Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have/Had Trojan.0Access, can reinstall MSSE...


  • This topic is locked This topic is locked
98 replies to this topic

#1 Richard14

Richard14

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 11 May 2013 - 09:26 PM

Original topic was here:

 

http://www.bleepingcomputer.com/forums/t/494163/msse-seems-to-have-disappeared/#entry3047438

 

 

I think I was able to remove the infected Microsoft Security Essenials, but I can't re-install it, and I am still worried about the original infection.

 

I am leaving the infected PC off for now, and am posting from a laptop.

 

Thanks for the help.

 

Here is the DDS log.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.17.2
Run by Richard at 19:14:33 on 2013-05-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2352 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080410
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080410
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{EEF195D4-F0C3-4080-9549-49A59BFEE100} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-17 21504]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 NisSrv;Microsoft Network Inspection;"c:\program files\microsoft security client\nissrv.exe" --> c:\program files\microsoft security client\NisSrv.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-6-7 19968]
S4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-4 464256]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
S4 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
S4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-7-16 548264]
S4 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-14 370504]
.
=============== Created Last 30 ================
.
2013-05-11 23:02:04 -------- d-----w- c:\windows\pss
2013-05-11 15:44:01 -------- d-----w- C:\MATS
2013-05-11 15:39:15 -------- d-----w- c:\users\richard\appdata\local\ElevatedDiagnostics
2013-05-10 02:36:28 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a6b2dad7-978b-416f-ade2-e56946b8a1cf}\mpengine.dll
2013-05-08 22:48:42 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-23 15:46:06 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ec4a4020-6c5d-404e-91b1-68ace478a750}\gapaengine.dll
2013-04-14 15:04:31 -------- d-----w- c:\program files\DVD Shrink
2013-04-14 14:28:26 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-04-14 14:28:26 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2013-04-14 14:28:26 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2013-04-14 14:28:26 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-04-14 14:28:25 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-04-14 14:28:25 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2013-04-14 14:28:25 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2013-04-14 14:28:25 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-04-14 14:28:25 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-04-14 14:28:24 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
.
==================== Find3M  ====================
.
2013-05-10 02:27:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-10 02:27:08 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-15 05:46:27 2539128 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 05:46:27 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2013-03-15 02:59:30 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 02:59:30 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-03-15 02:59:27 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 02:59:26 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 02:59:26 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-13 00:09:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 00:09:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-13 00:09:48 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 00:09:05 0 ----a-w- c:\windows\system32\RENEF1E.tmp
2013-03-13 00:09:05 0 ----a-w- c:\windows\system32\RENEF1D.tmp
2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-05 01:40:56 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-21 20:34:27 0 ----a-w- c:\windows\system32\RENC45E.tmp
2013-02-21 20:34:27 0 ----a-w- c:\windows\system32\RENC45D.tmp
2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 19:17:18.13 ===============

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 11 May 2013 - 11:48 PM

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 12 May 2013 - 08:09 AM

Thankyou for the fast help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01
Ran by Richard (administrator) on 12-05-2013 05:55:04
Running from C:\Users\Richard\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Farbar) C:\Users\Richard\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Winlogon: [System]
MountPoints2: {c2c27d28-b369-11e2-b1bf-001d0931b4e7} - G:\HTC_Sync_Manager_PC.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080410
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080410
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
PDF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
PDF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
PDF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
PDF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [19968] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Richard\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Richard\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Richard\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Richard\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Richard\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Unity Player) - C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\Richard\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S4 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
S4 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
S4 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe [548264 2012-07-16] (Splashtop Inc.)
S4 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-14] (Splashtop Inc.)
S4 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] ()
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-12 05:54 - 2013-05-12 05:54 - 00000000 ____D C:\FRST
2013-05-12 05:54 - 2013-05-12 05:52 - 01315919 ____A (Farbar) C:\Users\Richard\Desktop\FRST.exe
2013-05-11 19:20 - 2013-05-11 19:20 - 00008476 ____A C:\Users\Richard\Desktop\attach.txt
2013-05-11 19:20 - 2013-05-11 19:17 - 00010781 ____A C:\Users\Richard\Desktop\dds.txt
2013-05-11 19:14 - 2013-05-11 19:13 - 00688992 ____R (Swearware) C:\Users\Richard\Desktop\dds.com
2013-05-11 16:02 - 2013-05-11 16:02 - 00000000 ____D C:\Windows\pss
2013-05-11 08:44 - 2013-05-11 08:44 - 00000000 ____D C:\MATS
2013-05-11 08:35 - 2013-05-11 08:35 - 00000000 ____D C:\Users\Richard\Desktop\Fix it portable
2013-05-11 07:01 - 2013-05-10 20:51 - 00890825 ____A C:\Users\Richard\Desktop\SecurityCheck.exe
2013-05-09 19:44 - 2013-05-09 19:47 - 00000000 ____D C:\Users\Richard\Desktop\Italian
2013-05-07 17:29 - 2013-05-07 17:29 - 00018216 ____A C:\Users\Richard\Documents\AC Fish.odt
2013-05-02 20:06 - 2013-05-02 20:05 - 00001536 ____A C:\Users\Richard\Desktop\backup.bak
2013-05-02 12:57 - 2013-05-02 12:57 - 09338076 ____A C:\Users\Richard\Downloads\AmazonApps-release.apk
2013-04-14 08:04 - 2013-04-14 08:04 - 00000000 ____D C:\Program Files\DVD Shrink
2013-04-14 07:28 - 2013-05-02 19:43 - 00001626 ____A C:\Windows\setupact.log
2013-04-14 07:28 - 2013-04-14 07:28 - 00000000 ____A C:\Windows\setuperr.log
2013-04-14 07:28 - 2013-03-14 22:46 - 20542752 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 17560352 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 13088000 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 08952608 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-04-14 07:28 - 2013-03-14 22:46 - 07959000 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 06271872 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 02728736 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 01995552 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 01012512 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco3231422.dll
2013-04-14 07:28 - 2013-03-14 22:46 - 00892704 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco3231422.dll
2013-04-13 08:10 - 2013-02-21 21:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-13 08:10 - 2013-02-21 20:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-13 08:10 - 2013-02-21 20:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-13 08:10 - 2013-02-21 20:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-13 08:10 - 2013-02-21 20:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-13 08:10 - 2013-02-21 20:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-13 08:10 - 2013-02-21 20:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-13 08:10 - 2013-02-21 20:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-13 08:10 - 2013-02-21 20:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-13 08:10 - 2013-02-21 20:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-13 08:10 - 2013-02-21 20:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-13 08:10 - 2013-02-21 20:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-13 08:10 - 2013-02-21 20:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-13 08:10 - 2013-02-21 20:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-13 08:10 - 2013-02-21 20:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-13 08:10 - 2013-02-21 20:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

==================== One Month Modified Files and Folders ========

2013-05-12 05:54 - 2013-05-12 05:54 - 00000000 ____D C:\FRST
2013-05-12 05:54 - 2008-04-10 02:23 - 01722594 ____A C:\Windows\WindowsUpdate.log
2013-05-12 05:52 - 2013-05-12 05:54 - 01315919 ____A (Farbar) C:\Users\Richard\Desktop\FRST.exe
2013-05-12 05:50 - 2009-12-29 18:46 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-12 05:49 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-12 05:49 - 2006-11-02 05:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-12 05:49 - 2006-11-02 05:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-11 19:22 - 2006-11-02 06:01 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-11 19:20 - 2013-05-11 19:20 - 00008476 ____A C:\Users\Richard\Desktop\attach.txt
2013-05-11 19:17 - 2013-05-11 19:20 - 00010781 ____A C:\Users\Richard\Desktop\dds.txt
2013-05-11 19:13 - 2013-05-11 19:14 - 00688992 ____R (Swearware) C:\Users\Richard\Desktop\dds.com
2013-05-11 19:12 - 2013-03-31 07:37 - 00010660 ____A C:\Windows\PFRO.log
2013-05-11 17:11 - 2009-12-29 18:46 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-11 16:37 - 2009-06-29 13:05 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000UA.job
2013-05-11 16:06 - 2011-01-25 15:25 - 00002150 ____A C:\Windows\epplauncher.mif
2013-05-11 16:05 - 2011-01-25 15:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-11 16:02 - 2013-05-11 16:02 - 00000000 ____D C:\Windows\pss
2013-05-11 15:58 - 2012-07-12 20:27 - 00000000 ____D C:\Program Files\Steam
2013-05-11 08:44 - 2013-05-11 08:44 - 00000000 ____D C:\MATS
2013-05-11 08:35 - 2013-05-11 08:35 - 00000000 ____D C:\Users\Richard\Desktop\Fix it portable
2013-05-11 07:03 - 2006-11-02 03:33 - 00769662 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-10 22:06 - 2009-06-08 10:46 - 00000000 ____D C:\Windows\Minidump
2013-05-10 20:51 - 2013-05-11 07:01 - 00890825 ____A C:\Users\Richard\Desktop\SecurityCheck.exe
2013-05-10 17:37 - 2009-06-29 13:05 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000Core.job
2013-05-10 11:25 - 2009-03-23 21:32 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2013-05-09 19:47 - 2013-05-09 19:44 - 00000000 ____D C:\Users\Richard\Desktop\Italian
2013-05-09 19:31 - 2009-08-09 12:05 - 00000000 ____D C:\audiograbber
2013-05-09 19:28 - 2008-04-10 02:34 - 00000000 ____D C:\ProgramData\Adobe
2013-05-09 19:27 - 2012-04-14 07:43 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-09 19:27 - 2011-07-04 22:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-07 17:29 - 2013-05-07 17:29 - 00018216 ____A C:\Users\Richard\Documents\AC Fish.odt
2013-05-07 13:35 - 2012-07-12 20:27 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-05-06 21:18 - 2009-01-24 15:40 - 00000000 ____D C:\Users\Richard\Desktop\XNEWS
2013-05-03 12:51 - 2009-01-24 20:15 - 00000000 ____D C:\Users\Richard\AppData\Local\QuickPar
2013-05-02 20:05 - 2013-05-02 20:06 - 00001536 ____A C:\Users\Richard\Desktop\backup.bak
2013-05-02 19:43 - 2013-04-14 07:28 - 00001626 ____A C:\Windows\setupact.log
2013-05-02 19:41 - 2012-07-18 13:38 - 00000000 ___RD C:\Users\Richard\Dropbox
2013-05-02 19:41 - 2012-07-18 13:35 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Dropbox
2013-05-02 12:57 - 2013-05-02 12:57 - 09338076 ____A C:\Users\Richard\Downloads\AmazonApps-release.apk
2013-05-02 08:28 - 2009-09-30 19:19 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 21:45 - 2012-07-10 19:05 - 00000000 ____D C:\Users\Richard\Documents\My Kindle Content
2013-04-30 16:21 - 2010-05-14 22:00 - 00000000 ____D C:\ProgramData\StaxRip
2013-04-28 19:49 - 2009-09-23 18:29 - 00000000 ____D C:\Program Files\The Treasures Of Montezuma
2013-04-22 17:49 - 2012-10-15 14:05 - 00000017 ____A C:\Users\Richard\Desktop\turnips.txt
2013-04-14 08:05 - 2009-01-25 22:22 - 00000000 ____D C:\ProgramData\DVD Shrink
2013-04-14 08:04 - 2013-04-14 08:04 - 00000000 ____D C:\Program Files\DVD Shrink
2013-04-14 07:31 - 2009-01-14 17:37 - 00000000 ___AD C:\users\Richard
2013-04-14 07:30 - 2009-01-14 17:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-04-14 07:29 - 2011-06-08 12:31 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-04-14 07:28 - 2013-04-14 07:28 - 00000000 ____A C:\Windows\setuperr.log
2013-04-13 11:49 - 2008-04-10 02:29 - 00000000 ____D C:\Windows\System32\Macromed
2013-04-13 08:21 - 2006-11-02 05:47 - 00313296 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-13 08:06 - 2006-11-02 03:24 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-137111657-3113389662-2625091050-1000\$2f4763a998ef9c37b7dd655b9b529f62

Other Malware:
===========
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-12 05:55

==================== End Of Log ============================

 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 12 May 2013 - 01:14 PM

You still have signs of an infection.

 

Download the enclosed file. [attachment=137562:fixlist.txt]

 

Save it next to FRST. Run FRST as you did before, except that this time around click on the Fix button and wait.

 

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

 

Restart the computer.

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

 

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.  
  • Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

 

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 12 May 2013 - 02:23 PM

As requested...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by Richard at 2013-05-12 11:42:28 Run:1
Running from C:\Users\Richard\Desktop
Boot Mode: Normal

==============================================

C:\$Recycle.Bin\S-1-5-21-137111657-3113389662-2625091050-1000\$2f4763a998ef9c37b7dd655b9b529f62 => Directory moved successfully.
C:\ProgramData\nvModes.dat => Moved successfully.

==== End of Fixlog ====

 

ComboFix log...

 

 

ComboFix 13-05-12.01 - Richard 05/12/2013  11:57:55.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2254 [GMT -7:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Richard\AppData\Roaming\.#
c:\users\Richard\AppData\Roaming\Island
c:\users\Richard\AppData\Roaming\Island\space.rgt
c:\windows\COUPon~1.ocx
c:\windows\system32\socklink.txt
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-12 to 2013-05-12  )))))))))))))))))))))))))))))))
.
.
2013-05-12 19:04 . 2013-05-12 19:08 -------- d-----w- c:\users\Richard\AppData\Local\temp
2013-05-12 19:04 . 2013-05-12 19:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-12 19:04 . 2013-05-12 19:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-12 19:04 . 2013-05-12 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-12 12:54 . 2013-05-12 18:42 -------- d-----w- C:\FRST
2013-05-11 15:44 . 2013-05-11 15:44 -------- d-----w- C:\MATS
2013-05-11 15:39 . 2013-05-11 15:45 -------- d-----w- c:\users\Richard\AppData\Local\ElevatedDiagnostics
2013-05-10 02:36 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6B2DAD7-978B-416F-ADE2-E56946B8A1CF}\mpengine.dll
2013-05-08 22:48 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-23 15:46 . 2013-04-23 15:45 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC4A4020-6C5D-404E-91B1-68ACE478A750}\gapaengine.dll
2013-04-14 15:04 . 2013-04-14 15:04 -------- d-----w- c:\program files\DVD Shrink
2013-04-14 14:28 . 2013-03-15 05:46 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-04-14 14:28 . 2013-03-15 05:46 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2013-04-14 14:28 . 2013-03-15 05:46 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2013-04-14 14:28 . 2013-03-15 05:46 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-04-14 14:28 . 2013-03-15 05:46 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-04-14 14:28 . 2013-03-15 05:46 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2013-04-14 14:28 . 2013-03-15 05:46 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2013-04-14 14:28 . 2013-03-15 05:46 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-04-14 14:28 . 2013-03-15 05:46 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-04-14 14:28 . 2013-03-15 05:46 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-11 03:11 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 02:27 . 2012-04-14 14:43 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-10 02:27 . 2011-07-05 05:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2009-10-01 02:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-15 05:46 . 2012-10-11 05:14 2539128 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 05:46 . 2012-10-11 05:14 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2013-03-15 02:59 . 2009-05-01 07:07 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 02:59 . 2009-05-01 07:07 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-03-15 02:59 . 2009-05-01 07:07 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 02:59 . 2009-05-01 07:07 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 02:59 . 2009-05-01 07:07 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-13 00:09 . 2013-03-13 00:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 00:09 . 2012-05-18 04:39 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-13 00:09 . 2010-04-15 20:42 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 00:09 . 2013-03-13 00:09 0 ----a-w- c:\windows\system32\RENEF1E.tmp
2013-03-13 00:09 . 2013-03-13 00:09 0 ----a-w- c:\windows\system32\RENEF1D.tmp
2013-03-11 13:25 . 2013-04-10 16:17 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 16:17 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 16:17 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 16:17 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 16:17 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 16:17 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-05 01:40 . 2013-04-10 16:17 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-03-03 19:07 . 2013-04-10 16:17 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-21 20:34 . 2013-02-21 20:34 0 ----a-w- c:\windows\system32\RENC45E.tmp
2013-02-21 20:34 . 2013-02-21 20:34 0 ----a-w- c:\windows\system32\RENC45D.tmp
2013-02-12 01:57 . 2013-03-21 18:49 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UV Realtime.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UV Realtime.lnk
backup=c:\windows\pss\UV Realtime.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2010-10-12 21:56 979328 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000]
2011-04-24 18:01 219008 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_TATIHVA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXRCV]
2011-03-09 08:00 495616 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2011-03-09 08:00 856064 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-10 05:09 133104 ----atw- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-05-03 23:35 1635752 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2010-05-31 11:18 323976 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 15:44]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 01:46]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 01:46]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000Core.job
- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-10 05:09]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000UA.job
- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-10 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080410
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-55276750.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Blue's 123 Time Activities - c:\hegames\Blues123\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-12 12:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
   36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
   ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e,
   cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}"=hex:51,66,7a,6c,4c,1d,38,12,90,c2,7e,
   e5,06,32,9c,06,c8,42,b0,ed,17,83,bd,68
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:14,a5,fe,96,96,62,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,33,46,dc,16,b6,73,4e,90,39,71,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,33,46,dc,16,b6,73,4e,90,39,71,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4092)
c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-05-12  12:13:19 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-12 19:13
.
Pre-Run: 45,127,659,520 bytes free
Post-Run: 45,014,482,944 bytes free
.
- - End Of File - - 5F36F3AF3283C9A108F4DD0D9365B5FB
 

 

 

 

 



#6 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 12 May 2013 - 02:25 PM

TDSSKiller log  Part 1  (Got post too long error.)

 

