 | 000,005,233 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini
[2013/02/28 19:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/02/26 23:14:34 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\leegnd\.gitconfig
[2013/02/26 23:11:25 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\leegnd\Desktop\Git GUI.lnk
[2013/02/24 14:45:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/16 00:19:14 | 000,015,093 | ---- | M] () -- C:\Documents and Settings\leegnd\My Documents\Taxes-2014.gnumeric
[2013/02/16 00:15:10 | 000,015,038 | ---- | M] () -- C:\Documents and Settings\leegnd\My Documents\Taxes-2013.gnumeric
[2013/02/15 23:39:14 | 000,002,150 | ---- | M] () -- C:\estimatedpaid.gnumeric
[2013/02/15 00:16:15 | 000,003,440 | ---- | M] () -- C:\Budget.gnumeric
[2013/02/14 23:45:25 | 000,015,204 | ---- | M] () -- C:\Documents and Settings\leegnd\My Documents\Taxes-2012-Revised.gnumeric
[2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/15 22:30:21 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/15 21:54:39 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\leegnd\Desktop\Tixati.lnk
[2013/03/15 20:59:54 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/15 00:13:19 | 000,449,043 | ---- | C] () -- C:\Documents and Settings\leegnd\Desktop\RegSeeker.zip
[2013/03/15 00:09:29 | 000,280,492 | ---- | C] () -- C:\Documents and Settings\leegnd\My Documents\cc_20130315_000925.reg
[2013/03/15 00:05:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/14 23:31:43 | 000,006,543 | ---- | C] () -- C:\Documents and Settings\leegnd\My Documents\attach.zip
[2013/03/14 01:46:47 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/03/14 01:46:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/03/13 21:55:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/13 21:50:52 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2013/03/06 18:27:08 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\leegnd\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/06 18:27:08 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/01 00:07:16 | 000,114,626 | ---- | C] () -- C:\green-lightbulb.jpg
[2013/02/28 23:20:43 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\leegnd\Desktop\Git GUI.lnk
[2013/02/26 23:14:34 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\leegnd\.gitconfig
[2013/02/16 00:19:14 | 000,015,093 | ---- | C] () -- C:\Documents and Settings\leegnd\My Documents\Taxes-2014.gnumeric
[2013/02/16 00:15:10 | 000,015,038 | ---- | C] () -- C:\Documents and Settings\leegnd\My Documents\Taxes-2013.gnumeric
[2013/02/15 23:39:14 | 000,002,150 | ---- | C] () -- C:\estimatedpaid.gnumeric
[2013/02/15 00:16:15 | 000,003,440 | ---- | C] () -- C:\Budget.gnumeric
[2013/02/14 23:45:25 | 000,015,204 | ---- | C] () -- C:\Documents and Settings\leegnd\My Documents\Taxes-2012-Revised.gnumeric
[2013/02/12 21:00:35 | 000,150,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/21 01:25:53 | 011,636,736 | ---- | C] () -- C:\Documents and Settings\leegnd\Application Data\Sandra.mdb
[2013/01/18 22:50:08 | 000,005,233 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini
[2012/02/16 16:59:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 18:27:05 | 002,012,535 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1284227242-839522115-1003-0.dat
[2012/01/16 18:27:02 | 000,252,634 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/16 15:57:42 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/08/03 23:48:43 | 001,068,782 | ---- | C] () -- C:\Documents and Settings\leegnd\PipePlan.svg
[2011/07/11 07:08:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/11 07:08:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/11 07:08:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/11 07:08:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/11 07:08:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/11 04:22:01 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\leegnd\Local Settings\Application Data\housecall.guid.cache
[2011/07/10 03:17:15 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2010/12/21 02:59:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\leegnd\Application Data\MPQEditor.ini
[2010/06/12 02:24:53 | 000,011,176 | ---- | C] () -- C:\Documents and Settings\leegnd\gsview32.ini
[2009/08/31 02:04:13 | 001,828,950 | ---- | C] () -- C:\Documents and Settings\leegnd\Love2.png
[2009/08/31 02:03:01 | 002,524,012 | ---- | C] () -- C:\Documents and Settings\leegnd\Love1.png
[2009/08/30 03:14:54 | 000,029,940 | ---- | C] () -- C:\Documents and Settings\leegnd\Love2.svg
[2009/08/30 03:14:51 | 000,052,531 | ---- | C] () -- C:\Documents and Settings\leegnd\Love1.svg
[2009/08/29 17:02:15 | 000,043,162 | ---- | C] () -- C:\Documents and Settings\leegnd\Love.svg
[2009/08/29 17:02:05 | 000,000,366 | ---- | C] () -- C:\Documents and Settings\leegnd\Love.eps
[2009/08/29 16:59:55 | 000,006,854 | ---- | C] () -- C:\Documents and Settings\leegnd\New document 1.2009_08_29_16_59_55.0
[2009/07/01 23:50:03 | 000,005,992 | ---- | C] () -- C:\Documents and Settings\leegnd\Untitled3_MAS.bak
[2008/12/30 03:05:22 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\leegnd\Application Data\PnkBstrK.sys
[2008/12/20 00:25:29 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\leegnd\.ssid
[2008/11/16 22:06:27 | 000,003,896 | ---- | C] () -- C:\Documents and Settings\leegnd\Untitled6_MAS.bak
[2008/11/16 15:27:55 | 000,005,543 | ---- | C] () -- C:\Documents and Settings\leegnd\Untitled4_MAS.bak
[2008/11/16 14:53:06 | 000,001,273 | ---- | C] () -- C:\Documents and Settings\leegnd\Untitled2_MAS.bak
[2008/07/17 18:48:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\leegnd\Local Settings\Application Data\PUTTY.RND
[2008/05/17 15:20:47 | 000,008,725 | ---- | C] () -- C:\Program Files\PerlIDE.ini
[2008/05/03 14:29:58 | 000,004,817 | ---- | C] () -- C:\Documents and Settings\leegnd\Untitled1_MAS.bak
[2008/03/01 15:15:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\leegnd\PUTTY.RND
[2008/02/06 23:55:09 | 000,004,382 | ---- | C] () -- C:\Documents and Settings\leegnd\Untitled0_MAS.bak
[2008/02/06 23:55:09 | 000,003,424 | ---- | C] () -- C:\Documents and Settings\leegnd\Maple9.5.ini
[2007/12/20 21:23:51 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\leegnd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/28 22:17:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/19 14:07:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\leegnd\.gtk-bookmarks
[2007/10/19 14:06:55 | 000,160,670 | ---- | C] () -- C:\Documents and Settings\leegnd\.fonts.cache-1
[2007/10/05 17:25:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\leegnd\.gtkrc-2.0
[2007/10/01 04:20:32 | 000,000,437 | ---- | C] () -- C:\Documents and Settings\leegnd\Application Data\SamsungLiveUpdateConfig.ini
 
========== ZeroAccess Check ==========
 
[2007/09/30 09:39:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users