11:49:24.0741 2524  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:49:25.0312 2524  ============================================================
11:49:25.0312 2524  Current date / time: 2013/05/12 11:49:25.0312
11:49:25.0312 2524  SystemInfo:
11:49:25.0312 2524 
11:49:25.0312 2524  OS Version: 6.0.6002 ServicePack: 2.0
11:49:25.0312 2524  Product type: Workstation
11:49:25.0312 2524  ComputerName: MAIN-PC
11:49:25.0312 2524  UserName: Richard
11:49:25.0312 2524  Windows directory: C:\Windows
11:49:25.0312 2524  System windows directory: C:\Windows
11:49:25.0312 2524  Processor architecture: Intel x86
11:49:25.0312 2524  Number of processors: 2
11:49:25.0312 2524  Page size: 0x1000
11:49:25.0312 2524  Boot type: Normal boot
11:49:25.0312 2524  ============================================================
11:49:25.0389 2524  BG loaded
11:49:25.0664 2524  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:49:25.0672 2524  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:49:25.0674 2524  Drive \Device\Harddisk2\DR2 - Size: 0x7DC00000 (1.96 Gb), SectorSize: 0x200, Cylinders: 0x100, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:49:25.0675 2524  ============================================================
11:49:25.0675 2524  \Device\Harddisk0\DR0:
11:49:25.0675 2524  MBR partitions:
11:49:25.0675 2524  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1E00000
11:49:25.0675 2524  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E18000, BlocksNum 0x23616000
11:49:25.0675 2524  \Device\Harddisk1\DR1:
11:49:25.0675 2524  MBR partitions:
11:49:25.0676 2524  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
11:49:25.0676 2524  \Device\Harddisk2\DR2:
11:49:25.0676 2524  MBR partitions:
11:49:25.0676 2524  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x100, BlocksNum 0x3EDF00
11:49:25.0676 2524  ============================================================
11:49:25.0791 2524  C: <-> \Device\Harddisk0\DR0\Partition2
11:49:25.0866 2524  D: <-> \Device\Harddisk0\DR0\Partition1
11:49:25.0904 2524  F: <-> \Device\Harddisk1\DR1\Partition1
11:49:25.0904 2524  ============================================================
11:49:25.0904 2524  Initialize success
11:49:25.0904 2524  ============================================================
11:49:33.0560 1772  ============================================================
11:49:33.0560 1772  Scan started
11:49:33.0560 1772  Mode: Manual; SigCheck; TDLFS;
11:49:33.0560 1772  ============================================================
11:49:33.0773 1772  ================ Scan system memory ========================
11:49:33.0774 1772  System memory - ok
11:49:33.0774 1772  ================ Scan services =============================
11:49:34.0149 1772  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:49:34.0211 1772  ACPI - ok
11:49:34.0316 1772  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:49:34.0344 1772  adp94xx - ok
11:49:34.0370 1772  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:49:34.0379 1772  adpahci - ok
11:49:34.0395 1772  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
11:49:34.0402 1772  adpu160m - ok
11:49:34.0422 1772  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:49:34.0430 1772  adpu320 - ok
11:49:34.0906 1772  [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
11:49:34.0918 1772  AdvancedSystemCareService6 - ok
11:49:34.0938 1772  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:49:34.0952 1772  AeLookupSvc - ok
11:49:34.0984 1772  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\DRIVERS\AFD.SYS
11:49:34.0995 1772  AFD - ok
11:49:35.0074 1772  [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:49:35.0081 1772  agp440 - ok
11:49:35.0130 1772  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:49:35.0137 1772  aic78xx - ok
11:49:35.0175 1772  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
11:49:35.0192 1772  ALG - ok
11:49:35.0219 1772  [ DC67A153FDB8105B25D05334B5E1D8E2 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:49:35.0226 1772  aliide - ok
11:49:35.0238 1772  [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:49:35.0245 1772  amdagp - ok
11:49:35.0261 1772  [ 835C4C3355088298A5EBD818FA31430F ] amdide          C:\Windows\system32\drivers\amdide.sys
11:49:35.0268 1772  amdide - ok
11:49:35.0325 1772  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
11:49:35.0352 1772  AmdK7 - ok
11:49:35.0368 1772  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:49:35.0396 1772  AmdK8 - ok
11:49:35.0410 1772  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
11:49:35.0419 1772  Appinfo - ok
11:49:35.0459 1772  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
11:49:35.0466 1772  arc - ok
11:49:35.0498 1772  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:49:35.0505 1772  arcsas - ok
11:49:35.0617 1772  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:49:35.0624 1772  aspnet_state - ok
11:49:35.0664 1772  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:49:35.0679 1772  AsyncMac - ok
11:49:35.0711 1772  [ 61CA2C1E145809813C28752298CF9843 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:49:35.0718 1772  atapi - ok
11:49:35.0797 1772  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:49:35.0811 1772  AudioEndpointBuilder - ok
11:49:35.0889 1772  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:49:35.0902 1772  Audiosrv - ok
11:49:35.0935 1772  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:49:35.0950 1772  Beep - ok
11:49:35.0988 1772  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
11:49:36.0004 1772  BFE - ok
11:49:36.0083 1772  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
11:49:36.0104 1772  BITS - ok
11:49:36.0107 1772  blbdrive - ok
11:49:36.0252 1772  [ A065F048E9E23E6C026A7BB548D126A7 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:49:36.0262 1772  Bonjour Service - ok
11:49:36.0288 1772  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:49:36.0296 1772  bowser - ok
11:49:36.0315 1772  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
11:49:36.0327 1772  BrFiltLo - ok
11:49:36.0350 1772  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
11:49:36.0362 1772  BrFiltUp - ok
11:49:36.0402 1772  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
11:49:36.0418 1772  Browser - ok
11:49:36.0446 1772  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
11:49:36.0474 1772  Brserid - ok
11:49:36.0489 1772  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
11:49:36.0517 1772  BrSerWdm - ok
11:49:36.0540 1772  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
11:49:36.0568 1772  BrUsbMdm - ok
11:49:36.0587 1772  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
11:49:36.0614 1772  BrUsbSer - ok
11:49:36.0632 1772  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:49:36.0660 1772  BTHMODEM - ok
11:49:36.0712 1772  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:49:36.0728 1772  cdfs - ok
11:49:36.0772 1772  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:49:36.0784 1772  cdrom - ok
11:49:36.0818 1772  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:49:36.0830 1772  CertPropSvc - ok
11:49:36.0870 1772  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:49:36.0898 1772  circlass - ok
11:49:36.0968 1772  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
11:49:36.0978 1772  CLFS - ok
11:49:37.0031 1772  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:49:37.0038 1772  clr_optimization_v2.0.50727_32 - ok
11:49:37.0082 1772  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:49:37.0089 1772  clr_optimization_v4.0.30319_32 - ok
11:49:37.0117 1772  [ E79CBB2195E965F6E3256E2C1B23FD1C ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:49:37.0124 1772  cmdide - ok
11:49:37.0155 1772  [ 722936AFB75A7F509662B69B5632F48A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:49:37.0162 1772  Compbatt - ok
11:49:37.0189 1772  COMSysApp - ok
11:49:37.0197 1772  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:49:37.0204 1772  crcdisk - ok
11:49:37.0219 1772  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
11:49:37.0247 1772  Crusoe - ok
11:49:37.0304 1772  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:49:37.0314 1772  CryptSvc - ok
11:49:37.0440 1772  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:49:37.0485 1772  DcomLaunch - ok
11:49:37.0515 1772  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:49:37.0523 1772  DfsC - ok
11:49:37.0633 1772  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
11:49:37.0666 1772  DFSR - ok
11:49:37.0754 1772  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
11:49:37.0768 1772  Dhcp - ok
11:49:37.0819 1772  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
11:49:37.0827 1772  disk - ok
11:49:37.0875 1772  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:49:37.0884 1772  Dnscache - ok
11:49:37.0988 1772  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:49:38.0002 1772  dot3svc - ok
11:49:38.0047 1772  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
11:49:38.0064 1772  Dot4 - ok
11:49:38.0108 1772  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:49:38.0123 1772  Dot4Print - ok
11:49:38.0172 1772  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
11:49:38.0188 1772  dot4usb - ok
11:49:38.0263 1772  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
11:49:38.0279 1772  DPS - ok
11:49:38.0326 1772  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:49:38.0338 1772  drmkaud - ok
11:49:38.0517 1772  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:49:38.0534 1772  DXGKrnl - ok
11:49:38.0596 1772  [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
11:49:38.0608 1772  e1express - ok
11:49:38.0640 1772  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:49:38.0668 1772  E1G60 - ok
11:49:38.0671 1772  EagleXNt - ok
11:49:38.0722 1772  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
11:49:38.0734 1772  EapHost - ok
11:49:38.0806 1772  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
11:49:38.0815 1772  Ecache - ok
11:49:38.0900 1772  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:49:38.0908 1772  ehRecvr - ok
11:49:38.0958 1772  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
11:49:38.0965 1772  ehSched - ok
11:49:39.0030 1772  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
11:49:39.0036 1772  ehstart - ok
11:49:39.0153 1772  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:49:39.0162 1772  elxstor - ok
11:49:39.0221 1772  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
11:49:39.0235 1772  EMDMgmt - ok
11:49:39.0274 1772  [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
11:49:39.0292 1772  EpsonCustomerParticipation - ok
11:49:39.0386 1772  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
11:49:39.0400 1772  EventSystem - ok
11:49:39.0450 1772  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
11:49:39.0458 1772  exfat - ok
11:49:39.0533 1772  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:49:39.0546 1772  fastfat - ok
11:49:39.0578 1772  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:49:39.0606 1772  fdc - ok
11:49:39.0669 1772  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:49:39.0685 1772  fdPHost - ok
11:49:39.0758 1772  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:49:39.0785 1772  FDResPub - ok
11:49:39.0860 1772  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:49:39.0868 1772  FileInfo - ok
11:49:39.0901 1772  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:49:39.0919 1772  Filetrace - ok
11:49:39.0953 1772  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:49:39.0980 1772  flpydisk - ok
11:49:40.0056 1772  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:49:40.0065 1772  FltMgr - ok
11:49:40.0188 1772  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
11:49:40.0205 1772  FontCache - ok
11:49:40.0269 1772  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:49:40.0276 1772  FontCache3.0.0.0 - ok
11:49:40.0299 1772  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:49:40.0307 1772  Fs_Rec - ok
11:49:40.0324 1772  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:49:40.0331 1772  gagp30kx - ok
11:49:40.0408 1772  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:49:40.0425 1772  gpsvc - ok
11:49:40.0539 1772  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:49:40.0545 1772  gupdate - ok
11:49:40.0581 1772  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:49:40.0587 1772  gupdatem - ok
11:49:40.0666 1772  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:49:40.0673 1772  gusvc - ok
11:49:40.0749 1772  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:49:40.0767 1772  HDAudBus - ok
11:49:40.0789 1772  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:49:40.0816 1772  HidBth - ok
11:49:40.0833 1772  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:49:40.0861 1772  HidIr - ok
11:49:40.0904 1772  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
11:49:40.0913 1772  hidserv - ok
11:49:40.0943 1772  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:49:40.0954 1772  HidUsb - ok
11:49:40.0976 1772  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:49:40.0992 1772  hkmsvc - ok
11:49:41.0026 1772  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
11:49:41.0033 1772  HpCISSs - ok
11:49:41.0069 1772  [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:49:41.0077 1772  HTCAND32 - ok
11:49:41.0131 1772  [ 52395A94C127C0266D1C0F3CCE8A4345 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
11:49:41.0137 1772  htcnprot - ok
11:49:41.0168 1772  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:49:41.0190 1772  HTTP - ok
11:49:41.0208 1772  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
11:49:41.0215 1772  i2omp - ok
11:49:41.0259 1772  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:49:41.0272 1772  i8042prt - ok
11:49:41.0400 1772  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:49:41.0417 1772  IAANTMON - ok
11:49:41.0489 1772  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\IASTOR.SYS
11:49:41.0497 1772  iaStor - ok
11:49:41.0515 1772  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
11:49:41.0524 1772  iaStorV - ok
11:49:41.0572 1772  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:49:41.0575 1772  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:49:41.0575 1772  IDriverT - detected UnsignedFile.Multi.Generic (1)
11:49:41.0689 1772  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:49:41.0708 1772  idsvc - ok
11:49:41.0764 1772  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:49:41.0771 1772  iirsp - ok
11:49:41.0858 1772  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:49:41.0875 1772  IKEEXT - ok
11:49:41.0912 1772  [ 0084046C084D68E494F8CF36BCF08186 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:49:41.0919 1772  intelide - ok
11:49:41.0964 1772  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:49:41.0980 1772  intelppm - ok
11:49:42.0039 1772  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:49:42.0055 1772  IPBusEnum - ok
11:49:42.0097 1772  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:49:42.0113 1772  IpFilterDriver - ok
11:49:42.0175 1772  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:49:42.0184 1772  iphlpsvc - ok
11:49:42.0187 1772  IpInIp - ok
11:49:42.0211 1772  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
11:49:42.0239 1772  IPMIDRV - ok
11:49:42.0284 1772  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
11:49:42.0300 1772  IPNAT - ok
11:49:42.0342 1772  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:49:42.0357 1772  IRENUM - ok
11:49:42.0404 1772  [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:49:42.0411 1772  isapnp - ok
11:49:42.0473 1772  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:49:42.0482 1772  iScsiPrt - ok
11:49:42.0508 1772  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
11:49:42.0515 1772  iteatapi - ok
11:49:42.0541 1772  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
11:49:42.0548 1772  iteraid - ok
11:49:42.0582 1772  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:49:42.0590 1772  kbdclass - ok
11:49:42.0616 1772  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:49:42.0628 1772  kbdhid - ok
11:49:42.0649 1772  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
11:49:42.0657 1772  KeyIso - ok
11:49:42.0759 1772  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:49:42.0785 1772  KSecDD - ok
11:49:42.0814 1772  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:49:42.0834 1772  KtmRm - ok
11:49:42.0866 1772  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:49:42.0875 1772  LanmanServer - ok
11:49:42.0908 1772  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:49:42.0918 1772  LanmanWorkstation - ok
11:49:43.0047 1772  [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
11:49:43.0054 1772  LBTServ - ok
11:49:43.0100 1772  [ 70035567754BED4E6AD353CA3F175127 ] LEqdUsb         C:\Windows\system32\Drivers\LEqdUsb.Sys
11:49:43.0105 1772  LEqdUsb - ok
11:49:43.0158 1772  [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] LHidEqd         C:\Windows\system32\Drivers\LHidEqd.Sys
11:49:43.0163 1772  LHidEqd - ok
11:49:43.0207 1772  [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:49:43.0212 1772  LHidFilt - ok
11:49:43.0268 1772  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:49:43.0283 1772  lltdio - ok
11:49:43.0357 1772  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:49:43.0374 1772  lltdsvc - ok
11:49:43.0396 1772  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:49:43.0425 1772  lmhosts - ok
11:49:43.0440 1772  [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:49:43.0445 1772  LMouFilt - ok
11:49:43.0474 1772  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:49:43.0482 1772  LSI_FC - ok
11:49:43.0500 1772  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:49:43.0507 1772  LSI_SAS - ok
11:49:43.0529 1772  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:49:43.0536 1772  LSI_SCSI - ok
11:49:43.0570 1772  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
11:49:43.0586 1772  luafv - ok
11:49:43.0619 1772  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:49:43.0626 1772  Mcx2Svc - ok
11:49:43.0659 1772  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
11:49:43.0666 1772  megasas - ok
11:49:43.0677 1772  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
11:49:43.0693 1772  MMCSS - ok
11:49:43.0726 1772  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
11:49:43.0742 1772  Modem - ok
11:49:43.0780 1772  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:49:43.0795 1772  monitor - ok
11:49:43.0825 1772  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:49:43.0832 1772  mouclass - ok
11:49:43.0850 1772  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:49:43.0865 1772  mouhid - ok
11:49:43.0896 1772  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
11:49:43.0904 1772  MountMgr - ok
11:49:43.0940 1772  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:49:43.0947 1772  mpio - ok
11:49:43.0979 1772  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:49:43.0991 1772  mpsdrv - ok
11:49:44.0089 1772  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:49:44.0113 1772  MpsSvc - ok
11:49:44.0132 1772  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
11:49:44.0139 1772  Mraid35x - ok
11:49:44.0184 1772  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:49:44.0193 1772  MRxDAV - ok
11:49:44.0247 1772  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:49:44.0255 1772  mrxsmb - ok
11:49:44.0320 1772  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:49:44.0329 1772  mrxsmb10 - ok
11:49:44.0392 1772  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:49:44.0400 1772  mrxsmb20 - ok
11:49:44.0425 1772  [ D420BC42A637AC3CC4F411220549C0DC ] msahci          C:\Windows\system32\drivers\msahci.sys
11:49:44.0433 1772  msahci - ok
11:49:44.0450 1772  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:49:44.0458 1772  msdsm - ok
11:49:44.0489 1772  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
11:49:44.0506 1772  MSDTC - ok
11:49:44.0543 1772  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:49:44.0559 1772  Msfs - ok
11:49:44.0602 1772  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:49:44.0610 1772  msisadrv - ok
11:49:44.0636 1772  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:49:44.0653 1772  MSiSCSI - ok
11:49:44.0656 1772  msiserver - ok
11:49:44.0685 1772  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:49:44.0701 1772  MSKSSRV - ok
11:49:44.0722 1772  MsMpSvc - ok
11:49:44.0768 1772  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:49:44.0784 1772  MSPCLOCK - ok
11:49:44.0817 1772  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:49:44.0832 1772  MSPQM - ok
11:49:44.0894 1772  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:49:44.0904 1772  MsRPC - ok
11:49:44.0926 1772  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:49:44.0933 1772  mssmbios - ok
11:49:44.0956 1772  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:49:44.0971 1772  MSTEE - ok
11:49:45.0012 1772  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
11:49:45.0021 1772  Mup - ok
11:49:45.0127 1772  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
11:49:45.0142 1772  napagent - ok
11:49:45.0172 1772  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:49:45.0181 1772  NativeWifiP - ok
11:49:45.0287 1772  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:49:45.0302 1772  NDIS - ok
11:49:45.0340 1772  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:49:45.0352 1772  NdisTapi - ok
11:49:45.0376 1772  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:49:45.0391 1772  Ndisuio - ok
11:49:45.0460 1772  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:49:45.0473 1772  NdisWan - ok
11:49:45.0515 1772  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:49:45.0527 1772  NDProxy - ok
11:49:45.0567 1772  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:49:45.0570 1772  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:49:45.0570 1772  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:49:45.0586 1772  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:49:45.0602 1772  NetBIOS - ok
11:49:45.0671 1772  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
11:49:45.0685 1772  netbt - ok
11:49:45.0698 1772  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
11:49:45.0707 1772  Netlogon - ok
11:49:45.0772 1772  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
11:49:45.0790 1772  Netman - ok
11:49:45.0824 1772  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:49:45.0831 1772  NetMsmqActivator - ok
11:49:45.0837 1772  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:49:45.0844 1772  NetPipeActivator - ok
11:49:45.0902 1772  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
11:49:45.0920 1772  netprofm - ok
11:49:45.0926 1772  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:49:45.0933 1772  NetTcpActivator - ok
11:49:45.0939 1772  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:49:45.0946 1772  NetTcpPortSharing - ok
11:49:45.0978 1772  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:49:45.0985 1772  nfrd960 - ok
11:49:45.0987 1772  NisSrv - ok
11:49:46.0029 1772  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:49:46.0046 1772  NlaSvc - ok
11:49:46.0203 1772  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\Windows\system32\drivers\npf.sys
11:49:46.0209 1772  NPF - ok
11:49:46.0249 1772  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:49:46.0261 1772  Npfs - ok
11:49:46.0321 1772  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
11:49:46.0337 1772  nsi - ok
11:49:46.0388 1772  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:49:46.0403 1772  nsiproxy - ok
11:49:46.0476 1772  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:49:46.0500 1772  Ntfs - ok
11:49:46.0558 1772  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
11:49:46.0586 1772  ntrigdigi - ok
11:49:46.0628 1772  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
11:49:46.0643 1772  Null - ok
11:49:47.0848 1772  [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:49:48.0241 1772  nvlddmkm - ok
11:49:48.0289 1772  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:49:48.0296 1772  nvraid - ok
11:49:48.0316 1772  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:49:48.0333 1772  nvstor - ok
11:49:48.0362 1772  [ 439FD6A5A34113388C51C48D0E5092AA ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:49:48.0377 1772  nvsvc - ok
11:49:48.0480 1772  [ E3C7676582502C5E4BB9288C3617AB59 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:49:48.0506 1772  nvUpdatusService - ok
11:49:48.0542 1772  [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:49:48.0550 1772  nv_agp - ok
11:49:48.0553 1772  NwlnkFlt - ok
11:49:48.0555 1772  NwlnkFwd - ok
11:49:48.0583 1772  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:49:48.0596 1772  ohci1394 - ok
11:49:48.0743 1772  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
11:49:48.0759 1772  p2pimsvc - ok
11:49:48.0793 1772  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:49:48.0820 1772  p2psvc - ok
11:49:48.0856 1772  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
11:49:48.0884 1772  Parport - ok
11:49:48.0949 1772  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:49:48.0957 1772  partmgr - ok
11:49:48.0993 1772  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
11:49:49.0022 1772  Parvdm - ok
11:49:49.0141 1772  [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
11:49:49.0143 1772  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
11:49:49.0143 1772  PassThru Service - detected UnsignedFile.Multi.Generic (1)
11:49:49.0176 1772  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:49:49.0184 1772  PcaSvc - ok
11:49:49.0268 1772  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
11:49:49.0277 1772  pci - ok
11:49:49.0328 1772  [ EB03C52C1CC6FFC31757E0A69FFFD5B6 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:49:49.0335 1772  pciide - ok
11:49:49.0391 1772  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:49:49.0399 1772  pcmcia - ok
11:49:49.0626 1772  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:49:49.0677 1772  PEAUTH - ok
11:49:49.0873 1772  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
11:49:50.0015 1772  pla - ok
11:49:50.0062 1772  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:49:50.0076 1772  PlugPlay - ok
11:49:50.0132 1772  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:49:50.0134 1772  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:49:50.0134 1772  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:49:50.0176 1772  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
11:49:50.0191 1772  PNRPAutoReg - ok
11:49:50.0200 1772  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
11:49:50.0215 1772  PNRPsvc - ok
11:49:50.0303 1772  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:49:50.0346 1772  PolicyAgent - ok
11:49:50.0382 1772  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:49:50.0398 1772  PptpMiniport - ok
11:49:50.0420 1772  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
11:49:50.0448 1772  Processor - ok
11:49:50.0519 1772  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:49:50.0532 1772  ProfSvc - ok
11:49:50.0562 1772  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:49:50.0570 1772  ProtectedStorage - ok
11:49:50.0603 1772  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
11:49:50.0615 1772  PSched - ok
11:49:50.0647 1772  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
11:49:50.0653 1772  PxHelp20 - ok
11:49:50.0798 1772  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:49:50.0817 1772  ql2300 - ok
11:49:50.0833 1772  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:49:50.0841 1772  ql40xx - ok
11:49:50.0941 1772  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
11:49:50.0951 1772  QWAVE - ok
11:49:50.0995 1772  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:49:51.0003 1772  QWAVEdrv - ok
11:49:51.0293 1772  [ E642B131FB74CAF4BB8A014F31113142 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
11:49:51.0347 1772  R300 - ok
11:49:51.0403 1772  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:49:51.0419 1772  RasAcd - ok
11:49:51.0474 1772  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
11:49:51.0491 1772  RasAuto - ok
11:49:51.0527 1772  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:49:51.0543 1772  Rasl2tp - ok
11:49:51.0714 1772  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
11:49:51.0729 1772  RasMan - ok
11:49:51.0772 1772  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:49:51.0784 1772  RasPppoe - ok
11:49:51.0819 1772  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:49:51.0827 1772  RasSstp - ok
11:49:51.0909 1772  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:49:51.0922 1772  rdbss - ok
11:49:51.0960 1772  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:49:51.0975 1772  RDPCDD - ok
11:49:52.0017 1772  [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
11:49:52.0025 1772  rdpdr - ok
11:49:52.0028 1772  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:49:52.0044 1772  RDPENCDD - ok
11:49:52.0143 1772  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:49:52.0152 1772  RDPWD - ok
11:49:52.0260 1772  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:49:52.0276 1772  RemoteAccess - ok
11:49:52.0329 1772  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:49:52.0343 1772  RemoteRegistry - ok
11:49:52.0742 1772  [ A03855ECBEA2268A447D4DF1CAA064F5 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
11:49:52.0761 1772  RoxMediaDB9 - ok
11:49:52.0794 1772  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
11:49:52.0800 1772  rpcapd - ok
11:49:52.0850 1772  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
11:49:52.0857 1772  RpcLocator - ok
11:49:52.0990 1772  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
11:49:53.0008 1772  RpcSs - ok
11:49:53.0073 1772  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:49:53.0089 1772  rspndr - ok
11:49:53.0102 1772  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
11:49:53.0110 1772  SamSs - ok
11:49:53.0153 1772  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:49:53.0160 1772  sbp2port - ok
11:49:53.0191 1772  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:49:53.0204 1772  SCardSvr - ok
11:49:53.0368 1772  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
11:49:53.0402 1772  Schedule - ok
11:49:53.0451 1772  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:49:53.0463 1772  SCPolicySvc - ok
11:49:53.0495 1772  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:49:53.0504 1772  SDRSVC - ok
11:49:53.0526 1772  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:49:53.0554 1772  secdrv - ok
11:49:53.0605 1772  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
11:49:53.0622 1772  seclogon - ok
11:49:53.0652 1772  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
11:49:53.0668 1772  SENS - ok
11:49:53.0719 1772  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:49:53.0746 1772  Serenum - ok
11:49:53.0771 1772  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
11:49:53.0799 1772  Serial - ok
11:49:53.0826 1772  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:49:53.0841 1772  sermouse - ok
11:49:53.0873 1772  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:49:53.0890 1772  SessionEnv - ok
11:49:53.0908 1772  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:49:53.0915 1772  sffdisk - ok
11:49:53.0944 1772  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:49:53.0951 1772  sffp_mmc - ok
11:49:53.0967 1772  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:49:53.0973 1772  sffp_sd - ok
11:49:53.0995 1772  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:49:54.0022 1772  sfloppy - ok
11:49:54.0081 1772  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:49:54.0091 1772  ShellHWDetection - ok
11:49:54.0121 1772  [ 08072B2FB92477FC813271A84B3A8698 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:49:54.0128 1772  sisagp - ok
11:49:54.0149 1772  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
11:49:54.0156 1772  SiSRaid2 - ok
11:49:54.0191 1772  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:49:54.0198 1772  SiSRaid4 - ok
11:49:54.0367 1772  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
11:49:54.0441 1772  slsvc - ok
11:49:54.0508 1772  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
11:49:54.0521 1772  SLUINotify - ok
11:49:54.0581 1772  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:49:54.0593 1772  Smb - ok
11:49:54.0626 1772  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:49:54.0634 1772  SNMPTRAP - ok
11:49:54.0765 1772  [ FF10A385061128C9134E5288E709E4B0 ] SplashtopRemoteService C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
11:49:54.0777 1772  SplashtopRemoteService - ok
11:49:54.0822 1772  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
11:49:54.0830 1772  spldr - ok
11:49:54.0858 1772  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
11:49:54.0868 1772  Spooler - ok
11:49:54.0955 1772  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:49:54.0965 1772  srv - ok
11:49:54.0993 1772  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:49:55.0002 1772  srv2 - ok
11:49:55.0015 1772  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:49:55.0023 1772  srvnet - ok
11:49:55.0082 1772  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:49:55.0099 1772  SSDPSRV - ok
11:49:55.0150 1772  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:49:55.0160 1772  SstpSvc - ok
11:49:55.0307 1772  [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService      C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
11:49:55.0337 1772  SSUService - ok
11:49:55.0370 1772  [ B218068EBA6F46F102B4218BDB81BE0B ] STacSV          C:\Windows\system32\STacSV.exe
11:49:55.0378 1772  STacSV - ok
11:49:55.0386 1772  Steam Client Service - ok
11:49:55.0482 1772  [ 167909A1C36AA3E8F2582962F0CCC748 ] STHDA           C:\Windows\system32\drivers\stwrt.sys
11:49:55.0490 1772  STHDA - ok
11:49:55.0648 1772  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
11:49:55.0662 1772  stisvc - ok
11:49:55.0694 1772  [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:49:55.0696 1772  stllssvr ( UnsignedFile.Multi.Generic ) - warning
11:49:55.0696 1772  stllssvr - detected UnsignedFile.Multi.Generic (1)
11:49:55.0764 1772  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:49:55.0771 1772  swenum - ok
11:49:55.0926 1772  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
11:49:55.0941 1772  swprv - ok
11:49:56.0018 1772  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
11:49:56.0025 1772  Symc8xx - ok
11:49:56.0058 1772  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
11:49:56.0064 1772  Sym_hi - ok
11:49:56.0091 1772  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
11:49:56.0098 1772  Sym_u3 - ok
11:49:56.0153 1772  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
11:49:56.0171 1772  SysMain - ok
11:49:56.0200 1772  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:49:56.0210 1772  TabletInputService - ok
11:49:56.0294 1772  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:49:56.0309 1772  TapiSrv - ok
11:49:56.0354 1772  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
11:49:56.0371 1772  TBS - ok
11:49:56.0571 1772  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:49:56.0592 1772  Tcpip - ok
11:49:56.0654 1772  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
11:49:56.0675 1772  Tcpip6 - ok
11:49:56.0713 1772  [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:49:56.0721 1772  tcpipreg - ok
11:49:56.0762 1772  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:49:56.0777 1772  TDPIPE - ok
11:49:56.0884 1772  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:49:56.0900 1772  TDTCP - ok
11:49:56.0985 1772  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:49:56.0997 1772  tdx - ok
11:49:57.0026 1772  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:49:57.0035 1772  TermDD - ok
11:49:57.0248 1772  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
11:49:57.0277 1772  TermService - ok
11:49:57.0296 1772  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
11:49:57.0306 1772  Themes - ok
11:49:57.0313 1772  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
11:49:57.0330 1772  THREADORDER - ok
11:49:57.0366 1772  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
11:49:57.0383 1772  TrkWks - ok
11:49:57.0460 1772  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:49:57.0472 1772  TrustedInstaller - ok
11:49:57.0526 1772  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:49:57.0541 1772  tssecsrv - ok
11:49:57.0590 1772  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
11:49:57.0598 1772  tunmp - ok
11:49:57.0666 1772  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:49:57.0673 1772  tunnel - ok
11:49:57.0721 1772  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:49:57.0728 1772  uagp35 - ok
11:49:57.0820 1772  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:49:57.0834 1772  udfs - ok
11:49:57.0867 1772  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:49:57.0884 1772  UI0Detect - ok
11:49:57.0925 1772  [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:49:57.0932 1772  uliagpkx - ok
11:49:57.0998 1772  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
11:49:58.0007 1772  uliahci - ok
11:49:58.0073 1772  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
11:49:58.0080 1772  UlSata - ok
11:49:58.0110 1772  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
11:49:58.0118 1772  ulsata2 - ok
11:49:58.0198 1772  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:49:58.0213 1772  umbus - ok
11:49:58.0336 1772  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
11:49:58.0354 1772  upnphost - ok
11:49:58.0406 1772  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:49:58.0418 1772  usbccgp - ok
11:49:58.0502 1772  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:49:58.0530 1772  usbcir - ok
11:49:58.0618 1772  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:49:58.0630 1772  usbehci - ok
11:49:58.0685 1772  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:49:58.0698 1772  usbhub - ok
11:49:58.0712 1772  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:49:58.0741 1772  usbohci - ok
11:49:58.0818 1772  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:49:58.0833 1772  usbprint - ok
11:49:58.0921 1772  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:49:58.0933 1772  usbscan - ok
11:49:59.0007 1772  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:49:59.0019 1772  USBSTOR - ok
11:49:59.0089 1772  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:49:59.0101 1772  usbuhci - ok
11:49:59.0157 1772  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
11:49:59.0170 1772  UxSms - ok
11:49:59.0230 1772  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
11:49:59.0247 1772  vds - ok
11:49:59.0309 1772  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:49:59.0337 1772  vga - ok
11:49:59.0364 1772  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:49:59.0379 1772  VgaSave - ok
11:49:59.0485 1772  [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:49:59.0492 1772  viaagp - ok
11:49:59.0523 1772  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
11:49:59.0551 1772  ViaC7 - ok
11:49:59.0618 1772  [ F3B4762EB85A2AFF4999401F14C3262B ] viaide          C:\Windows\system32\drivers\viaide.sys
11:49:59.0626 1772  viaide - ok
11:49:59.0721 1772  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:49:59.0729 1772  volmgr - ok
11:49:59.0861 1772  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:49:59.0872 1772  volmgrx - ok
11:49:59.0977 1772  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:49:59.0986 1772  volsnap - ok
11:50:00.0041 1772  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:50:00.0049 1772  vsmraid - ok
11:50:00.0220 1772  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
11:50:00.0245 1772  VSS - ok
11:50:00.0346 1772  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
11:50:00.0361 1772  W32Time - ok
11:50:00.0411 1772  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:50:00.0439 1772  WacomPen - ok
11:50:00.0482 1772  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
11:50:00.0494 1772  Wanarp - ok
11:50:00.0507 1772  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:50:00.0519 1772  Wanarpv6 - ok
11:50:00.0652 1772  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:50:00.0666 1772  wcncsvc - ok
11:50:00.0706 1772  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:50:00.0719 1772  WcsPlugInService - ok
11:50:00.0760 1772  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
11:50:00.0767 1772  Wd - ok
11:50:00.0851 1772  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:50:00.0866 1772  Wdf01000 - ok
11:50:00.0891 1772  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:50:00.0907 1772  WdiServiceHost - ok
11:50:00.0911 1772  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:50:00.0928 1772  WdiSystemHost - ok
11:50:00.0988 1772  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
11:50:00.0999 1772  WebClient - ok
11:50:01.0050 1772  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:50:01.0060 1772  Wecsvc - ok
11:50:01.0103 1772  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:50:01.0116 1772  wercplsupport - ok
11:50:01.0153 1772  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:50:01.0167 1772  WerSvc - ok
11:50:01.0192 1772  WinDefend - ok
11:50:01.0196 1772  WinHttpAutoProxySvc - ok
11:50:01.0455 1772  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:50:01.0467 1772  Winmgmt - ok
11:50:01.0728 1772  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:50:01.0752 1772  WinRM - ok
11:50:01.0799 1772  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.SYS
11:50:01.0807 1772  WinUsb - ok
11:50:01.0853 1772  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:50:01.0867 1772  Wlansvc - ok
11:50:02.0199 1772  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:50:02.0237 1772  wlidsvc - ok
11:50:02.0281 1772  [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:50:02.0288 1772  WmiAcpi - ok
11:50:02.0349 1772  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:50:02.0362 1772  wmiApSrv - ok
11:50:02.0537 1772  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:50:02.0555 1772  WMPNetworkSvc - ok
11:50:02.0607 1772  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:50:02.0620 1772  WPCSvc - ok
11:50:02.0652 1772  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:50:02.0661 1772  WPDBusEnum - ok
11:50:02.0696 1772  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
11:50:02.0704 1772  WpdUsb - ok
11:50:02.0938 1772  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:50:02.0962 1772  WPFFontCache_v0400 - ok
11:50:02.0980 1772  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:50:02.0996 1772  ws2ifsl - ok
11:50:03.0058 1772  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
11:50:03.0068 1772  wscsvc - ok
11:50:03.0132 1772  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:50:03.0144 1772  WSDPrintDevice - ok
11:50:03.0172 1772  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
11:50:03.0184 1772  WSDScan - ok
11:50:03.0187 1772  WSearch - ok
11:50:03.0286 1772  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
11:50:03.0364 1772  wuauserv - ok
11:50:03.0415 1772  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:50:03.0423 1772  WudfPf - ok
11:50:03.0435 1772  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:03.0443 1772  WUDFRd - ok
11:50:03.0487 1772  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:50:03.0496 1772  wudfsvc - ok
11:50:03.0499 1772  ================ Scan global ===============================
11:50:03.0547 1772  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
11:50:03.0581 1772  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
11:50:03.0589 1772  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
11:50:03.0639 1772  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
11:50:03.0641 1772  [Global] - ok
11:50:03.0641 1772  ================ Scan MBR ==================================
11:50:03.0653 1772  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:50:04.0057 1772  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:50:04.0057 1772  \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:50:04.0070 1772  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
11:50:04.0121 1772  \Device\Harddisk1\DR1 - ok
11:50:04.0125 1772  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk2\DR2
11:50:04.0251 1772  \Device\Harddisk2\DR2 - ok
11:50:04.0251 1772  ================ Scan VBR ==================================
11:50:04.0280 1772  [ D0A22DD08426A7C2903F5E4086D2898C ] \Device\Harddisk0\DR0\Partition1
11:50:04.0297 1772  \Device\Harddisk0\DR0\Partition1 - ok
11:50:04.0314 1772  [ 577A2E69094DF751CD8CB16F0D39DA41 ] \Device\Harddisk0\DR0\Partition2
11:50:04.0339 1772  \Device\Harddisk0\DR0\Partition2 - ok
11:50:04.0363 1772  [ 7E5A4E084B9F5F022C5452454AE29E5D ] \Device\Harddisk1\DR1\Partition1
11:50:04.0364 1772  \Device\Harddisk1\DR1\Partition1 - ok
11:50:04.0366 1772  [ E6DD0CEDF6FED6430140B7A645C87F67 ] \Device\Harddisk2\DR2\Partition1
11:50:04.0367 1772  \Device\Harddisk2\DR2\Partition1 - ok
11:50:04.0368 1772  ================ Scan active images ========================
11:50:04.0369 1772  [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
11:50:04.0369 1772  C:\Windows\System32\drivers\crashdmp.sys - ok
11:50:04.0371 1772  [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
11:50:04.0371 1772  C:\Windows\System32\drivers\TUNMP.SYS - ok
11:50:04.0373 1772  [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
11:50:04.0373 1772  C:\Windows\System32\drivers\tunnel.sys - ok
11:50:04.0375 1772  [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys
11:50:04.0375 1772  C:\Windows\System32\drivers\intelppm.sys - ok
11:50:04.0377 1772  [ 0B2E7B39411FAA44EBDA76FB38673964 ] C:\Windows\System32\drivers\nvlddmkm.sys
11:50:04.0377 1772  C:\Windows\System32\drivers\nvlddmkm.sys - ok
11:50:04.0379 1772  [ 8A3C4E55C8E24D1D12AF4142D50939FC ] C:\Windows\System32\drivers\nvBridge.kmd
11:50:04.0379 1772  C:\Windows\System32\drivers\nvBridge.kmd - ok
11:50:04.0381 1772  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
11:50:04.0381 1772  C:\Windows\System32\drivers\dxgkrnl.sys - ok
11:50:04.0383 1772  [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
11:50:04.0383 1772  C:\Windows\System32\drivers\watchdog.sys - ok
11:50:04.0385 1772  [ 04944F4FC4F0477185F5D26AE0DDB90E ] C:\Windows\System32\drivers\e1e6032.sys
11:50:04.0386 1772  C:\Windows\System32\drivers\e1e6032.sys - ok
11:50:04.0388 1772  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
11:50:04.0388 1772  C:\Windows\System32\drivers\usbehci.sys - ok
11:50:04.0390 1772  [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
11:50:04.0390 1772  C:\Windows\System32\drivers\usbport.sys - ok
11:50:04.0392 1772  [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys
11:50:04.0392 1772  C:\Windows\System32\drivers\usbuhci.sys - ok
11:50:04.0394 1772  [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
11:50:04.0394 1772  C:\Windows\System32\drivers\hdaudbus.sys - ok
11:50:04.0396 1772  [ 0349BE02F329F4F48F1D48097FD65974 ] C:\Windows\System32\drivers\1394bus.sys
11:50:04.0396 1772  C:\Windows\System32\drivers\1394bus.sys - ok
11:50:04.0398 1772  [ 6F310E890D46E246E0E261A63D9B36B4 ] C:\Windows\System32\drivers\ohci1394.sys
11:50:04.0398 1772  C:\Windows\System32\drivers\ohci1394.sys - ok
11:50:04.0400 1772  [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
11:50:04.0400 1772  C:\Windows\System32\drivers\cdrom.sys - ok
11:50:04.0402 1772  [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys
11:50:04.0402 1772  C:\Windows\System32\drivers\Storport.sys - ok
11:50:04.0404 1772  [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
11:50:04.0404 1772  C:\Windows\System32\drivers\msiscsi.sys - ok
11:50:04.0406 1772  [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
11:50:04.0406 1772  C:\Windows\System32\drivers\rasl2tp.sys - ok
11:50:04.0408 1772  [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
11:50:04.0408 1772  C:\Windows\System32\drivers\tdi.sys - ok
11:50:04.0411 1772  [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
11:50:04.0411 1772  C:\Windows\System32\drivers\ndistapi.sys - ok
11:50:04.0413 1772  [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
11:50:04.0413 1772  C:\Windows\System32\drivers\ndiswan.sys - ok
11:50:04.0415 1772  [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
11:50:04.0415 1772  C:\Windows\System32\drivers\raspppoe.sys - ok
11:50:04.0417 1772  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
11:50:04.0417 1772  C:\Windows\System32\drivers\raspptp.sys - ok
11:50:04.0419 1772  [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
11:50:04.0419 1772  C:\Windows\System32\drivers\rassstp.sys - ok
11:50:04.0421 1772  [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
11:50:04.0421 1772  C:\Windows\System32\drivers\kbdclass.sys - ok
11:50:04.0423 1772  [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
11:50:04.0423 1772  C:\Windows\System32\drivers\mouclass.sys - ok
11:50:04.0426 1772  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
11:50:04.0426 1772  C:\Windows\System32\drivers\termdd.sys - ok
11:50:04.0428 1772  [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
11:50:04.0428 1772  C:\Windows\System32\drivers\ks.sys - ok
11:50:04.0430 1772  [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
11:50:04.0430 1772  C:\Windows\System32\drivers\mssmbios.sys - ok
11:50:04.0432 1772  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
11:50:04.0432 1772  C:\Windows\System32\drivers\swenum.sys - ok
11:50:04.0434 1772  [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
11:50:04.0434 1772  C:\Windows\System32\drivers\umbus.sys - ok
11:50:04.0436 1772  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
11:50:04.0436 1772  C:\Windows\System32\drivers\usbhub.sys - ok
11:50:04.0438 1772  [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
11:50:04.0438 1772  C:\Windows\System32\drivers\ndproxy.sys - ok
11:50:04.0440 1772  [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
11:50:04.0440 1772  C:\Windows\System32\drivers\drmk.sys - ok
11:50:04.0442 1772  [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
11:50:04.0442 1772  C:\Windows\System32\drivers\portcls.sys - ok
11:50:04.0444 1772  [ 167909A1C36AA3E8F2582962F0CCC748 ] C:\Windows\System32\drivers\stwrt.sys
11:50:04.0444 1772  C:\Windows\System32\drivers\stwrt.sys - ok
11:50:04.0447 1772  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
11:50:04.0447 1772  C:\Windows\System32\drivers\beep.sys - ok
11:50:04.0449 1772  [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
11:50:04.0449 1772  C:\Windows\System32\drivers\fs_rec.sys - ok
11:50:04.0451 1772  [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
11:50:04.0451 1772  C:\Windows\System32\drivers\null.sys - ok
11:50:04.0453 1772  [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
11:50:04.0453 1772  C:\Windows\System32\drivers\hidparse.sys - ok
11:50:04.0455 1772  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys
11:50:04.0455 1772  C:\Windows\System32\drivers\kbdhid.sys - ok
11:50:04.0457 1772  [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
11:50:04.0457 1772  C:\Windows\System32\drivers\vga.sys - ok
11:50:04.0459 1772  [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
11:50:04.0459 1772  C:\Windows\System32\drivers\videoprt.sys - ok
11:50:04.0461 1772  [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
11:50:04.0461 1772  C:\Windows\System32\drivers\msfs.sys - ok
11:50:04.0463 1772  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
11:50:04.0463 1772  C:\Windows\System32\drivers\RDPCDD.sys - ok
11:50:04.0465 1772  [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
11:50:04.0465 1772  C:\Windows\System32\drivers\RDPENCDD.sys - ok
11:50:04.0468 1772  [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
11:50:04.0468 1772  C:\Windows\System32\drivers\npfs.sys - ok
11:50:04.0470 1772  [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
11:50:04.0470 1772  C:\Windows\System32\drivers\rasacd.sys - ok
11:50:04.0472 1772  [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
11:50:04.0472 1772  C:\Windows\System32\drivers\tdx.sys - ok
11:50:04.0474 1772  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
11:50:04.0474 1772  C:\Windows\System32\drivers\netbt.sys - ok
11:50:04.0476 1772  [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
11:50:04.0476 1772  C:\Windows\System32\drivers\smb.sys - ok
11:50:04.0478 1772  [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
11:50:04.0478 1772  C:\Windows\System32\drivers\afd.sys - ok
11:50:04.0480 1772  [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
11:50:04.0480 1772  C:\Windows\System32\drivers\pacer.sys - ok
11:50:04.0482 1772  [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
11:50:04.0482 1772  C:\Windows\System32\drivers\netbios.sys - ok
11:50:04.0484 1772  [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
11:50:04.0484 1772  C:\Windows\System32\drivers\wanarp.sys - ok
11:50:04.0486 1772  [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
11:50:04.0486 1772  C:\Windows\System32\drivers\nsiproxy.sys - ok
11:50:04.0488 1772  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
11:50:04.0488 1772  C:\Windows\System32\drivers\rdbss.sys - ok
11:50:04.0491 1772  [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
11:50:04.0491 1772  C:\Windows\System32\drivers\dfsc.sys - ok
11:50:04.0493 1772  [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
11:50:04.0493 1772  C:\Windows\System32\ntdll.dll - ok
11:50:04.0495 1772  [ BE7480C91E89EB82FC080F772C220AE4 ] C:\Windows\System32\smss.exe
11:50:04.0495 1772  C:\Windows\System32\smss.exe - ok
11:50:04.0496 1772  [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
11:50:04.0497 1772  C:\Windows\System32\autochk.exe - ok
11:50:04.0499 1772  [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
11:50:04.0499 1772  C:\Windows\System32\drivers\usbd.sys - ok
11:50:04.0501 1772  [ BE3DA31C191BC222D9AD503C5224F2AD ] C:\Windows\System32\drivers\USBSTOR.SYS
11:50:04.0501 1772  C:\Windows\System32\drivers\USBSTOR.SYS - ok
11:50:04.0503 1772  [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
11:50:04.0503 1772  C:\Windows\System32\drivers\usbccgp.sys - ok
11:50:04.0505 1772  [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
11:50:04.0505 1772  C:\Windows\System32\drivers\hidclass.sys - ok
11:50:04.0507 1772  [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
11:50:04.0507 1772  C:\Windows\System32\drivers\hidusb.sys - ok
11:50:04.0509 1772  [ 70035567754BED4E6AD353CA3F175127 ] C:\Windows\System32\drivers\LEqdUsb.sys
11:50:04.0509 1772  C:\Windows\System32\drivers\LEqdUsb.sys - ok
11:50:04.0511 1772  [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
11:50:04.0511 1772  C:\Windows\System32\drivers\mouhid.sys - ok
11:50:04.0514 1772  [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] C:\Windows\System32\drivers\LHidEqd.sys
11:50:04.0514 1772  C:\Windows\System32\drivers\LHidEqd.sys - ok
11:50:04.0516 1772  [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] C:\Windows\System32\drivers\LHidFilt.Sys
11:50:04.0516 1772  C:\Windows\System32\drivers\LHidFilt.Sys - ok
11:50:04.0518 1772  [ AB33792A87285344F43B5CE23421BAB0 ] C:\Windows\System32\drivers\LMouFilt.Sys
11:50:04.0518 1772  C:\Windows\System32\drivers\LMouFilt.Sys - ok
11:50:04.0520 1772  [ D9728AF68C4C7693CB100B8441CBDEC6 ] C:\Windows\System32\drivers\udfs.sys
11:50:04.0520 1772  C:\Windows\System32\drivers\udfs.sys - ok
11:50:04.0522 1772  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] C:\Windows\System32\drivers\winusb.sys
11:50:04.0522 1772  C:\Windows\System32\drivers\winusb.sys - ok
11:50:04.0524 1772  [ 867C301E8B790040AE9CF6486E8041DF ] C:\Windows\System32\drivers\WUDFRd.sys
11:50:04.0524 1772  C:\Windows\System32\drivers\WUDFRd.sys - ok
11:50:04.0526 1772  [ 9BDDA34DC4890169DE5BA21134B33EFB ] C:\Windows\System32\iertutil.dll
11:50:04.0526 1772  C:\Windows\System32\iertutil.dll - ok
11:50:04.0528 1772  [ 4E7F83E1F6AEFA38E270EA7353D6911E ] C:\Windows\System32\urlmon.dll
11:50:04.0528 1772  C:\Windows\System32\urlmon.dll - ok
11:50:04.0530 1772  [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
11:50:04.0530 1772  C:\Windows\System32\shell32.dll - ok
11:50:04.0532 1772  [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
11:50:04.0532 1772  C:\Windows\System32\msvcrt.dll - ok
11:50:04.0534 1772  [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
11:50:04.0534 1772  C:\Windows\System32\imm32.dll - ok
11:50:04.0536 1772  [ C5B6468422DB1C8AA36C32CBB0197E5E ] C:\Windows\System32\wininet.dll
11:50:04.0536 1772  C:\Windows\System32\wininet.dll - ok
11:50:04.0538 1772  [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
11:50:04.0538 1772  C:\Windows\System32\usp10.dll - ok
11:50:04.0540 1772  [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
11:50:04.0541 1772  C:\Windows\System32\imagehlp.dll - ok
11:50:04.0543 1772  [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
11:50:04.0543 1772  C:\Windows\System32\clbcatq.dll - ok
11:50:04.0545 1772  [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
11:50:04.0545 1772  C:\Windows\System32\msctf.dll - ok
11:50:04.0547 1772  [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
11:50:04.0547 1772  C:\Windows\System32\advapi32.dll - ok
11:50:04.0549 1772  [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
11:50:04.0549 1772  C:\Windows\System32\setupapi.dll - ok
11:50:04.0551 1772  [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
11:50:04.0551 1772  C:\Windows\System32\rpcrt4.dll - ok
11:50:04.0553 1772  [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
11:50:04.0553 1772  C:\Windows\System32\comdlg32.dll - ok
11:50:04.0555 1772  [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
11:50:04.0555 1772  C:\Windows\System32\Wldap32.dll - ok
11:50:04.0557 1772  [ DC3105CC925A0D47F61B54E66AB730FC ] C:\Windows\System32\kernel32.dll
11:50:04.0557 1772  C:\Windows\System32\kernel32.dll - ok
11:50:04.0559 1772  [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
11:50:04.0559 1772  C:\Windows\System32\ws2_32.dll - ok
11:50:04.0561 1772  [ 420B075CD71AB9E58D15DD258958FBA3 ] C:\Windows\System32\shlwapi.dll
11:50:04.0561 1772  C:\Windows\System32\shlwapi.dll - ok
11:50:04.0563 1772  [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
11:50:04.0563 1772  C:\Windows\System32\user32.dll - ok
11:50:04.0565 1772  [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
11:50:04.0565 1772  C:\Windows\System32\gdi32.dll - ok
11:50:04.0567 1772  [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
11:50:04.0567 1772  C:\Windows\System32\oleaut32.dll - ok
11:50:04.0569 1772  [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
11:50:04.0569 1772  C:\Windows\System32\ole32.dll - ok
11:50:04.0571 1772  [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
11:50:04.0571 1772  C:\Windows\System32\comctl32.dll - ok
11:50:04.0573 1772  [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
11:50:04.0573 1772  C:\Windows\System32\lpk.dll - ok
11:50:04.0575 1772  [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
11:50:04.0575 1772  C:\Windows\System32\normaliz.dll - ok
11:50:04.0577 1772  [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
11:50:04.0577 1772  C:\Windows\System32\nsi.dll - ok
11:50:04.0578 1772  [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
11:50:04.0578 1772  C:\Windows\System32\psapi.dll - ok
11:50:04.0580 1772  [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
11:50:04.0580 1772  C:\Windows\System32\drivers\dxapi.sys - ok
11:50:04.0582 1772  [ 88FB35233A80BB42FF5B4E722705FEF4 ] C:\Windows\System32\win32k.sys
11:50:04.0582 1772  C:\Windows\System32\win32k.sys - ok
11:50:04.0584 1772  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
11:50:04.0584 1772  C:\Windows\System32\basesrv.dll - ok
11:50:04.0586 1772  [ 33F84B64D4765BCDFA0AB8464122DA14 ] C:\Windows\System32\csrsrv.dll
11:50:04.0586 1772  C:\Windows\System32\csrsrv.dll - ok
11:50:04.0588 1772  [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
11:50:04.0588 1772  C:\Windows\System32\csrss.exe - ok
11:50:04.0590 1772  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\System32\winsrv.dll
11:50:04.0590 1772  C:\Windows\System32\winsrv.dll - ok
11:50:04.0592 1772  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
11:50:04.0592 1772  C:\Windows\System32\drivers\monitor.sys - ok
11:50:04.0594 1772  [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
11:50:04.0594 1772  C:\Windows\System32\tsddd.dll - ok
11:50:04.0596 1772  [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
11:50:04.0596 1772  C:\Windows\System32\wininit.exe - ok
11:50:04.0598 1772  [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
11:50:04.0598 1772  C:\Windows\System32\KBDUS.DLL - ok
11:50:04.0600 1772  [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
11:50:04.0600 1772  C:\Windows\System32\secur32.dll - ok
11:50:04.0602 1772  [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
11:50:04.0602 1772  C:\Windows\System32\userenv.dll - ok
11:50:04.0604 1772  [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
11:50:04.0604 1772  C:\Windows\System32\apphelp.dll - ok
11:50:04.0606 1772  [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
11:50:04.0606 1772  C:\Windows\System32\WlS0WndH.dll - ok
11:50:04.0608 1772  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
11:50:04.0608 1772  C:\Windows\System32\services.exe - ok
11:50:04.0610 1772  [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
11:50:04.0610 1772  C:\Windows\System32\sxs.dll - ok
11:50:04.0612 1772  [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
11:50:04.0612 1772  C:\Windows\System32\cdd.dll - ok
11:50:04.0614 1772  [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
11:50:04.0614 1772  C:\Windows\System32\lsass.exe - ok
11:50:04.0616 1772  [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
11:50:04.0616 1772  C:\Windows\System32\lsm.exe - ok
11:50:04.0618 1772  [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
11:50:04.0618 1772  C:\Windows\System32\lsasrv.dll - ok
11:50:04.0620 1772  [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
11:50:04.0620 1772  C:\Windows\System32\scesrv.dll - ok
11:50:04.0622 1772  [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
11:50:04.0622 1772  C:\Windows\System32\sysntfy.dll - ok
11:50:04.0624 1772  [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
11:50:04.0624 1772  C:\Windows\System32\wmsgapi.dll - ok
11:50:04.0626 1772  [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
11:50:04.0626 1772  C:\Windows\System32\authz.dll - ok
11:50:04.0628 1772  [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll
11:50:04.0628 1772  C:\Windows\System32\netapi32.dll - ok
11:50:04.0630 1772  [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
11:50:04.0630 1772  C:\Windows\System32\ncobjapi.dll - ok
11:50:04.0632 1772  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll
11:50:04.0632 1772  C:\Windows\System32\aelupsvc.dll - ok
11:50:04.0634 1772  [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
11:50:04.0634 1772  C:\Windows\System32\alg.exe - ok
11:50:04.0636 1772  [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
11:50:04.0636 1772  C:\Windows\System32\samsrv.dll - ok
11:50:04.0638 1772  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
11:50:04.0638 1772  C:\Windows\System32\appinfo.dll - ok
11:50:04.0640 1772  [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
11:50:04.0640 1772  C:\Windows\System32\audiosrv.dll - ok
11:50:04.0642 1772  [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
11:50:04.0642 1772  C:\Windows\System32\winlogon.exe - ok
11:50:04.0644 1772  [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
11:50:04.0644 1772  C:\Windows\System32\winsta.dll - ok
11:50:04.0646 1772  [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
11:50:04.0646 1772  C:\Windows\System32\BFE.DLL - ok
11:50:04.0648 1772  [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll
11:50:04.0648 1772  C:\Windows\System32\qmgr.dll - ok
11:50:04.0650 1772  [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
11:50:04.0650 1772  C:\Windows\System32\cryptdll.dll - ok
11:50:04.0652 1772  [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
11:50:04.0652 1772  C:\Windows\System32\dnsapi.dll - ok
11:50:04.0654 1772  [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
11:50:04.0654 1772  C:\Windows\System32\samlib.dll - ok
11:50:04.0656 1772  [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll
11:50:04.0656 1772  C:\Windows\System32\crypt32.dll - ok
11:50:04.0658 1772  [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
11:50:04.0658 1772  C:\Windows\System32\feclient.dll - ok
11:50:04.0660 1772  [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
11:50:04.0660 1772  C:\Windows\System32\mpr.dll - ok
11:50:04.0662 1772  [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
11:50:04.0662 1772  C:\Windows\System32\msasn1.dll - ok
11:50:04.0664 1772  [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
11:50:04.0664 1772  C:\Windows\System32\ntdsapi.dll - ok
11:50:04.0666 1772  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
11:50:04.0666 1772  C:\Windows\System32\browser.dll - ok
11:50:04.0668 1772  [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
11:50:04.0669 1772  C:\Windows\System32\certprop.dll - ok
11:50:04.0670 1772  [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
11:50:04.0670 1772  C:\Windows\System32\comres.dll - ok
11:50:04.0672 1772  [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
11:50:04.0672 1772  C:\Windows\System32\SLC.dll - ok
11:50:04.0674 1772  [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
11:50:04.0674 1772  C:\Windows\System32\wevtapi.dll - ok
11:50:04.0676 1772  [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
11:50:04.0676 1772  C:\Windows\System32\dhcpcsvc.dll - ok
11:50:04.0678 1772  [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
11:50:04.0678 1772  C:\Windows\System32\IPHLPAPI.DLL - ok
11:50:04.0680 1772  [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
11:50:04.0680 1772  C:\Windows\System32\cngaudit.dll - ok
11:50:04.0683 1772  [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
11:50:04.0683 1772  C:\Windows\System32\dhcpcsvc6.dll - ok
11:50:04.0685 1772  [ 13CC59C1B04E9F20A87987C68CD4BE3F ] C:\Windows\System32\ncrypt.dll
11:50:04.0685 1772  C:\Windows\System32\ncrypt.dll - ok
11:50:04.0686 1772  [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
11:50:04.0687 1772  C:\Windows\System32\winnsi.dll - ok
11:50:04.0688 1772  [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
11:50:04.0688 1772  C:\Windows\System32\bcrypt.dll - ok
11:50:04.0690 1772  [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
11:50:04.0690 1772  C:\Windows\System32\credssp.dll - ok
11:50:04.0692 1772  [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll
11:50:04.0692 1772  C:\Windows\System32\cryptsvc.dll - ok
11:50:04.0694 1772  [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
11:50:04.0694 1772  C:\Windows\System32\dfsrres.dll - ok
11:50:04.0696 1772  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
11:50:04.0696 1772  C:\Windows\System32\dot3svc.dll - ok
11:50:04.0699 1772  [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
11:50:04.0699 1772  C:\Windows\System32\oleres.dll - ok
11:50:04.0700 1772  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
11:50:04.0700 1772  C:\Windows\System32\dps.dll - ok
11:50:04.0702 1772  [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
11:50:04.0703 1772  C:\Windows\System32\msprivs.dll - ok
11:50:04.0704 1772  [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
11:50:04.0705 1772  C:\Windows\System32\eapsvc.dll - ok
11:50:04.0707 1772  [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
11:50:04.0707 1772  C:\Windows\System32\kerberos.dll - ok
11:50:04.0709 1772  [ 9BE3744D295A7701EB425332014F0797 ] C:\Windows\ehome\ehrecvr.exe
11:50:04.0709 1772  C:\Windows\ehome\ehrecvr.exe - ok
11:50:04.0711 1772  [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
11:50:04.0711 1772  C:\Windows\System32\WSHTCPIP.DLL - ok
11:50:04.0713 1772  [ AD1870C8E5D6DD340C829E6074BF3C3F ] C:\Windows\ehome\ehsched.exe
11:50:04.0713 1772  C:\Windows\ehome\ehsched.exe - ok
11:50:04.0715 1772  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] C:\Windows\ehome\ehstart.dll
11:50:04.0715 1772  C:\Windows\ehome\ehstart.dll - ok
11:50:04.0717 1772  [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
11:50:04.0717 1772  C:\Windows\System32\emdmgmt.dll - ok
11:50:04.0719 1772  [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
11:50:04.0719 1772  C:\Windows\System32\wevtsvc.dll - ok
11:50:04.0721 1772  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
11:50:04.0721 1772  C:\Windows\System32\fdPHost.dll - ok
11:50:04.0723 1772  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
11:50:04.0723 1772  C:\Windows\System32\FDResPub.dll - ok
11:50:04.0725 1772  [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
11:50:04.0725 1772  C:\Windows\System32\FntCache.dll - ok
11:50:04.0727 1772  [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
11:50:04.0727 1772  C:\Windows\System32\PresentationHost.exe - ok
11:50:04.0729 1772  [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
11:50:04.0729 1772  C:\Windows\System32\gpapi.dll - ok
11:50:04.0731 1772  [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
11:50:04.0731 1772  C:\Windows\System32\hidserv.dll - ok
11:50:04.0733 1772  [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
11:50:04.0733 1772  C:\Windows\System32\KMSVC.DLL - ok
11:50:04.0735 1772  [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
11:50:04.0735 1772  C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
11:50:04.0738 1772  [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
11:50:04.0738 1772  C:\Windows\System32\IKEEXT.DLL - ok
11:50:04.0739 1772  [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
11:50:04.0740 1772  C:\Windows\System32\IPBusEnum.dll - ok
11:50:04.0742 1772  [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll
11:50:04.0742 1772  C:\Windows\System32\iphlpsvc.dll - ok
11:50:04.0744 1772  [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
11:50:04.0744 1772  C:\Windows\System32\rascfg.dll - ok
11:50:04.0745 1772  [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
11:50:04.0745 1772  C:\Windows\System32\keyiso.dll - ok
11:50:04.0747 1772  [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
11:50:04.0747 1772  C:\Windows\System32\lltdres.dll - ok
11:50:04.0749 1772  [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
11:50:04.0749 1772  C:\Windows\System32\srvsvc.dll - ok
11:50:04.0751 1772  [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
11:50:04.0751 1772  C:\Windows\System32\wkssvc.dll - ok
11:50:04.0753 1772  [ 132F6237FA3BF3E9715F63A1CCF72BF1 ] C:\Windows\ehome\ehres.dll
11:50:04.0753 1772  C:\Windows\ehome\ehres.dll - ok
11:50:04.0755 1772  [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
11:50:04.0755 1772  C:\Windows\System32\lmhsvc.dll - ok
11:50:04.0757 1772  [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
11:50:04.0757 1772  C:\Windows\System32\wship6.dll - ok
11:50:04.0759 1772  [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
11:50:04.0759 1772  C:\Windows\System32\wshqos.dll - ok
11:50:04.0761 1772  [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
11:50:04.0761 1772  C:\Windows\System32\mswsock.dll - ok
11:50:04.0763 1772  [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
11:50:04.0763 1772  C:\Windows\System32\NapiNSP.dll - ok
11:50:04.0765 1772  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
11:50:04.0765 1772  C:\Windows\System32\nlasvc.dll - ok
11:50:04.0767 1772  [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
11:50:04.0767 1772  C:\Windows\System32\pnrpnsp.dll - ok
 



#7 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 12 May 2013 - 02:26 PM

TDSSKiller log Part 2

 

11:50:04.0769 1772  [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
11:50:04.0769 1772  C:\Windows\System32\msv1_0.dll - ok
11:50:04.0771 1772  [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
11:50:04.0771 1772  C:\Windows\System32\netlogon.dll - ok
11:50:04.0773 1772  [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
11:50:04.0773 1772  C:\Windows\System32\winbrand.dll - ok
11:50:04.0775 1772  [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
11:50:04.0775 1772  C:\Windows\System32\schannel.dll - ok
11:50:04.0777 1772  [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
11:50:04.0777 1772  C:\Windows\System32\wdigest.dll - ok
11:50:04.0779 1772  [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
11:50:04.0779 1772  C:\Windows\System32\rsaenh.dll - ok
11:50:04.0781 1772  [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
11:50:04.0781 1772  C:\Windows\System32\TSpkg.dll - ok
11:50:04.0783 1772  [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
11:50:04.0783 1772  C:\Windows\System32\FirewallAPI.dll - ok
11:50:04.0785 1772  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
11:50:04.0785 1772  C:\Windows\System32\mmcss.dll - ok
11:50:04.0787 1772  [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
11:50:04.0787 1772  C:\Windows\System32\iscsidsc.dll - ok
11:50:04.0789 1772  [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
11:50:04.0789 1772  C:\Windows\System32\msimsg.dll - ok
11:50:04.0791 1772  [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
11:50:04.0791 1772  C:\Windows\System32\netman.dll - ok
11:50:04.0793 1772  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
11:50:04.0793 1772  C:\Windows\System32\QAGENTRT.DLL - ok
11:50:04.0795 1772  [ 4EF5DF1B011B05737ECB8F0B7B171510 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
11:50:04.0795 1772  C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll - ok
11:50:04.0798 1772  [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
11:50:04.0798 1772  C:\Windows\System32\netprof.dll - ok
11:50:04.0800 1772  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
11:50:04.0800 1772  C:\Windows\System32\nsisvc.dll - ok
11:50:04.0802 1772  [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
11:50:04.0802 1772  C:\Windows\System32\p2psvc.dll - ok
11:50:04.0804 1772  [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
11:50:04.0804 1772  C:\Windows\System32\pcasvc.dll - ok
11:50:04.0805 1772  [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
11:50:04.0805 1772  C:\Windows\System32\pla.dll - ok
11:50:04.0807 1772  [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
11:50:04.0807 1772  C:\Windows\System32\umpnpmgr.dll - ok
11:50:04.0809 1772  [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
11:50:04.0809 1772  C:\Windows\System32\polstore.dll - ok
11:50:04.0811 1772  [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
11:50:04.0811 1772  C:\Windows\System32\profsvc.dll - ok
11:50:04.0813 1772  [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
11:50:04.0813 1772  C:\Windows\System32\psbase.dll - ok
11:50:04.0816 1772  [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
11:50:04.0816 1772  C:\Windows\System32\qwave.dll - ok
11:50:04.0818 1772  [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
11:50:04.0818 1772  C:\Windows\System32\drivers\qwavedrv.sys - ok
11:50:04.0820 1772  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
11:50:04.0820 1772  C:\Windows\System32\rasauto.dll - ok
11:50:04.0822 1772  [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
11:50:04.0822 1772  C:\Windows\System32\rasmans.dll - ok
11:50:04.0824 1772  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
11:50:04.0824 1772  C:\Windows\System32\mprdim.dll - ok
11:50:04.0826 1772  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
11:50:04.0826 1772  C:\Windows\System32\sstpsvc.dll - ok
11:50:04.0827 1772  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
11:50:04.0827 1772  C:\Windows\System32\regsvc.dll - ok
11:50:04.0829 1772  [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
11:50:04.0829 1772  C:\Windows\System32\Locator.exe - ok
11:50:04.0831 1772  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
11:50:04.0831 1772  C:\Windows\System32\SCardSvr.dll - ok
11:50:04.0833 1772  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
11:50:04.0833 1772  C:\Windows\System32\schedsvc.dll - ok
11:50:04.0835 1772  [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
11:50:04.0835 1772  C:\Windows\System32\sdrsvc.dll - ok
11:50:04.0837 1772  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
11:50:04.0837 1772  C:\Windows\System32\seclogon.dll - ok
11:50:04.0839 1772  [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
11:50:04.0839 1772  C:\Windows\System32\Sens.dll - ok
11:50:04.0841 1772  [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
11:50:04.0841 1772  C:\Windows\System32\SessEnv.dll - ok
11:50:04.0843 1772  [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
11:50:04.0843 1772  C:\Windows\System32\shsvcs.dll - ok
11:50:04.0845 1772  [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
11:50:04.0845 1772  C:\Windows\System32\SLsvc.exe - ok
11:50:04.0847 1772  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
11:50:04.0847 1772  C:\Windows\System32\SLUINotify.dll - ok
11:50:04.0849 1772  [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
11:50:04.0849 1772  C:\Windows\System32\tcpipcfg.dll - ok
11:50:04.0852 1772  [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
11:50:04.0852 1772  C:\Windows\System32\snmptrap.exe - ok
11:50:04.0854 1772  [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
11:50:04.0854 1772  C:\Windows\System32\spoolsv.exe - ok
11:50:04.0856 1772  [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
11:50:04.0856 1772  C:\Windows\System32\ssdpsrv.dll - ok
11:50:04.0858 1772  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
11:50:04.0858 1772  C:\Windows\System32\wiaservc.dll - ok
11:50:04.0860 1772  [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
11:50:04.0860 1772  C:\Windows\System32\swprv.dll - ok
11:50:04.0862 1772  [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
11:50:04.0862 1772  C:\Windows\System32\sysmain.dll - ok
11:50:04.0864 1772  [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll
11:50:04.0864 1772  C:\Windows\System32\TabSvc.dll - ok
11:50:04.0866 1772  [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
11:50:04.0866 1772  C:\Windows\System32\tapisrv.dll - ok
11:50:04.0868 1772  [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
11:50:04.0868 1772  C:\Windows\System32\tbssvc.dll - ok
11:50:04.0870 1772  [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
11:50:04.0870 1772  C:\Windows\System32\termsrv.dll - ok
11:50:04.0872 1772  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
11:50:04.0872 1772  C:\Windows\servicing\TrustedInstaller.exe - ok
11:50:04.0874 1772  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll
11:50:04.0874 1772  C:\Windows\System32\trkwks.dll - ok
11:50:04.0876 1772  [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
11:50:04.0876 1772  C:\Windows\System32\UI0Detect.exe - ok
11:50:04.0878 1772  [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
11:50:04.0878 1772  C:\Windows\System32\upnphost.dll - ok
11:50:04.0880 1772  [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
11:50:04.0880 1772  C:\Windows\System32\dwm.exe - ok
11:50:04.0882 1772  [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
11:50:04.0882 1772  C:\Windows\System32\vds.exe - ok
11:50:04.0884 1772  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
11:50:04.0884 1772  C:\Windows\System32\VSSVC.exe - ok
11:50:04.0886 1772  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
11:50:04.0886 1772  C:\Windows\System32\w32time.dll - ok
11:50:04.0888 1772  [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
11:50:04.0888 1772  C:\Windows\System32\wcncsvc.dll - ok
11:50:04.0890 1772  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
11:50:04.0890 1772  C:\Windows\System32\WcsPlugInService.dll - ok
11:50:04.0892 1772  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] C:\Windows\System32\drivers\Wdf01000.sys
11:50:04.0892 1772  C:\Windows\System32\drivers\Wdf01000.sys - ok
11:50:04.0894 1772  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
11:50:04.0894 1772  C:\Windows\System32\wdi.dll - ok
11:50:04.0896 1772  [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll
11:50:04.0896 1772  C:\Windows\System32\WebClnt.dll - ok
11:50:04.0899 1772  [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
11:50:04.0899 1772  C:\Windows\System32\wecsvc.dll - ok
11:50:04.0900 1772  [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
11:50:04.0900 1772  C:\Windows\System32\wercplsupport.dll - ok
11:50:04.0902 1772  [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
11:50:04.0902 1772  C:\Windows\System32\wersvc.dll - ok
11:50:04.0904 1772  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
11:50:04.0904 1772  C:\Windows\System32\wbem\WMIsvc.dll - ok
11:50:04.0906 1772  [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
11:50:04.0906 1772  C:\Windows\System32\winhttp.dll - ok
11:50:04.0908 1772  [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
11:50:04.0908 1772  C:\Windows\System32\WsmSvc.dll - ok
11:50:04.0910 1772  [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
11:50:04.0910 1772  C:\Windows\System32\wlansvc.dll - ok
11:50:04.0913 1772  [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
11:50:04.0913 1772  C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
11:50:04.0915 1772  [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
11:50:04.0915 1772  C:\Windows\System32\wbem\WmiApSrv.exe - ok
11:50:04.0917 1772  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:50:04.0917 1772  C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
11:50:04.0919 1772  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
11:50:04.0919 1772  C:\Windows\System32\wpcsvc.dll - ok
11:50:04.0921 1772  [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
11:50:04.0921 1772  C:\Windows\System32\wpdbusenum.dll - ok
11:50:04.0923 1772  [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
11:50:04.0923 1772  C:\Windows\System32\wscsvc.dll - ok
11:50:04.0925 1772  [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe
11:50:04.0925 1772  C:\Windows\System32\SearchIndexer.exe - ok
11:50:04.0927 1772  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
11:50:04.0927 1772  C:\Windows\System32\wuaueng.dll - ok
11:50:04.0929 1772  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
11:50:04.0929 1772  C:\Windows\System32\drivers\WUDFPf.sys - ok
11:50:04.0931 1772  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
11:50:04.0931 1772  C:\Windows\System32\WUDFSvc.dll - ok
11:50:04.0933 1772  [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
11:50:04.0933 1772  C:\Windows\System32\scecli.dll - ok
11:50:04.0935 1772  [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
11:50:04.0935 1772  C:\Windows\System32\ntmarta.dll - ok
11:50:04.0937 1772  [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
11:50:04.0937 1772  C:\Windows\System32\powrprof.dll - ok
11:50:04.0939 1772  [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
11:50:04.0939 1772  C:\Windows\System32\svchost.exe - ok
11:50:04.0941 1772  [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
11:50:04.0941 1772  C:\Windows\System32\drivers\luafv.sys - ok
11:50:04.0943 1772  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
11:50:04.0943 1772  C:\Windows\System32\rpcss.dll - ok
11:50:04.0945 1772  [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
11:50:04.0945 1772  C:\Windows\System32\version.dll - ok
11:50:04.0947 1772  [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
11:50:04.0947 1772  C:\Windows\System32\LogonUI.exe - ok
11:50:04.0949 1772  [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
11:50:04.0949 1772  C:\Windows\System32\avrt.dll - ok
11:50:04.0951 1772  [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
11:50:04.0951 1772  C:\Windows\System32\MMDevAPI.dll - ok
11:50:04.0953 1772  [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
11:50:04.0953 1772  C:\Windows\System32\wtsapi32.dll - ok
11:50:04.0956 1772  [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
11:50:04.0956 1772  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
11:50:04.0958 1772  [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll
11:50:04.0958 1772  C:\Windows\System32\wintrust.dll - ok
11:50:04.0960 1772  [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
11:50:04.0960 1772  C:\Windows\System32\WUDFPlatform.dll - ok
11:50:04.0962 1772  [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
11:50:04.0962 1772  C:\Windows\System32\authui.dll - ok
11:50:04.0964 1772  [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
11:50:04.0964 1772  C:\Windows\System32\cabinet.dll - ok
11:50:04.0966 1772  [ 97FEF831AB90BEE128C9AF390E243F80 ] C:\Windows\System32\drivers\drmkaud.sys
11:50:04.0966 1772  C:\Windows\System32\drivers\drmkaud.sys - ok
11:50:04.0968 1772  [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
11:50:04.0968 1772  C:\Windows\System32\msimg32.dll - ok
11:50:04.0970 1772  [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
11:50:04.0970 1772  C:\Windows\System32\uxtheme.dll - ok
11:50:04.0972 1772  [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
11:50:04.0972 1772  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
11:50:04.0975 1772  [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
11:50:04.0975 1772  C:\Windows\System32\duser.dll - ok
11:50:04.0977 1772  [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
11:50:04.0977 1772  C:\Windows\System32\adtschema.dll - ok
11:50:04.0979 1772  [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
11:50:04.0979 1772  C:\Windows\System32\xmllite.dll - ok
11:50:04.0981 1772  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
11:50:04.0981 1772  C:\Windows\System32\drivers\fltMgr.sys - ok
11:50:04.0983 1772  [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
11:50:04.0983 1772  C:\Windows\System32\PSHED.DLL - ok
11:50:04.0985 1772  [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
11:50:04.0985 1772  C:\Windows\System32\audiodg.exe - ok
11:50:04.0987 1772  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
11:50:04.0987 1772  C:\Windows\System32\gpsvc.dll - ok
11:50:04.0989 1772  [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
11:50:04.0989 1772  C:\Windows\System32\nlaapi.dll - ok
11:50:04.0991 1772  [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
11:50:04.0991 1772  C:\Windows\System32\atl.dll - ok
11:50:04.0993 1772  [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
11:50:04.0993 1772  C:\Windows\System32\es.dll - ok
11:50:04.0995 1772  [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
11:50:04.0995 1772  C:\Windows\System32\propsys.dll - ok
11:50:04.0997 1772  [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
11:50:04.0997 1772  C:\Windows\System32\drivers\spsys.sys - ok
11:50:04.0999 1772  [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
11:50:04.0999 1772  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
11:50:05.0001 1772  [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
11:50:05.0001 1772  C:\Windows\System32\rasplap.dll - ok
11:50:05.0003 1772  [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
11:50:05.0003 1772  C:\Windows\System32\rasapi32.dll - ok
11:50:05.0005 1772  [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
11:50:05.0005 1772  C:\Windows\System32\rasman.dll - ok
11:50:05.0007 1772  [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
11:50:05.0007 1772  C:\Windows\System32\tapi32.dll - ok
11:50:05.0009 1772  [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
11:50:05.0009 1772  C:\Windows\System32\rtutils.dll - ok
11:50:05.0011 1772  [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
11:50:05.0011 1772  C:\Windows\System32\oleacc.dll - ok
11:50:05.0013 1772  [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
11:50:05.0013 1772  C:\Windows\System32\winmm.dll - ok
11:50:05.0015 1772  [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
11:50:05.0015 1772  C:\Windows\System32\WinSCard.dll - ok
11:50:05.0017 1772  [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
11:50:05.0017 1772  C:\Windows\System32\shgina.dll - ok
11:50:05.0019 1772  [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
11:50:05.0019 1772  C:\Windows\System32\shacct.dll - ok
11:50:05.0021 1772  [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
11:50:05.0021 1772  C:\Windows\System32\ksuser.dll - ok
11:50:05.0023 1772  [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
11:50:05.0023 1772  C:\Windows\System32\wdmaud.drv - ok
11:50:05.0025 1772  [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
11:50:05.0025 1772  C:\Windows\System32\WindowsCodecs.dll - ok
11:50:05.0027 1772  [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll
11:50:05.0027 1772  C:\Windows\System32\AudioEng.dll - ok
11:50:05.0029 1772  [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll
11:50:05.0029 1772  C:\Windows\System32\AudioSes.dll - ok
11:50:05.0031 1772  [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
11:50:05.0031 1772  C:\Windows\System32\uxsms.dll - ok
11:50:05.0033 1772  [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
11:50:05.0034 1772  C:\Windows\System32\hid.dll - ok
11:50:05.0035 1772  [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
11:50:05.0035 1772  C:\Windows\System32\msacm32.dll - ok
11:50:05.0037 1772  [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv
11:50:05.0037 1772  C:\Windows\System32\msacm32.drv - ok
11:50:05.0039 1772  [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll
11:50:05.0039 1772  C:\Windows\System32\midimap.dll - ok
11:50:05.0041 1772  [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll
11:50:05.0042 1772  C:\Windows\System32\AUDIOKSE.dll - ok
11:50:05.0044 1772  [ DE36C8BA1D1EF2E3EE533AE1335C5125 ] C:\Windows\System32\stapo.dll
11:50:05.0044 1772  C:\Windows\System32\stapo.dll - ok
11:50:05.0046 1772  [ 5EF35DBD3B14B1E595712C92949C349E ] C:\Windows\System32\ctapo32.dll
11:50:05.0046 1772  C:\Windows\System32\ctapo32.dll - ok
11:50:05.0048 1772  [ 980B6A5F92B8DB235C4A26728C2BE732 ] C:\Windows\System32\WUDFHost.exe
11:50:05.0048 1772  C:\Windows\System32\WUDFHost.exe - ok
11:50:05.0050 1772  [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll
11:50:05.0050 1772  C:\Windows\System32\WMALFXGFXDSP.dll - ok
11:50:05.0052 1772  [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll
11:50:05.0052 1772  C:\Windows\System32\mfplat.dll - ok
11:50:05.0054 1772  [ 76FD230DEAB73D2826458617DBB56A63 ] C:\Windows\System32\winusb.dll
11:50:05.0054 1772  C:\Windows\System32\winusb.dll - ok
11:50:05.0056 1772  [ A36F7A256E65D858A7039DB00ADEEBDD ] C:\Windows\System32\WUDFx.dll
11:50:05.0056 1772  C:\Windows\System32\WUDFx.dll - ok
11:50:05.0058 1772  [ 41063BCBDA6BF0639956E42466895F29 ] C:\Windows\System32\drivers\UMDF\AuxiliaryDisplayEnhancedDriver.dll
11:50:05.0058 1772  C:\Windows\System32\drivers\UMDF\AuxiliaryDisplayEnhancedDriver.dll - ok
11:50:05.0060 1772  [ D3B50C4A22A0DF8639DC4A73A7A51BEA ] C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
11:50:05.0060 1772  C:\Windows\System32\AuxiliaryDisplayDriverLib.dll - ok
11:50:05.0062 1772  [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
11:50:05.0062 1772  C:\Windows\System32\PortableDeviceApi.dll - ok
11:50:05.0064 1772  [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll
11:50:05.0064 1772  C:\Windows\System32\PortableDeviceTypes.dll - ok
11:50:05.0067 1772  [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
11:50:05.0067 1772  C:\Windows\System32\drivers\lltdio.sys - ok
11:50:05.0069 1772  [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
11:50:05.0069 1772  C:\Windows\System32\drivers\rspndr.sys - ok
11:50:05.0071 1772  [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
11:50:05.0071 1772  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
11:50:05.0073 1772  [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
11:50:05.0073 1772  C:\Windows\System32\ktmw32.dll - ok
11:50:05.0075 1772  [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
11:50:05.0075 1772  C:\Windows\System32\taskcomp.dll - ok
11:50:05.0077 1772  [ F870AA3E254628EBEAFE754108D664DE ] C:\Windows\System32\drivers\http.sys
11:50:05.0077 1772  C:\Windows\System32\drivers\http.sys - ok
11:50:05.0079 1772  [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
11:50:05.0079 1772  C:\Windows\System32\drivers\srvnet.sys - ok
11:50:05.0081 1772  [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
11:50:05.0081 1772  C:\Windows\System32\spoolss.dll - ok
11:50:05.0083 1772  [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys
11:50:05.0083 1772  C:\Windows\System32\drivers\fastfat.sys - ok
11:50:05.0085 1772  [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
11:50:05.0085 1772  C:\Windows\System32\dllhost.exe - ok
11:50:05.0087 1772  [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
11:50:05.0087 1772  C:\Windows\System32\FWPUCLNT.DLL - ok
11:50:05.0089 1772  [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
11:50:05.0089 1772  C:\Windows\System32\shimeng.dll - ok
11:50:05.0091 1772  [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
11:50:05.0091 1772  C:\Windows\System32\drivers\bowser.sys - ok
11:50:05.0093 1772  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
11:50:05.0093 1772  C:\Windows\System32\drivers\mpsdrv.sys - ok
11:50:05.0095 1772  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
11:50:05.0095 1772  C:\Windows\System32\drivers\mrxsmb.sys - ok
11:50:05.0097 1772  [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
11:50:05.0097 1772  C:\Windows\System32\MPSSVC.dll - ok
11:50:05.0099 1772  [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
11:50:05.0099 1772  C:\Windows\System32\drivers\mrxsmb10.sys - ok
11:50:05.0101 1772  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
11:50:05.0101 1772  C:\Windows\System32\drivers\mrxsmb20.sys - ok
11:50:05.0103 1772  [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
11:50:05.0103 1772  C:\Windows\System32\drivers\srv2.sys - ok
11:50:05.0105 1772  [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
11:50:05.0105 1772  C:\Windows\System32\wiarpc.dll - ok
11:50:05.0107 1772  [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe
11:50:05.0107 1772  C:\Windows\System32\AtBroker.exe - ok
11:50:05.0109 1772  [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
11:50:05.0109 1772  C:\Windows\System32\taskeng.exe - ok
11:50:05.0111 1772  [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
11:50:05.0111 1772  C:\Windows\System32\userinit.exe - ok
11:50:05.0113 1772  [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
11:50:05.0113 1772  C:\Windows\System32\dwmapi.dll - ok
11:50:05.0115 1772  [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
11:50:05.0115 1772  C:\Windows\System32\winrnr.dll - ok
11:50:05.0118 1772  [ 109D9238C7DA72F9733D3DB85A31F5C4 ] C:\Program Files\Bonjour\mdnsNSP.dll
11:50:05.0118 1772  C:\Program Files\Bonjour\mdnsNSP.dll - ok
11:50:05.0120 1772  [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
11:50:05.0120 1772  C:\Windows\System32\rasadhlp.dll - ok
11:50:05.0122 1772  [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
11:50:05.0122 1772  C:\Windows\System32\dwmredir.dll - ok
11:50:05.0124 1772  [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
11:50:05.0124 1772  C:\Windows\System32\drivers\srv.sys - ok
11:50:05.0126 1772  [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
11:50:05.0126 1772  C:\Windows\System32\milcore.dll - ok
11:50:05.0128 1772  [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
11:50:05.0128 1772  C:\Windows\System32\wfapigp.dll - ok
11:50:05.0130 1772  [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
11:50:05.0130 1772  C:\Windows\System32\TSChannel.dll - ok
11:50:05.0132 1772  [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
11:50:05.0132 1772  C:\Windows\System32\umb.dll - ok
11:50:05.0134 1772  [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll
11:50:05.0134 1772  C:\Windows\System32\localspl.dll - ok
11:50:05.0136 1772  [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
11:50:05.0136 1772  C:\Windows\System32\sfc.dll - ok
11:50:05.0138 1772  [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
11:50:05.0138 1772  C:\Windows\System32\winspool.drv - ok
11:50:05.0140 1772  [ D914A720ACDDDA8D9E9F4A32EE2D3BC0 ] C:\Windows\System32\E_TLBHVA.DLL
11:50:05.0140 1772  C:\Windows\System32\E_TLBHVA.DLL - ok
11:50:05.0142 1772  [ 336B96830AC7A93800A76BD4ADFA1B9F ] C:\Windows\System32\enppmon.dll
11:50:05.0142 1772  C:\Windows\System32\enppmon.dll - ok
11:50:05.0144 1772  [ BED7741C3668517B13A1D15600CA60DC ] C:\Windows\System32\enpres.dll
11:50:05.0144 1772  C:\Windows\System32\enpres.dll - ok
11:50:05.0146 1772  [ 8C053E5EEC2846D8A2A09AA4D2C79792 ] C:\Windows\System32\hpz3l692.dll
11:50:05.0146 1772  C:\Windows\System32\hpz3l692.dll - ok
11:50:05.0148 1772  [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
11:50:05.0148 1772  C:\Windows\System32\tcpmon.dll - ok
11:50:05.0150 1772  [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
11:50:05.0150 1772  C:\Windows\System32\snmpapi.dll - ok
11:50:05.0152 1772  [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
11:50:05.0152 1772  C:\Windows\System32\wsnmp32.dll - ok
11:50:05.0154 1772  [ 0296DAEB5555A248E8ABF7E5012A37A6 ] C:\Windows\System32\msxml6.dll
11:50:05.0154 1772  C:\Windows\System32\msxml6.dll - ok
11:50:05.0156 1772  [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
11:50:05.0156 1772  C:\Windows\System32\tcpmib.dll - ok
11:50:05.0158 1772  [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
11:50:05.0158 1772  C:\Windows\System32\mgmtapi.dll - ok
11:50:05.0160 1772  [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
11:50:05.0160 1772  C:\Windows\System32\usbmon.dll - ok
11:50:05.0162 1772  [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
11:50:05.0162 1772  C:\Windows\System32\WSDMon.dll - ok
11:50:05.0164 1772  [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
11:50:05.0164 1772  C:\Windows\System32\WSDApi.dll - ok
11:50:05.0166 1772  [ F86293D93760C70ADF4F19E66E3FA5E8 ] C:\Windows\System32\httpapi.dll
11:50:05.0166 1772  C:\Windows\System32\httpapi.dll - ok
11:50:05.0168 1772  [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
11:50:05.0168 1772  C:\Windows\System32\cfgmgr32.dll - ok
11:50:05.0170 1772  [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
11:50:05.0170 1772  C:\Windows\explorer.exe - ok
11:50:05.0172 1772  [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
11:50:05.0172 1772  C:\Windows\System32\fundisc.dll - ok
11:50:05.0174 1772  [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
11:50:05.0174 1772  C:\Windows\System32\msxml3.dll - ok
11:50:05.0176 1772  [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
11:50:05.0176 1772  C:\Windows\System32\shdocvw.dll - ok
11:50:05.0178 1772  [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
11:50:05.0178 1772  C:\Windows\System32\browseui.dll - ok
11:50:05.0180 1772  [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
11:50:05.0180 1772  C:\Windows\System32\HotStartUserAgent.dll - ok
11:50:05.0182 1772  [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
11:50:05.0182 1772  C:\Windows\System32\PlaySndSrv.dll - ok
11:50:05.0184 1772  [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
11:50:05.0184 1772  C:\Windows\System32\MsCtfMonitor.dll - ok
11:50:05.0186 1772  [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
11:50:05.0186 1772  C:\Windows\System32\msutb.dll - ok
11:50:05.0188 1772  [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
11:50:05.0188 1772  C:\Windows\System32\wsdchngr.dll - ok
11:50:05.0190 1772  [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
11:50:05.0190 1772  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
11:50:05.0192 1772  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files\Google\Update\1.3.21.145\goopdate.dll
11:50:05.0192 1772  C:\Program Files\Google\Update\1.3.21.145\goopdate.dll - ok
11:50:05.0195 1772  [ 93A7308E84ACA26622A5A2FE6DBBE29C ] C:\Windows\System32\spool\prtprocs\w32x86\hpzpp692.dll
11:50:05.0195 1772  C:\Windows\System32\spool\prtprocs\w32x86\hpzpp692.dll - ok
11:50:05.0197 1772  [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
11:50:05.0197 1772  C:\Windows\System32\msi.dll - ok
11:50:05.0199 1772  [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
11:50:05.0199 1772  C:\Windows\System32\d3d9.dll - ok
11:50:05.0201 1772  [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
11:50:05.0201 1772  C:\Windows\System32\d3d8thk.dll - ok
11:50:05.0203 1772  [ 0C7B5EB59E3B307AA7022F7823F6BCD4 ] C:\Windows\System32\nvd3dum.dll
11:50:05.0203 1772  C:\Windows\System32\nvd3dum.dll - ok
11:50:05.0205 1772  [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
11:50:05.0205 1772  C:\Windows\System32\cscapi.dll - ok
11:50:05.0207 1772  [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll
11:50:05.0207 1772  C:\Windows\System32\uDWM.dll - ok
11:50:05.0209 1772  [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
11:50:05.0209 1772  C:\Windows\System32\dbghelp.dll - ok
11:50:05.0211 1772  [ 6D74290856347CF8682277A54B433D4B ] C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
11:50:05.0211 1772  C:\Users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok
11:50:05.0213 1772  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
11:50:05.0213 1772  C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
11:50:05.0215 1772  [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
11:50:05.0215 1772  C:\Windows\System32\win32spl.dll - ok
11:50:05.0218 1772  [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
11:50:05.0218 1772  C:\Windows\System32\netrap.dll - ok
11:50:05.0220 1772  [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
11:50:05.0220 1772  C:\Windows\System32\printcom.dll - ok
11:50:05.0222 1772  [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
11:50:05.0222 1772  C:\Windows\System32\SensApi.dll - ok
11:50:05.0224 1772  [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
11:50:05.0224 1772  C:\Windows\System32\inetpp.dll - ok
11:50:05.0226 1772  [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
11:50:05.0226 1772  C:\Windows\System32\mstask.dll - ok
11:50:05.0228 1772  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\Richard\AppData\Roaming\Dropbox\bin\msvcp71.dll
11:50:05.0228 1772  C:\Users\Richard\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok
11:50:05.0230 1772  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\Richard\AppData\Roaming\Dropbox\bin\msvcr71.dll
11:50:05.0230 1772  C:\Users\Richard\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok
11:50:05.0232 1772  [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
11:50:05.0232 1772  C:\Windows\System32\EhStorShell.dll - ok
11:50:05.0234 1772  [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
11:50:05.0234 1772  C:\Windows\System32\imageres.dll - ok
11:50:05.0236 1772  [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
11:50:05.0236 1772  C:\Windows\System32\TMM.dll - ok
11:50:05.0238 1772  [ C465CD7D13A8BBA6A3A5BFDC244369D8 ] C:\Windows\System32\nvapi.dll
11:50:05.0238 1772  C:\Windows\System32\nvapi.dll - ok
11:50:05.0240 1772  [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
11:50:05.0240 1772  C:\Windows\System32\IconCodecService.dll - ok
11:50:05.0242 1772  [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
11:50:05.0242 1772  C:\Windows\System32\QAGENT.DLL - ok
11:50:05.0244 1772  [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
11:50:05.0244 1772  C:\Windows\System32\QUTIL.DLL - ok
11:50:05.0246 1772  [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
11:50:05.0246 1772  C:\Windows\System32\clusapi.dll - ok
11:50:05.0248 1772  [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
11:50:05.0248 1772  C:\Windows\System32\netmsg.dll - ok
11:50:05.0250 1772  [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
11:50:05.0250 1772  C:\Windows\System32\sscore.dll - ok
11:50:05.0252 1772  [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
11:50:05.0252 1772  C:\Windows\System32\activeds.dll - ok
11:50:05.0254 1772  [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
11:50:05.0254 1772  C:\Windows\System32\adsldpc.dll - ok
11:50:05.0256 1772  [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
11:50:05.0256 1772  C:\Windows\System32\credui.dll - ok
11:50:05.0258 1772  [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
11:50:05.0258 1772  C:\Windows\System32\resutils.dll - ok
11:50:05.0260 1772  [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
11:50:05.0260 1772  C:\Windows\System32\vssapi.dll - ok
11:50:05.0262 1772  [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
11:50:05.0262 1772  C:\Windows\System32\wdscore.dll - ok
11:50:05.0264 1772  [ 2969D26EEE289BE7422AA46FC55F4E38 ] C:\Windows\System32\HPZinw12.dll
11:50:05.0264 1772  C:\Windows\System32\HPZinw12.dll - ok
11:50:05.0266 1772  [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
11:50:05.0266 1772  C:\Windows\System32\wsock32.dll - ok
11:50:05.0268 1772  [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
11:50:05.0268 1772  C:\Windows\System32\taskschd.dll - ok
11:50:05.0270 1772  [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
11:50:05.0270 1772  C:\Windows\System32\diagperf.dll - ok
11:50:05.0272 1772  [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll
11:50:05.0272 1772  C:\Windows\System32\cryptnet.dll - ok
11:50:05.0274 1772  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] C:\Windows\System32\drivers\npf.sys
11:50:05.0274 1772  C:\Windows\System32\drivers\npf.sys - ok
11:50:05.0276 1772  [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
11:50:05.0276 1772  C:\Windows\System32\vsstrace.dll - ok
11:50:05.0278 1772  [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
11:50:05.0278 1772  C:\Windows\System32\ncsi.dll - ok
11:50:05.0281 1772  [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
11:50:05.0281 1772  C:\Windows\System32\drivers\PEAuth.sys - ok
11:50:05.0283 1772  [ BAFC9706BDF425A02B66468AB2605C59 ] C:\Windows\System32\HPZipm12.dll
11:50:05.0283 1772  C:\Windows\System32\HPZipm12.dll - ok
11:50:05.0285 1772  [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
11:50:05.0285 1772  C:\Windows\System32\pnpts.dll - ok
11:50:05.0287 1772  [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
11:50:05.0287 1772  C:\Windows\System32\drivers\secdrv.sys - ok
11:50:05.0289 1772  [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
11:50:05.0289 1772  C:\Windows\System32\IPSECSVC.DLL - ok
11:50:05.0291 1772  [ CD21572F83F7EC6E2C20C465967BEDD9 ] C:\Windows\System32\drivers\tcpipreg.sys
11:50:05.0291 1772  C:\Windows\System32\drivers\tcpipreg.sys - ok
11:50:05.0293 1772  [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
11:50:05.0293 1772  C:\Windows\System32\icaapi.dll - ok
11:50:05.0295 1772  [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
11:50:05.0295 1772  C:\Windows\System32\ssdpapi.dll - ok
11:50:05.0297 1772  [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
11:50:05.0297 1772  C:\Windows\System32\wiatrace.dll - ok
11:50:05.0299 1772  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
11:50:05.0299 1772  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
11:50:05.0301 1772  [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
11:50:05.0301 1772  C:\Windows\System32\wbemcomn.dll - ok
11:50:05.0303 1772  [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
11:50:05.0303 1772  C:\Windows\System32\FwRemoteSvr.dll - ok
11:50:05.0305 1772  [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
11:50:05.0305 1772  C:\Windows\System32\wbem\WinMgmtR.dll - ok
11:50:05.0307 1772  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
11:50:05.0307 1772  C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
11:50:05.0310 1772  [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\System32\wer.dll
11:50:05.0310 1772  C:\Windows\System32\wer.dll - ok
11:50:05.0312 1772  [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll
11:50:05.0312 1772  C:\Windows\System32\tquery.dll - ok
11:50:05.0314 1772  [ 9C879E1C3B27085FB46EFECCD7120D51 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
11:50:05.0314 1772  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
11:50:05.0316 1772  [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll
11:50:05.0316 1772  C:\Windows\System32\mssrch.dll - ok
11:50:05.0318 1772  [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
11:50:05.0318 1772  C:\Windows\System32\wbem\wbemprox.dll - ok
11:50:05.0320 1772  [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
11:50:05.0320 1772  C:\Windows\System32\wbem\wbemcore.dll - ok
11:50:05.0322 1772  [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
11:50:05.0322 1772  C:\Windows\System32\wbem\esscli.dll - ok
11:50:05.0324 1772  [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll
11:50:05.0324 1772  C:\Windows\System32\msidle.dll - ok
11:50:05.0326 1772  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
11:50:05.0326 1772  C:\Windows\System32\netprofm.dll - ok
11:50:05.0327 1772  [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll
11:50:05.0327 1772  C:\Windows\System32\mssprxy.dll - ok
11:50:05.0330 1772  [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
11:50:05.0330 1772  C:\Windows\System32\npmproxy.dll - ok
11:50:05.0332 1772  [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll
11:50:05.0332 1772  C:\Windows\System32\Query.dll - ok
11:50:05.0334 1772  [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
11:50:05.0334 1772  C:\Windows\System32\wbem\fastprox.dll - ok
11:50:05.0336 1772  [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
11:50:05.0336 1772  C:\Windows\System32\pcadm.dll - ok
11:50:05.0338 1772  [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
11:50:05.0338 1772  C:\Windows\System32\wbem\repdrvfs.dll - ok
11:50:05.0340 1772  [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
11:50:05.0340 1772  C:\Windows\System32\wbem\wbemsvc.dll - ok
11:50:05.0342 1772  [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
11:50:05.0342 1772  C:\Windows\System32\wbem\wmiutils.dll - ok
11:50:05.0344 1772  [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
11:50:05.0344 1772  C:\Windows\System32\p2pcollab.dll - ok
11:50:05.0346 1772  [ C8DBFEF835FF54467425C8F3ABCF7046 ] C:\Windows\System32\dssenh.dll
11:50:05.0346 1772  C:\Windows\System32\dssenh.dll - ok
11:50:05.0348 1772  [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
11:50:05.0348 1772  C:\Windows\System32\runonce.exe - ok
11:50:05.0350 1772  [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
11:50:05.0350 1772  C:\Windows\System32\cmd.exe - ok
11:50:05.0352 1772  [ DFE118C95C6571B87D1923DAB3FA0A77 ] C:\Windows\System32\ieframe.dll
11:50:05.0352 1772  C:\Windows\System32\ieframe.dll - ok
11:50:05.0354 1772  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Richard\AppData\Local\Temp\0CD4C447-58A8-462A-8877-3273D1C9B18C.exe
11:50:05.0354 1772  C:\Users\Richard\AppData\Local\Temp\0CD4C447-58A8-462A-8877-3273D1C9B18C.exe - ok
11:50:05.0357 1772  [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
11:50:05.0357 1772  C:\Windows\System32\sfc_os.dll - ok
11:50:05.0359 1772  [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
11:50:05.0359 1772  C:\Windows\System32\ie4uinit.exe - ok
11:50:05.0361 1772  [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
11:50:05.0361 1772  C:\Windows\System32\iedkcs32.dll - ok
11:50:05.0363 1772  [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
11:50:05.0363 1772  C:\Windows\System32\timedate.cpl - ok
11:50:05.0365 1772  [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
11:50:05.0365 1772  C:\Windows\System32\actxprxy.dll - ok
11:50:05.0367 1772  [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
11:50:05.0367 1772  C:\Windows\System32\msshsq.dll - ok
11:50:05.0369 1772  [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
11:50:05.0369 1772  C:\Windows\System32\NaturalLanguage6.dll - ok
11:50:05.0371 1772  [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
11:50:05.0371 1772  C:\Windows\System32\NlsData0009.dll - ok
11:50:05.0373 1772  [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
11:50:05.0373 1772  C:\Windows\System32\NlsLexicons0009.dll - ok
11:50:05.0375 1772  [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
11:50:05.0375 1772  C:\Windows\System32\linkinfo.dll - ok
11:50:05.0377 1772  [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
11:50:05.0377 1772  C:\Windows\System32\networkexplorer.dll - ok
11:50:05.0379 1772  [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
11:50:05.0379 1772  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
11:50:05.0381 1772  [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
11:50:05.0381 1772  C:\Windows\System32\wbem\wbemess.dll - ok
11:50:05.0383 1772  [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll
11:50:05.0383 1772  C:\Windows\System32\thumbcache.dll - ok
11:50:05.0385 1772  [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
11:50:05.0385 1772  C:\Windows\System32\ntshrui.dll - ok
11:50:05.0387 1772  [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui
11:50:05.0387 1772  C:\Windows\System32\en-US\tquery.dll.mui - ok
11:50:05.0389 1772  [ 4E9592BB2C100E571F82640E59E9ECD5 ] C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe
11:50:05.0389 1772  C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe - ok
11:50:05.0392 1772  [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
11:50:05.0392 1772  C:\Windows\System32\ExplorerFrame.dll - ok
11:50:05.0394 1772  [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
11:50:05.0394 1772  C:\Windows\System32\control.exe - ok
11:50:05.0396 1772  [ 7E6EA9CB72B5DE84A5D700BED877E5F9 ] C:\Program Files\Windows Mail\WinMail.exe
11:50:05.0396 1772  C:\Program Files\Windows Mail\WinMail.exe - ok
11:50:05.0398 1772  [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe
11:50:05.0398 1772  C:\Windows\System32\wuapp.exe - ok
11:50:05.0400 1772  [ 70C6489D56008D75DEDF73226FA63C11 ] C:\Windows\System32\dimsjob.dll
11:50:05.0400 1772  C:\Windows\System32\dimsjob.dll - ok
11:50:05.0402 1772  [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\Windows\System32\pautoenr.dll
11:50:05.0402 1772  C:\Windows\System32\pautoenr.dll - ok
11:50:05.0404 1772  [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll
11:50:05.0404 1772  C:\Windows\System32\msiltcfg.dll - ok
11:50:05.0406 1772  [ AAD90F2FC00C65D335D3A58D4622E7ED ] C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
11:50:05.0406 1772  C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe - ok
11:50:05.0408 1772  [ 32732CEDE2A1106B736EF3D84054EE04 ] C:\Program Files\Internet Explorer\iexplore.exe
11:50:05.0408 1772  C:\Program Files\Internet Explorer\iexplore.exe - ok
11:50:05.0410 1772  [ 57E5C81E3D2B193B688DC98B46648D07 ] C:\Program Files\MyPublisher\MyPublisher\MyPublisher40.exe
11:50:05.0410 1772  C:\Program Files\MyPublisher\MyPublisher\MyPublisher40.exe - ok
11:50:05.0413 1772  [ E47C854A28A81F2939F42CBE9FEA994C ] C:\Windows\System32\Magnify.exe
11:50:05.0413 1772  C:\Windows\System32\Magnify.exe - ok
11:50:05.0415 1772  [ 27BB54357A51594D9F9B6257B5B9A879 ] C:\Windows\System32\Narrator.exe
11:50:05.0415 1772  C:\Windows\System32\Narrator.exe - ok
11:50:05.0417 1772  [ 877F2939794EBA4F3D1BB967007E99E8 ] C:\Windows\System32\osk.exe
11:50:05.0417 1772  C:\Windows\System32\osk.exe - ok
11:50:05.0419 1772  [ 55921DE9BA5832E091EFF3B75241D99A ] C:\Users\Richard\AppData\Local\Amazon\Kindle\application\Kindle.exe
11:50:05.0419 1772  C:\Users\Richard\AppData\Local\Amazon\Kindle\application\Kindle.exe - ok
11:50:05.0421 1772  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\86133638.sys
11:50:05.0421 1772  C:\Windows\System32\drivers\86133638.sys - ok
11:50:05.0423 1772  [ 3982AA85A3E1B5A3F82CBD76E286A780 ] C:\Users\Richard\AppData\Local\Amazon\Kindle\application\uninstall.exe
11:50:05.0423 1772  C:\Users\Richard\AppData\Local\Amazon\Kindle\application\uninstall.exe - ok
11:50:05.0425 1772  [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll
11:50:05.0425 1772  C:\Windows\System32\mlang.dll - ok
11:50:05.0428 1772  [ 1D976E6EF6552D29EB5D069AD3E46165 ] C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe
11:50:05.0428 1772  C:\Users\Richard\AppData\Roaming\Dropbox\bin\Dropbox.exe - ok
11:50:05.0430 1772  [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
11:50:05.0430 1772  C:\Windows\System32\riched20.dll - ok
11:50:05.0432 1772  [ 5360A504370DF08E95908DC1D6F5B759 ] C:\Users\Richard\AppData\Roaming\Dropbox\bin\Uninstall.exe
11:50:05.0432 1772  C:\Users\Richard\AppData\Roaming\Dropbox\bin\Uninstall.exe - ok
11:50:05.0434 1772  [ 1D2766B992FD3E7C2DA1D0F168FB843D ] C:\Program Files\Epson Software\Download Navigator\EPSDNAVI.EXE
11:50:05.0434 1772  C:\Program Files\Epson Software\Download Navigator\EPSDNAVI.EXE - ok
11:50:05.0437 1772  [ 29C81875332F7084321C3A82A9A7BF9F ] C:\Users\Richard\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
11:50:05.0437 1772  C:\Users\Richard\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe - ok
11:50:05.0439 1772  [ AC48FD62E22C4425879FCA5A63F50497 ] C:\Windows\System32\certcli.dll
11:50:05.0439 1772  C:\Windows\System32\certcli.dll - ok
11:50:05.0441 1772  [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
11:50:05.0441 1772  C:\Windows\System32\stobject.dll - ok
11:50:05.0443 1772  [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
11:50:05.0443 1772  C:\Windows\System32\batmeter.dll - ok
11:50:05.0445 1772  [ DAE3F3D34C1C28B9C5B2EBE44A90A141 ] C:\Program Files\WinRAR\WinRAR.exe
11:50:05.0445 1772  C:\Program Files\WinRAR\WinRAR.exe - ok
11:50:05.0447 1772  [ 90EF80BB93600EED36AE2F151980C9F6 ] C:\Program Files\Family Tree Maker 2012\FTM.exe
11:50:05.0447 1772  C:\Program Files\Family Tree Maker 2012\FTM.exe - ok
11:50:05.0449 1772  [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\Windows\System32\CertEnroll.dll
11:50:05.0449 1772  C:\Windows\System32\CertEnroll.dll - ok
11:50:05.0451 1772  [ 43D083268A0919F3527A2837390BAF63 ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
11:50:05.0451 1772  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok
11:50:05.0454 1772  [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
11:50:05.0454 1772  C:\Windows\System32\SndVolSSO.dll - ok
11:50:05.0456 1772  [ 313B30189557A2E2793F845DE0F0A4D5 ] C:\Windows\ehome\ehSSO.dll
11:50:05.0456 1772  C:\Windows\ehome\ehSSO.dll - ok
11:50:05.0458 1772  [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
11:50:05.0458 1772  C:\Windows\System32\netshell.dll - ok
11:50:05.0460 1772  [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll
11:50:05.0460 1772  C:\Windows\System32\pnidui.dll - ok
11:50:05.0462 1772  [ 989FA7EB30624BA0D856CF0EAB6E9035 ] C:\Program Files\Adobe\Adobe Digital Editions\digitaleditions.exe
11:50:05.0462 1772  C:\Program Files\Adobe\Adobe Digital Editions\digitaleditions.exe - ok
11:50:05.0464 1772  [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
11:50:05.0464 1772  C:\Windows\System32\wlanutil.dll - ok
11:50:05.0466 1772  [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
11:50:05.0466 1772  C:\Windows\System32\esent.dll - ok
11:50:05.0468 1772  [ 1CBE36F6B8F7F067FCEA10B7082FAE9E ] C:\Windows\System32\AuxiliaryDisplayServices.dll
11:50:05.0468 1772  C:\Windows\System32\AuxiliaryDisplayServices.dll - ok
11:50:05.0471 1772  [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
11:50:05.0471 1772  C:\Windows\System32\onex.dll - ok
11:50:05.0473 1772  [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
11:50:05.0473 1772  C:\Windows\System32\wlanapi.dll - ok
11:50:05.0475 1772  [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll
11:50:05.0475 1772  C:\Windows\System32\msscb.dll - ok
11:50:05.0477 1772  [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
11:50:05.0477 1772  C:\Windows\System32\eappcfg.dll - ok
11:50:05.0479 1772  [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
11:50:05.0479 1772  C:\Windows\System32\eappprxy.dll - ok
11:50:05.0481 1772  [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
11:50:05.0481 1772  C:\Program Files\Windows Calendar\WinCal.exe - ok
11:50:05.0483 1772  [ 6D8D737FE9272148F09606D2828DF4A1 ] C:\Program Files\Windows Mail\WindowsMailGadget.exe
11:50:05.0483 1772  C:\Program Files\Windows Mail\WindowsMailGadget.exe - ok
11:50:05.0486 1772  [ 2255E4077BB848072E72EE33B62E20B8 ] C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
11:50:05.0486 1772  C:\Program Files\Windows Media Player\WMPSideShowGadget.exe - ok
11:50:05.0488 1772  [ 011272E28AA6284AEA2A2B6920C4A4FB ] C:\Program Files\Amazon\Utilities\Amazon MP3 Uploader\Amazon MP3 Uploader.exe
11:50:05.0488 1772  C:\Program Files\Amazon\Utilities\Amazon MP3 Uploader\Amazon MP3 Uploader.exe - ok
11:50:05.0490 1772  [ 62CACC4A9C7C2BF244AAA2A7AD9ECE6D ] C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
11:50:05.0491 1772  C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe - ok
11:50:05.0493 1772  [ 7D821FF8789BF6F5CB1ED8755E647770 ] C:\Program Files\Audacity\audacity.exe
11:50:05.0493 1772  C:\Program Files\Audacity\audacity.exe - ok
11:50:05.0495 1772  [ FCBE52C7410791791EB1EF066D54FA1C ] C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
11:50:05.0495 1772  C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe - ok
11:50:05.0497 1772  [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll
11:50:05.0497 1772  C:\Windows\System32\rasdlg.dll - ok
11:50:05.0499 1772  [ A00D5FBFABBF281FD059BB0CDA55B6E8 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
11:50:05.0499 1772  C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
11:50:05.0501 1772  [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll
11:50:05.0501 1772  C:\Windows\System32\mprapi.dll - ok
11:50:05.0503 1772  [ 45BBBECA2927A3087A45C49A930686E5 ] C:\Program Files\2+2 v.2.1a\2+2.exe
11:50:05.0503 1772  C:\Program Files\2+2 v.2.1a\2+2.exe - ok
11:50:05.0506 1772  [ 4C765359AD026088738AD16BE589F027 ] C:\Program Files\2+2 v.2.1a\uninstall.exe
11:50:05.0506 1772  C:\Program Files\2+2 v.2.1a\uninstall.exe - ok
11:50:05.0508 1772  [ 1DAB2698993A297A66DA055C403DFCA6 ] C:\Program Files\4 Elements\4 Elements.exe
11:50:05.0508 1772  C:\Program Files\4 Elements\4 Elements.exe - ok
11:50:05.0510 1772  [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe
11:50:05.0510 1772  C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
11:50:05.0512 1772  [ 694F31C34AE423EBD1102642C31FDA89 ] C:\Program Files\4 Elements\ReflexiveArcade\unins000.exe
11:50:05.0512 1772  C:\Program Files\4 Elements\ReflexiveArcade\unins000.exe - ok
11:50:05.0514 1772  [ E46A4765F8E6D631C9C9CB0B083602F5 ] C:\Program Files\Windows Media Player\wmpnssci.dll
11:50:05.0514 1772  C:\Program Files\Windows Media Player\wmpnssci.dll - ok
11:50:05.0516 1772  [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll
11:50:05.0516 1772  C:\Windows\System32\AltTab.dll - ok
11:50:05.0518 1772  [ 648AB74D9C104FB500B6C4EEDC6A8772 ] C:\Windows\System32\wmpmde.dll
11:50:05.0518 1772  C:\Windows\System32\wmpmde.dll - ok
11:50:05.0520 1772  [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll
11:50:05.0520 1772  C:\Windows\System32\WPDShServiceObj.dll - ok
11:50:05.0522 1772  [ 1BCE2C02487972FF0D5E6702D79E7A75 ] C:\Program Files\7-Zip\7zFM.exe
11:50:05.0522 1772  C:\Program Files\7-Zip\7zFM.exe - ok
11:50:05.0524 1772  [ 338104E0E18307CD65604FE317B5FB8D ] C:\Windows\System32\mblctr.exe
11:50:05.0524 1772  C:\Windows\System32\mblctr.exe - ok
11:50:05.0526 1772  [ 67D16247C56C26A4F0D79D1A7F272B8F ] C:\Windows\System32\mf.dll
11:50:05.0526 1772  C:\Windows\System32\mf.dll - ok
11:50:05.0528 1772  [ B1AFF0B6DED627A1D22A6817DD58AC0F ] C:\Windows\System32\NetProj.exe
11:50:05.0528 1772  C:\Windows\System32\NetProj.exe - ok
11:50:05.0530 1772  [ 694AF8B27C9A0A99399E02CE977F986B ] C:\Windows\System32\mspaint.exe
11:50:05.0530 1772  C:\Windows\System32\mspaint.exe - ok
11:50:05.0532 1772  [ 16FEE292E95EDC274385103E6B498019 ] C:\Windows\System32\mstsc.exe
11:50:05.0532 1772  C:\Windows\System32\mstsc.exe - ok
11:50:05.0534 1772  [ 2495C4204C63678F8FD5D488CA7DAD26 ] C:\Windows\System32\evr.dll
11:50:05.0534 1772  C:\Windows\System32\evr.dll - ok
11:50:05.0536 1772  [ 9E35FF7F943AE0FB89192BFE058B7FD4 ] C:\Program Files\Windows Sidebar\sidebar.exe
11:50:05.0536 1772  C:\Program Files\Windows Sidebar\sidebar.exe - ok
11:50:05.0538 1772  [ 4DF10CE50010D70152944B51E03588B0 ] C:\Windows\System32\wmdrmsdk.dll
11:50:05.0538 1772  C:\Windows\System32\wmdrmsdk.dll - ok
11:50:05.0540 1772  [ EFD278F8129EE12F1D4AE0250494B791 ] C:\Windows\System32\dxva2.dll
11:50:05.0540 1772  C:\Windows\System32\dxva2.dll - ok
11:50:05.0542 1772  [ E80DB295132C5EF0C623935422BD0FC7 ] C:\Windows\System32\SnippingTool.exe
11:50:05.0542 1772  C:\Windows\System32\SnippingTool.exe - ok
11:50:05.0544 1772  [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll
11:50:05.0544 1772  C:\Windows\System32\upnp.dll - ok
11:50:05.0546 1772  [ 248F33A6C2380757BC1E20E34D9E827B ] C:\Windows\System32\SoundRecorder.exe
11:50:05.0546 1772  C:\Windows\System32\SoundRecorder.exe - ok
11:50:05.0549 1772  [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe
11:50:05.0549 1772  C:\Windows\System32\mobsync.exe - ok
11:50:05.0551 1772  [ 19D0FC69D4E68D5CE2E4B34940529727 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
11:50:05.0551 1772  C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
11:50:05.0553 1772  [ 015E99A7634B93E8BB0380C70F3D2CC3 ] C:\Windows\System32\wmp.dll
11:50:05.0553 1772  C:\Windows\System32\wmp.dll - ok
11:50:05.0555 1772  [ 105A4D87C8DCF2CF5DB042830B203E5F ] C:\Windows\Speech\Common\sapisvr.exe
11:50:05.0555 1772  C:\Windows\Speech\Common\sapisvr.exe - ok
11:50:05.0557 1772  [ A623666C8A8EC9A57DCA07915A3F1EC6 ] C:\Windows\System32\sdclt.exe
11:50:05.0557 1772  C:\Windows\System32\sdclt.exe - ok
11:50:05.0559 1772  [ BB4910DE8B6C5E30DF39EC97308D44BA ] C:\Windows\System32\charmap.exe
11:50:05.0559 1772  C:\Windows\System32\charmap.exe - ok
11:50:05.0561 1772  [ 2327C11B043FCEB80BE00CC8D077E9AA ] C:\Windows\System32\dfrgui.exe
11:50:05.0561 1772  C:\Windows\System32\dfrgui.exe - ok
11:50:05.0563 1772  [ 86AB3F6C784197DC1D994A83AF4259CD ] C:\Windows\System32\cleanmgr.exe
11:50:05.0563 1772  C:\Windows\System32\cleanmgr.exe - ok
11:50:05.0565 1772  [ FBF628702A408977FEB0845D48F4F154 ] C:\Windows\System32\migwiz\migwiz.exe
11:50:05.0565 1772  C:\Windows\System32\migwiz\migwiz.exe - ok
11:50:05.0567 1772  [ D3D1CE8FF30786D50272DA3085149904 ] C:\Windows\System32\msinfo32.exe
11:50:05.0567 1772  C:\Windows\System32\msinfo32.exe - ok
11:50:05.0569 1772  [ 95D5AC5CCBE10E8B4B8A0DF41022568D ] C:\Windows\System32\rstrui.exe
11:50:05.0569 1772  C:\Windows\System32\rstrui.exe - ok
11:50:05.0571 1772  [ C9B520028498E5DA23651619F8A556D4 ] C:\Windows\System32\StikyNot.exe
11:50:05.0571 1772  C:\Windows\System32\StikyNot.exe - ok
11:50:05.0573 1772  [ 7122B0AA2212B07BBFC49BD22215BF3B ] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
11:50:05.0573 1772  C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - ok
11:50:05.0575 1772  [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll
11:50:05.0575 1772  C:\Windows\System32\msvfw32.dll - ok
11:50:05.0577 1772  [ 9441A231C0AA0712F7CF3B10D9CFCF76 ] C:\Windows\System32\wmploc.DLL
11:50:05.0577 1772  C:\Windows\System32\wmploc.DLL - ok
11:50:05.0578 1772  [ C20436B4F0596ACD5569749206F99265 ] C:\Program Files\Windows Journal\Journal.exe
11:50:05.0579 1772  C:\Program Files\Windows Journal\Journal.exe - ok
11:50:05.0581 1772  [ 36B6F71B6D7D280302B348145DB05A9F ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
11:50:05.0581 1772  C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe - ok
11:50:05.0583 1772  [ DF4217DDB34A0B73DC7AAC7829371C0C ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
11:50:05.0583 1772  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
11:50:05.0585 1772  [ 4CAAD229A00C0DEFFF51841AE2B93B46 ] C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll
11:50:05.0585 1772  C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll - ok
11:50:05.0587 1772  [ 1C474C0C4CB5F15A555FE912CBF4549C ] C:\Windows\System32\odbcad32.exe
11:50:05.0587 1772  C:\Windows\System32\odbcad32.exe - ok
11:50:05.0589 1772  [ 1CB1B95D67BC380FBCCFAEA3CF2DDA80 ] C:\Windows\System32\iscsicpl.exe
11:50:05.0589 1772  C:\Windows\System32\iscsicpl.exe - ok
11:50:05.0591 1772  [ 8D865A3E7E2C78317EDE4EAE8316284F ] C:\Windows\System32\MdSched.exe
11:50:05.0591 1772  C:\Windows\System32\MdSched.exe - ok
11:50:05.0594 1772  [ 7CF9DBE2D5D2CA53DD33B5C708CC9B7A ] C:\Windows\System32\mmcshext.dll
11:50:05.0594 1772  C:\Windows\System32\mmcshext.dll - ok
11:50:05.0596 1772  [ F3880570EF4ADF91795DDB8574764D51 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
11:50:05.0596 1772  C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe - ok
11:50:05.0598 1772  [ 75C594669717137332364E44C38777E1 ] C:\Windows\System32\hhsetup.dll
11:50:05.0598 1772  C:\Windows\System32\hhsetup.dll - ok
11:50:05.0600 1772  [ 7629E9BB2FF06EACA62580A2C1D4FE6A ] C:\Windows\System32\msconfig.exe
11:50:05.0600 1772  C:\Windows\System32\msconfig.exe - ok
11:50:05.0602 1772  [ F068D7A12B1188F2E218BAA0F3841DC8 ] C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe
11:50:05.0602 1772  C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe - ok
11:50:05.0605 1772  [ E6D54DD78F57EC9CC54311EDAF952E3D ] C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
11:50:05.0605 1772  C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe - ok
11:50:05.0607 1772  [ 617F9A5813E69F6E9ED94B811EC75396 ] C:\Windows\System32\wmpps.dll
11:50:05.0607 1772  C:\Windows\System32\wmpps.dll - ok
11:50:05.0609 1772  [ F1ECEC53B9FFC30E123D14E087C49111 ] C:\Windows\System32\wmdrmdev.dll
11:50:05.0609 1772  C:\Windows\System32\wmdrmdev.dll - ok
11:50:05.0611 1772  [ 7C7C620860819A62F926D7EC0B72C50B ] C:\Windows\System32\drmv2clt.dll
11:50:05.0611 1772  C:\Windows\System32\drmv2clt.dll - ok
11:50:05.0613 1772  [ 6CA14382E4B8C66B0FBAEE91CDA625E2 ] C:\Program Files\IObit\Advanced SystemCare 6\unins000.exe
11:50:05.0613 1772  C:\Program Files\IObit\Advanced SystemCare 6\unins000.exe - ok
11:50:05.0615 1772  [ DAFA4582FE148DDB254191922C4B3528 ] F:\Nerf Arena Blast\Nerf\Updater2\updater2.exe
11:50:05.0615 1772  F:\Nerf Arena Blast\Nerf\Updater2\updater2.exe - ok
11:50:05.0617 1772  [ D489E20401106CE824F72790F0CEBF3F ] F:\Nerf Arena Blast\Nerf\System\NerfEd.exe
11:50:05.0617 1772  F:\Nerf Arena Blast\Nerf\System\NerfEd.exe - ok
11:50:05.0619 1772  [ 759777C9E62A3B016D6234B54174FC3F ] F:\Nerf Arena Blast\Nerf\System\Nerf.exe
11:50:05.0619 1772  F:\Nerf Arena Blast\Nerf\System\Nerf.exe - ok
11:50:05.0621 1772  [ 1C0FC71C11CB5FB20A4804CD99618228 ] F:\Atari\NerfDemo\System\NerfDemo.exe
11:50:05.0621 1772  F:\Atari\NerfDemo\System\NerfDemo.exe - ok
11:50:05.0623 1772  [ A54C811AB56F456AF86EE8440E6275E3 ] F:\Atari\NerfDemo\System\Setup.exe
11:50:05.0623 1772  F:\Atari\NerfDemo\System\Setup.exe - ok
11:50:05.0625 1772  [ 5B39B69B6CF1A1465DB45A400176EDC3 ] C:\Program Files\Atari800WinPLus\Atari800Win.exe
11:50:05.0625 1772  C:\Program Files\Atari800WinPLus\Atari800Win.exe - ok
11:50:05.0628 1772  [ E478E6ADFF80DE6CDD2ABFAE04457B46 ] C:\Program Files\Atari800WinPLus\Uninstall.exe
11:50:05.0628 1772  C:\Program Files\Atari800WinPLus\Uninstall.exe - ok
11:50:05.0630 1772  [ 101916BCEC3F337D476BB3AA7EB9ABAB ] C:\audiograbber\audiograbber.exe
11:50:05.0630 1772  C:\audiograbber\audiograbber.exe - ok
11:50:05.0632 1772  [ 6C1D35BD328B2FFC4A7C6056DEEEFE3F ] C:\Program Files\AviSynth 2.5\Uninstall.exe
11:50:05.0632 1772  C:\Program Files\AviSynth 2.5\Uninstall.exe - ok
11:50:05.0634 1772  [ 41CC3D4D9D1E1E12E6D3B9800F621EE0 ] C:\Program Files\Buildalot\Buildalot.exe
11:50:05.0634 1772  C:\Program Files\Buildalot\Buildalot.exe - ok
11:50:05.0636 1772  [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll
11:50:05.0636 1772  C:\Windows\System32\srchadmin.dll - ok
11:50:05.0638 1772  [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
11:50:05.0638 1772  C:\Windows\System32\webcheck.dll - ok
11:50:05.0640 1772  [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll
11:50:05.0640 1772  C:\Windows\System32\SyncCenter.dll - ok
11:50:05.0642 1772  [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll
11:50:05.0642 1772  C:\Windows\System32\imapi2.dll - ok
11:50:05.0644 1772  [ 53505C13A5F8C037021F0BC6CA1405F9 ] C:\Program Files\Buildalot\ReflexiveArcade\unins000.exe
11:50:05.0644 1772  C:\Program Files\Buildalot\ReflexiveArcade\unins000.exe - ok
11:50:05.0646 1772  [ D6FA4665E4ACF90DA8AA20BA56DAE7C0 ] C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe
11:50:05.0646 1772  C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe - ok
11:50:05.0649 1772  [ 841F3788F22AB58B2196BC940B4E754D ] C:\Program Files\Combined Community Codec Pack\Settings.exe
11:50:05.0649 1772  C:\Program Files\Combined Community Codec Pack\Settings.exe - ok
11:50:05.0651 1772  [ E1792A666AD99207573D0B9D8C222211 ] C:\Program Files\Combined Community Codec Pack\unins000.exe
11:50:05.0651 1772  C:\Program Files\Combined Community Codec Pack\unins000.exe - ok
11:50:05.0653 1772  [ 4B555106290BD117334E9A08761C035A ] C:\Windows\System32\rundll32.exe
11:50:05.0653 1772  C:\Windows\System32\rundll32.exe - ok
11:50:05.0655 1772  [ 9E002656B17F59F095C7306C74A66771 ] C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe
11:50:05.0655 1772  C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe - ok
11:50:05.0658 1772  [ 521915783C93B2DB161DF78730BDC626 ] C:\Program Files\Combined Community Codec Pack\Zoom Player\zplayer.exe
11:50:05.0658 1772  C:\Program Files\Combined Community Codec Pack\Zoom Player\zplayer.exe - ok
11:50:05.0660 1772  [ 3FE7C92DBA5C9240B4AB0D6A87E6166A ] C:\Program Files\Coupons\uninstall.exe
11:50:05.0660 1772  C:\Program Files\Coupons\uninstall.exe - ok
11:50:05.0662 1772  [ 10C11643E1F782BBBDBA22670000C48C ] C:\Program Files\CPUID\PC Wizard 2010\Data\settings.exe
11:50:05.0662 1772  C:\Program Files\CPUID\PC Wizard 2010\Data\settings.exe - ok
11:50:05.0664 1772  [ 31DA70B1E35684F29BA6252F895B09EE ] C:\Program Files\CPUID\PC Wizard 2010\PC Wizard.exe
11:50:05.0664 1772  C:\Program Files\CPUID\PC Wizard 2010\PC Wizard.exe - ok
11:50:05.0666 1772  [ CAF2356E583AB47B90C1EE8BAE31DFD5 ] C:\Program Files\CPUID\PC Wizard 2010\unins000.exe
11:50:05.0666 1772  C:\Program Files\CPUID\PC Wizard 2010\unins000.exe - ok
11:50:05.0669 1772  [ 56F959F1F532B90E5E11D98C459353FE ] C:\Program Files\Delicious Emilys Taste of Fame\DeliciousEmilysFame.exe
11:50:05.0669 1772  C:\Program Files\Delicious Emilys Taste of Fame\DeliciousEmilysFame.exe - ok
11:50:05.0671 1772  [ 0003165929E65B47295DCAD1082DB53E ] C:\Program Files\Delicious Emilys Taste of Fame\ReflexiveArcade\unins000.exe
11:50:05.0671 1772  C:\Program Files\Delicious Emilys Taste of Fame\ReflexiveArcade\unins000.exe - ok
11:50:05.0673 1772  [ 9CCB794687638796285CD0F12FE2AB93 ] C:\Program Files\Dell\Product Documentation Launcher\Launcher.exe
11:50:05.0674 1772  C:\Program Files\Dell\Product Documentation Launcher\Launcher.exe - ok
11:50:05.0676 1772  [ 5736058F87FFA0AA00450FB52E83FF63 ] C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe
11:50:05.0676 1772  C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe - ok
11:50:05.0678 1772  [ 848E9EAF6030508797F793BE68388F27 ] C:\Program Files\DivX\DivX Plus Converter\DivXConverterLauncher.exe
11:50:05.0678 1772  C:\Program Files\DivX\DivX Plus Converter\DivXConverterLauncher.exe - ok
11:50:05.0681 1772  [ EF68C71B5075F0CBE7DFD2F5B8E4F515 ] C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
11:50:05.0681 1772  C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe - ok
11:50:05.0683 1772  [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl
11:50:05.0683 1772  C:\Windows\System32\bthprops.cpl - ok
11:50:05.0685 1772  [ 0A87198FACE29466307AEC11AE1AFC6B ] C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
11:50:05.0685 1772  C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe - ok
11:50:05.0687 1772  [ BF15CE70E055955FAFD81A18EC1C0771 ] C:\Program Files\DVD Shrink\unins000.exe
11:50:05.0687 1772  C:\Program Files\DVD Shrink\unins000.exe - ok
11:50:05.0689 1772  [ CD314BA96174B04937A23C9A7B1E459C ] C:\Program Files\DVDFab 8\DVDFab.exe
11:50:05.0689 1772  C:\Program Files\DVDFab 8\DVDFab.exe - ok
11:50:05.0691 1772  [ 3A2EEE8444A8E5C1A454C57B2198F5FC ] C:\Windows\System32\ntlanman.dll
11:50:05.0691 1772  C:\Windows\System32\ntlanman.dll - ok
11:50:05.0693 1772  [ 582EFE56FC0858E58A6CEBA2A64B02C7 ] C:\Windows\System32\drprov.dll
11:50:05.0693 1772  C:\Windows\System32\drprov.dll - ok
11:50:05.0695 1772  [ CFBD2E1FE18B50748A76703A2DC6D4E3 ] C:\Windows\System32\davclnt.dll
11:50:05.0695 1772  C:\Windows\System32\davclnt.dll - ok
11:50:05.0697 1772  [ CF4C09B5F785293049FE25D7E9DAEC7B ] C:\Program Files\DVDFab 8\unins000.exe
11:50:05.0697 1772  C:\Program Files\DVDFab 8\unins000.exe - ok
11:50:05.0699 1772  [ 6306DAD374EACD2A6266D94BBF5B3A37 ] C:\Windows\System32\spool\drivers\w32x86\3\E_SAG4ST.EXE
11:50:05.0699 1772  C:\Windows\System32\spool\drivers\w32x86\3\E_SAG4ST.EXE - ok
11:50:05.0702 1772  [ A8F8CABA06D33614C90D9EA01860B962 ] C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe
11:50:05.0702 1772  C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe - ok
11:50:05.0704 1772  [ C8448B23C124630A35B362515B3E71A4 ] C:\Windows\twain_32\escndv\escfg.exe
11:50:05.0704 1772  C:\Windows\twain_32\escndv\escfg.exe - ok
11:50:05.0706 1772  [ E61DCE4B8FCBDFD26D6570B3B062D16B ] C:\Windows\twain_32\escndv\escndv.exe
11:50:05.0706 1772  C:\Windows\twain_32\escndv\escndv.exe - ok
11:50:05.0708 1772  [ BA501BC187DFEE587C9E0E70EF64AA4C ] C:\Windows\System32\spool\drivers\w32x86\3\E_TARNHVA.EXE
11:50:05.0708 1772  C:\Windows\System32\spool\drivers\w32x86\3\E_TARNHVA.EXE - ok
11:50:05.0710 1772  [ D1477DF8ED68A246A316C2F9AF3A6AC4 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TUBHVA.EXE
11:50:05.0710 1772  C:\Windows\System32\spool\drivers\w32x86\3\E_TUBHVA.EXE - ok
11:50:05.0712 1772  [ 14DF860856DFE5138AAFBA86A2343A22 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TINSHVA.EXE
11:50:05.0712 1772  C:\Windows\System32\spool\drivers\w32x86\3\E_TINSHVA.EXE - ok
11:50:05.0715 1772  [ 9486E0BF23D540770DB114429B7AB863 ] C:\Program Files\Epson Software\Event Manager\EProjManager.exe
11:50:05.0715 1772  C:\Program Files\Epson Software\Event Manager\EProjManager.exe - ok
11:50:05.0717 1772  [ 7380BD7DF9B739EFFF8DA03B5172FAF5 ] C:\Program Files\Epson Software\FAX Utility\FUFAXCNT.exe
11:50:05.0717 1772  C:\Program Files\Epson Software\FAX Utility\FUFAXCNT.exe - ok
11:50:05.0719 1772  [ 626F198768F67A0FEB3AD909E638F551 ] C:\Windows\System32\WindowsAnytimeUpgrade.exe
11:50:05.0719 1772  C:\Windows\System32\WindowsAnytimeUpgrade.exe - ok
11:50:05.0722 1772  [ 0915FFFBC1750499529B633A41BC79F8 ] C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe
11:50:05.0722 1772  C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe - ok
11:50:05.0724 1772  [ CBE1129BC0DE531F848432FD38C3B35F ] C:\Users\Richard\Music\FLAC\FLAC frontend.exe
11:50:05.0724 1772  C:\Users\Richard\Music\FLAC\FLAC frontend.exe - ok
11:50:05.0726 1772  [ F32AC0FA5BE582396229F210821053C2 ] C:\Users\Richard\Music\FLAC\FLACTester.exe
11:50:05.0726 1772  C:\Users\Richard\Music\FLAC\FLACTester.exe - ok
11:50:05.0728 1772  [ EB205E426F619CC94828077A121C4066 ] C:\Users\Richard\Music\FLAC\uninstall.exe
11:50:05.0728 1772  C:\Users\Richard\Music\FLAC\uninstall.exe - ok
11:50:05.0730 1772  [ 77FDA0CC6DC4BE7AE40BBD8D6CFCC90A ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.key
11:50:05.0730 1772  C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.key - ok
11:50:05.0733 1772  [ D571295B71C60A67F6F2EA987E5CC3B0 ] C:\Windows\System32\wmdrmnet.dll
11:50:05.0733 1772  C:\Windows\System32\wmdrmnet.dll - ok
11:50:05.0735 1772  [ 50ABE7CDA2DAE898216121D14092C182 ] C:\Windows\System32\WMVCORE.DLL
11:50:05.0735 1772  C:\Windows\System32\WMVCORE.DLL - ok
11:50:05.0737 1772  [ 5AE7F2DAF0A2D0A6CB09374A0B8067EF ] C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
11:50:05.0737 1772  C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe - ok
11:50:05.0739 1772  [ 36CCD8A79539C4ACE3BABE09C2CFBA16 ] C:\Windows\System32\WMASF.DLL
11:50:05.0739 1772  C:\Windows\System32\WMASF.DLL - ok
11:50:05.0741 1772  [ FA05FB28C614F69837AA12753FB304E8 ] C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
11:50:05.0741 1772  C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe - ok
11:50:05.0743 1772  [ 4304D04DFDAAE621171A2F955981016E ] C:\Program Files\Microsoft Games\Chess\Chess.exe
11:50:05.0743 1772  C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
11:50:05.0745 1772  [ 21AD332BE723EFE40D9F32AD97BA8376 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
11:50:05.0745 1772  C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
11:50:05.0747 1772  [ 6ED28075D6D9E0C0464048A30432A142 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
11:50:05.0747 1772  C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
11:50:05.0750 1772  [ EFF7DBEE92519EB96F70E1E31FDE7098 ] C:\Program Files\Microsoft Games\inkball\inkball.exe
11:50:05.0750 1772  C:\Program Files\Microsoft Games\inkball\inkball.exe - ok
11:50:05.0752 1772  [ 7A88900F2F11882FFCE3BF3D4EAEFB4B ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
11:50:05.0752 1772  C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
11:50:05.0754 1772  [ C8C383E6AA546780B2AD3034D6F6ACEF ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
11:50:05.0754 1772  C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
11:50:05.0756 1772  [ 3F903BDD206EB3C688651048B5E304E1 ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
11:50:05.0756 1772  C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
11:50:05.0759 1772  [ 07302F014858D038CB93CC349505D0E6 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
11:50:05.0759 1772  C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
11:50:05.0761 1772  [ 401A203AB058DEC44BD44AA81BF2CB64 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
11:50:05.0761 1772  C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
11:50:05.0763 1772  [ ABF947C8B310DDF772367BDB158DFDBB ] F:\t2\thief2.exe
11:50:05.0763 1772  F:\t2\thief2.exe - ok
11:50:05.0765 1772  [ 515E4684008E955DE0C81E6A7AEA1C2A ] C:\Windows\IsUninst.exe
11:50:05.0765 1772  C:\Windows\IsUninst.exe - ok
11:50:05.0767 1772  [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
11:50:05.0767 1772  C:\Windows\System32\wbem\NCProv.dll - ok
11:50:05.0769 1772  [ 0C272ED16E914B347BBFE96F99342F52 ] C:\Program Files\Gardenscapes\Gardenscapes.exe
11:50:05.0769 1772  C:\Program Files\Gardenscapes\Gardenscapes.exe - ok
11:50:05.0771 1772  [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
11:50:05.0771 1772  C:\Windows\System32\wbem\wbemcons.dll - ok
11:50:05.0773 1772  [ 215F4275F024EEEB8948724F5EE50412 ] C:\Program Files\Gardenscapes\ReflexiveArcade\unins000.exe
11:50:05.0773 1772  C:\Program Files\Gardenscapes\ReflexiveArcade\unins000.exe - ok
11:50:05.0775 1772  [ 2B27F157274CB548E16862560D6EBD97 ] C:\Program Files\Google\Google Earth\client\googleearth.exe
11:50:05.0775 1772  C:\Program Files\Google\Google Earth\client\googleearth.exe - ok
11:50:05.0777 1772  [ C559672F31ABE6BA7277DD73C4502238 ] C:\Windows\System32\msiexec.exe
11:50:05.0777 1772  C:\Windows\System32\msiexec.exe - ok
11:50:05.0780 1772  [ 77CE82E61CC16F897F346B295ADC17D8 ] C:\Program Files\Google\Google Updater\GoogleUpdater.exe
11:50:05.0780 1772  C:\Program Files\Google\Google Updater\GoogleUpdater.exe - ok
11:50:05.0782 1772  [ 58FFC2BE127E8A38CF30C752E9E69918 ] C:\Program Files\Governor of Poker\GovernorofPoker.exe
11:50:05.0782 1772  C:\Program Files\Governor of Poker\GovernorofPoker.exe - ok
11:50:05.0784 1772  [ 2CB5AA0EE0F99C0E1B697E5D1C7E477B ] C:\Program Files\Governor of Poker\ReflexiveArcade\unins000.exe
11:50:05.0784 1772  C:\Program Files\Governor of Poker\ReflexiveArcade\unins000.exe - ok
11:50:05.0786 1772  [ BF9E83CB6E790A2D619E2A3600CB6237 ] C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe
11:50:05.0786 1772  C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe - ok
11:50:05.0789 1772  [ B5EF1DA337DB9859709A387638AC5E07 ] C:\Windows\System32\SearchProtocolHost.exe
11:50:05.0789 1772  C:\Windows\System32\SearchProtocolHost.exe - ok
11:50:05.0791 1772  [ 403AEE57E3D28289A9C50B1EB50D9810 ] C:\Program Files\Haali\MatroskaSplitter\uninstall.exe
11:50:05.0791 1772  C:\Program Files\Haali\MatroskaSplitter\uninstall.exe - ok
11:50:05.0793 1772  [ 57B425B2F32E8AFA7E4C3885596119C0 ] C:\Program Files\Encore\Hoyle Casino 2008\Hoyle Casino.exe
11:50:05.0793 1772  C:\Program Files\Encore\Hoyle Casino 2008\Hoyle Casino.exe - ok
11:50:05.0795 1772  [ 582BE479E7E286BB3B31C5A4C3DC3987 ] C:\Windows\System32\msshooks.dll
11:50:05.0795 1772  C:\Windows\System32\msshooks.dll - ok
11:50:05.0797 1772  [ 771AF583BC58373A84496CCD52C36E33 ] C:\Windows\System32\mssvp.dll
11:50:05.0797 1772  C:\Windows\System32\mssvp.dll - ok
11:50:05.0799 1772  [ 98C77FD99F3DB37B2C03F32B8F837B65 ] C:\Windows\System32\mapi32.dll
11:50:05.0799 1772  C:\Windows\System32\mapi32.dll - ok
11:50:05.0801 1772  [ 351319EF11C263C95FB721AC76F436D6 ] C:\Windows\System32\mssph.dll
11:50:05.0801 1772  C:\Windows\System32\mssph.dll - ok
11:50:05.0803 1772  [ 9DE04A790F697432871E88BB77EEBCF5 ] C:\Windows\System32\msfeeds.dll
11:50:05.0803 1772  C:\Windows\System32\msfeeds.dll - ok
11:50:05.0805 1772  [ C9EE7FF225EAC1CB9C78C413667CDB80 ] C:\Windows\System32\SearchFilterHost.exe
11:50:05.0805 1772  C:\Windows\System32\SearchFilterHost.exe - ok
11:50:05.0807 1772  [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll
11:50:05.0807 1772  C:\Windows\System32\shfolder.dll - ok
11:50:05.0810 1772  [ 06F32205528FB1BF4271DABA57FFE092 ] C:\Program Files\HP\Digital Imaging\{8A558B0C-541D-47e0-A177-8635CE723B07}\setup\hpzscr01.exe
11:50:05.0810 1772  C:\Program Files\HP\Digital Imaging\{8A558B0C-541D-47e0-A177-8635CE723B07}\setup\hpzscr01.exe - ok
11:50:05.0812 1772  [ 7C0FC379D4B066C2D2189792DED0E4AA ] C:\Windows\System32\xmlfilter.dll
11:50:05.0812 1772  C:\Windows\System32\xmlfilter.dll - ok
11:50:05.0814 1772  [ EDD511590D8641335DCC3D02DB6B823D ] C:\Program Files\ImgBurn\ImgBurn.exe
11:50:05.0814 1772  C:\Program Files\ImgBurn\ImgBurn.exe - ok
11:50:05.0816 1772  [ 3C1D4FABC3DAF853616AFD0FEABCC948 ] C:\Program Files\ImgBurn\uninstall.exe
11:50:05.0816 1772  C:\Program Files\ImgBurn\uninstall.exe - ok
11:50:05.0818 1772  [ 33FDADD07FACCE979FC4450441AA10B3 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Shell.exe
11:50:05.0818 1772  C:\Program Files\Intel\Intel Matrix Storage Manager\Shell.exe - ok
11:50:05.0820 1772  [ 6DDAF035CB7BEB3A158BBDD323301B18 ] C:\Windows\System32\Imsmudlg.exe
11:50:05.0820 1772  C:\Windows\System32\Imsmudlg.exe - ok
11:50:05.0822 1772  [ 881D9B5608EBF0FC96622A1997F541E2 ] C:\Program Files\JumpStart World\Common\Parent.exe
11:50:05.0822 1772  C:\Program Files\JumpStart World\Common\Parent.exe - ok
11:50:05.0824 1772  [ 228180B099CA60111F29A4AE0A42F72E ] C:\Program Files\JumpStart World\JSWorld2G\JS2.exe
11:50:05.0824 1772  C:\Program Files\JumpStart World\JSWorld2G\JS2.exe - ok
11:50:05.0827 1772  [ F21F255B91CA4F04E4250DECD2067CBB ] C:\Windows\System32\bitsperf.dll
11:50:05.0827 1772  C:\Windows\System32\bitsperf.dll - ok
11:50:05.0828 1772  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:50:05.0828 1772  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
11:50:05.0830 1772  [ 632557F2495931D952161465AA177B3B ] C:\Windows\System32\bitsigd.dll
11:50:05.0830 1772  C:\Windows\System32\bitsigd.dll - ok
11:50:05.0832 1772  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Richard\Desktop\tdsskiller.exe
11:50:05.0832 1772  C:\Users\Richard\Desktop\tdsskiller.exe - ok
11:50:05.0834 1772  [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
11:50:05.0834 1772  C:\Windows\System32\msvcr100_clr0400.dll - ok
11:50:05.0837 1772  [ D744A99A4204BAC6E485D53A82395313 ] C:\Program Files\JumpStart World\Common\QuickTimeInstaller.exe
11:50:05.0837 1772  C:\Program Files\JumpStart World\Common\QuickTimeInstaller.exe - ok
11:50:05.0839 1772  [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
11:50:05.0839 1772  C:\Windows\System32\mscoree.dll - ok
11:50:05.0841 1772  [ 11AFB3767663997E0CE911CD015599C9 ] C:\Program Files\Google\Update\1.3.21.145\goopdateres_en.dll
11:50:05.0841 1772  C:\Program Files\Google\Update\1.3.21.145\goopdateres_en.dll - ok
11:50:05.0843 1772  [ 4BAEC13BCAA595639EBB5185278DEFEA ] C:\Windows\System32\fdWSD.dll
11:50:05.0843 1772  C:\Windows\System32\fdWSD.dll - ok
11:50:05.0845 1772  [ DAF60E13E96ECB67F0EDAA89C6B01B8D ] C:\Windows\System32\notepad.exe
11:50:05.0845 1772  C:\Windows\System32\notepad.exe - ok
11:50:05.0847 1772  [ 9F021F55ACE99AB18D69B570921F13EB ] C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSWorld6-8Un.exe
11:50:05.0847 1772  C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSWorld6-8Un.exe - ok
11:50:05.0850 1772  [ B624202660474516E73AA95238FD9843 ] C:\Program Files\Logitech\SetPoint\SetPoint.exe
11:50:05.0850 1772  C:\Program Files\Logitech\SetPoint\SetPoint.exe - ok
11:50:05.0852 1772  [ 636E36F0B786541A8086AD25C4FC5152 ] C:\Program Files\Common Files\Logishrd\Unifying\DJCUHost.exe
11:50:05.0852 1772  C:\Program Files\Common Files\Logishrd\Unifying\DJCUHost.exe - ok
11:50:05.0854 1772  [ BB838D30C884CD636876CF45DF8A6A18 ] C:\Program Files\Magic M4A to MP3 Converter\all2mp3.exe
11:50:05.0854 1772  C:\Program Files\Magic M4A to MP3 Converter\all2mp3.exe - ok
11:50:05.0856 1772  [ 0DBEC3DB0DE6F5D5C7204AD5CA97BA4E ] C:\Program Files\Magic M4A to MP3 Converter\unins000.exe
11:50:05.0856 1772  C:\Program Files\Magic M4A to MP3 Converter\unins000.exe - ok
11:50:05.0858 1772  [ BF899F57858B8C6F162D9EEB2370641C ] C:\Windows\System32\wercon.exe
11:50:05.0858 1772  C:\Windows\System32\wercon.exe - ok
11:50:05.0860 1772  [ 3141224EEBA075BC085175E60CD14782 ] C:\Windows\System32\msra.exe
11:50:05.0860 1772  C:\Windows\System32\msra.exe - ok
11:50:05.0863 1772  [ F721DA9797379AD77617E754E3334376 ] C:\Program Files\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
11:50:05.0863 1772  C:\Program Files\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe - ok
11:50:05.0865 1772  [ 869D1D94A085BC0832D69164AA7AE414 ] C:\Program Files\MKVtoolnix\mkvinfo.exe
11:50:05.0865 1772  C:\Program Files\MKVtoolnix\mkvinfo.exe - ok
11:50:05.0867 1772  [ 97B063E000CA7D0E119D5DAECC31E0CD ] C:\Program Files\MKVtoolnix\mmg.exe
11:50:05.0867 1772  C:\Program Files\MKVtoolnix\mmg.exe - ok
11:50:05.0869 1772  [ 149A8CFE05580671D6EED2692CADBDF7 ] C:\Program Files\MKVtoolnix\uninst.exe
11:50:05.0869 1772  C:\Program Files\MKVtoolnix\uninst.exe - ok
11:50:05.0871 1772  [ C0C1A4E70004BA32BB402C1DAE477794 ] C:\Program Files\OpenOffice.org 3\program\sbase.exe
11:50:05.0871 1772  C:\Program Files\OpenOffice.org 3\program\sbase.exe - ok
11:50:05.0873 1772  [ 443C5961CACD4ABC16648874AF06E4A0 ] C:\Windows\System32\fdSSDP.dll
11:50:05.0873 1772  C:\Windows\System32\fdSSDP.dll - ok
11:50:05.0875 1772  [ 53702181EC97172030B4D822404A7C85 ] C:\Program Files\OpenOffice.org 3\program\scalc.exe
11:50:05.0875 1772  C:\Program Files\OpenOffice.org 3\program\scalc.exe - ok
11:50:05.0877 1772  [ 8078F8F8F7A79E2E6B494523A828C585 ] C:\Windows\System32\msdtckrm.dll
11:50:05.0877 1772  C:\Windows\System32\msdtckrm.dll - ok
11:50:05.0879 1772  [ ABAEAEE763E287BDD39094C4165E1F3F ] C:\Windows\System32\fdProxy.dll
11:50:05.0879 1772  C:\Windows\System32\fdProxy.dll - ok
11:50:05.0882 1772  [ 7599E425947A595448DA778B610923BC ] C:\Program Files\Windows Media Player\wmpsyncmgr.dll
11:50:05.0882 1772  C:\Program Files\Windows Media Player\wmpsyncmgr.dll - ok
11:50:05.0884 1772  [ 3BA7B20B2C3A01C2C76ED53220EA832A ] C:\Program Files\OpenOffice.org 3\program\sdraw.exe
11:50:05.0884 1772  C:\Program Files\OpenOffice.org 3\program\sdraw.exe - ok
11:50:05.0886 1772  [ D08888BF6B8F91C9336013EB9D7847A7 ] C:\Program Files\OpenOffice.org 3\program\simpress.exe
11:50:05.0886 1772  C:\Program Files\OpenOffice.org 3\program\simpress.exe - ok
11:50:05.0888 1772  [ 3279DC2F2DA182A22EC5FFD28A6FA155 ] C:\Program Files\OpenOffice.org 3\program\smath.exe
11:50:05.0888 1772  C:\Program Files\OpenOffice.org 3\program\smath.exe - ok
11:50:05.0890 1772  [ 4A63AE435D1D267852B6961D89719DA4 ] C:\Program Files\OpenOffice.org 3\program\swriter.exe
11:50:05.0890 1772  C:\Program Files\OpenOffice.org 3\program\swriter.exe - ok
11:50:05.0893 1772  [ D9F39EB720E2E171AD1D1CE0BE1DEF2B ] C:\Program Files\OpenOffice.org 3\program\soffice.exe
11:50:05.0893 1772  C:\Program Files\OpenOffice.org 3\program\soffice.exe - ok
11:50:05.0895 1772  [ 8F32C91EB5CB44FBA7705534AE304DEA ] C:\Program Files\PhotoScape\PhotoScape.exe
11:50:05.0895 1772  C:\Program Files\PhotoScape\PhotoScape.exe - ok
11:50:05.0897 1772  [ 30D13BAA7897797258BF2BA014D73AF4 ] C:\Program Files\PhotoScape\uninstall.exe
11:50:05.0897 1772  C:\Program Files\PhotoScape\uninstall.exe - ok
11:50:05.0899 1772  [ B993B88C8D0D4053ED71D9AF3B5214A4 ] C:\Program Files\QuickPar\QuickPar.exe
11:50:05.0899 1772  C:\Program Files\QuickPar\QuickPar.exe - ok
11:50:05.0901 1772  [ ED8047EC2E557F7380B7BAE78528282E ] C:\Program Files\QuickPar\uninst.exe
11:50:05.0901 1772  C:\Program Files\QuickPar\uninst.exe - ok
11:50:05.0903 1772  [ F3D2C14D3469C1245159DC80CEBA7316 ] C:\Program Files\ResidualVM\residualvm.exe
11:50:05.0903 1772  C:\Program Files\ResidualVM\residualvm.exe - ok
11:50:05.0905 1772  [ 3124DA13C937EC88B1A83DC511BCADBD ] C:\Program Files\ResidualVM\unins000.exe
11:50:05.0905 1772  C:\Program Files\ResidualVM\unins000.exe - ok
11:50:05.0907 1772  [ 0C8BCEAA200AEB1DEDC75AAEA8FF04F6 ] C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe
11:50:05.0907 1772  C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe - ok
11:50:05.0910 1772  [ 9864C85E7D5571E437D04E0B683AAADB ] C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe
11:50:05.0910 1772  C:\Program Files\Return to Castle Wolfenstein\WolfSP.exe - ok
11:50:05.0912 1772  [ 0C3E88C91E764FF3D213418D83D41FFF ] C:\Program Files\Return to Castle Wolfenstein\register.exe
11:50:05.0912 1772  C:\Program Files\Return to Castle Wolfenstein\register.exe - ok
11:50:05.0914 1772  [ 3A938ED2427DF10E571041069E6980CB ] C:\Program Files\Return to Castle Wolfenstein\Uninstall\UNWISE.EXE
11:50:05.0914 1772  C:\Program Files\Return to Castle Wolfenstein\Uninstall\UNWISE.EXE - ok
11:50:05.0917 1772  [ AD50D6B4E3268BEBB1BA31EF30814575 ] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe
11:50:05.0917 1772  C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe - ok
11:50:05.0919 1772  [ 96039558DAC76A135D6F18C30BCB800F ] C:\Program Files\Samantha Swift and the Mystery from Atlantis\Samantha Swift and the Mystery from Atlantis.exe
11:50:05.0919 1772  C:\Program Files\Samantha Swift and the Mystery from Atlantis\Samantha Swift and the Mystery from Atlantis.exe - ok
11:50:05.0921 1772  [ A28E0F4FB8ED9B5C2DBC63C2E0DC578F ] C:\Program Files\Samantha Swift and the Mystery from Atlantis\ReflexiveArcade\unins000.exe
11:50:05.0921 1772  C:\Program Files\Samantha Swift and the Mystery from Atlantis\ReflexiveArcade\unins000.exe - ok
11:50:05.0924 1772  [ 8768F240A8E5EF8D30B78A26FCE0D5DD ] C:\Program Files\Scholastic\I SPY Junior Puppet Playhouse\RunISpy.exe
11:50:05.0924 1772  C:\Program Files\Scholastic\I SPY Junior Puppet Playhouse\RunISpy.exe - ok
11:50:05.0926 1772  [ 443E13846997C537E8F5ED61130AB705 ] C:\Program Files\Scholastic\I SPY Junior Puppet Playhouse\UNWISE.EXE
11:50:05.0926 1772  C:\Program Files\Scholastic\I SPY Junior Puppet Playhouse\UNWISE.EXE - ok
11:50:05.0928 1772  [ 561DC2FB3535138D2A1EEB98907FEEA9 ] C:\Program Files\ScummVM\scummvm.exe
11:50:05.0928 1772  C:\Program Files\ScummVM\scummvm.exe - ok
11:50:05.0930 1772  [ 71C8AEB640BE88EBBC12948E71D9C104 ] C:\Program Files\ScummVM\unins000.exe
11:50:05.0930 1772  C:\Program Files\ScummVM\unins000.exe - ok
11:50:05.0932 1772  [ 9F8A9E075A5459AEF925DFA575FC7CE1 ] C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
11:50:05.0932 1772  C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe - ok
11:50:05.0935 1772  [ 6948349D55ABC9B90AA77B5340D2EA77 ] C:\Program Files\Steam\Steam.exe
11:50:05.0935 1772  C:\Program Files\Steam\Steam.exe - ok
11:50:05.0937 1772  [ A90486AC18EC8A38B2F3664D20607F63 ] C:\Program Files\stunnel\stunnel.exe
11:50:05.0937 1772  C:\Program Files\stunnel\stunnel.exe - ok
11:50:05.0939 1772  [ 27D3A4C1FC08DF4A9123882D16CDADC7 ] C:\Program Files\stunnel\uninstall.exe
11:50:05.0939 1772  C:\Program Files\stunnel\uninstall.exe - ok
11:50:05.0941 1772  [ B74B4BB5C9E1912306B9FAC561504E80 ] C:\Program Files\Subtitle Edit\SubtitleEdit.exe
11:50:05.0941 1772  C:\Program Files\Subtitle Edit\SubtitleEdit.exe - ok
11:50:05.0943 1772  [ 94990009AC7C9991A6FE3C37AF3205DA ] C:\Program Files\Subtitle Edit\unins000.exe
11:50:05.0943 1772  C:\Program Files\Subtitle Edit\unins000.exe - ok
11:50:05.0945 1772  [ 80CBC573645037600AAE973F0412C8AC ] F:\t2\unins000.exe
11:50:05.0945 1772  F:\t2\unins000.exe - ok
11:50:05.0947 1772  [ 22A896B663F714AB7F114EFC7238C2FF ] C:\Program Files\Tales of Monkey Island Chapter 1\MonkeyIsland101.exe
11:50:05.0947 1772  C:\Program Files\Tales of Monkey Island Chapter 1\MonkeyIsland101.exe - ok
11:50:05.0949 1772  [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\Windows\System32\mspatcha.dll
11:50:05.0949 1772  C:\Windows\System32\mspatcha.dll - ok
11:50:05.0952 1772  [ 4228AD86C8E67F444923230D6C460EF9 ] C:\Program Files\Tales of Monkey Island Chapter 1\ReflexiveArcade\unins000.exe
11:50:05.0952 1772  C:\Program Files\Tales of Monkey Island Chapter 1\ReflexiveArcade\unins000.exe - ok
11:50:05.0954 1772  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
11:50:05.0954 1772  C:\Windows\System32\wuapi.dll - ok
11:50:05.0956 1772  [ 28034D173BE4F99201B333C8B21F128E ] C:\Program Files\Tales of Monkey Island Chapter 2\MonkeyIsland102.exe
11:50:05.0956 1772  C:\Program Files\Tales of Monkey Island Chapter 2\MonkeyIsland102.exe - ok
11:50:05.0958 1772  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
11:50:05.0958 1772  C:\Windows\System32\wups.dll - ok
11:50:05.0961 1772  [ 07B46BC2D4DAD633458325901D334B91 ] C:\Program Files\Tales of Monkey Island Chapter 2\ReflexiveArcade\unins000.exe
11:50:05.0961 1772  C:\Program Files\Tales of Monkey Island Chapter 2\ReflexiveArcade\unins000.exe - ok
11:50:05.0963 1772  [ 3119E43E2A4541013808FFED80ECB08A ] C:\Program Files\Tasty Planet\tastyplanet.exe
11:50:05.0963 1772  C:\Program Files\Tasty Planet\tastyplanet.exe - ok
11:50:05.0965 1772  [ 5F21E857FFC700C724F460BE684DD9D2 ] C:\Program Files\Tasty Planet\ReflexiveArcade\unins000.exe
11:50:05.0965 1772  C:\Program Files\Tasty Planet\ReflexiveArcade\unins000.exe - ok
11:50:05.0968 1772  [ 1AEB989E361AF85F5099DE3DA25457F4 ] C:\Program Files\InstallShield Installation Information\{300A470B-681B-449F-82AE-6D19114702CE}\Setup.exe
11:50:05.0968 1772  C:\Program Files\InstallShield Installation Information\{300A470B-681B-449F-82AE-6D19114702CE}\Setup.exe - ok
11:50:05.0970 1772  [ 82134892A5144721144E526B9A2355B1 ] C:\Program Files\The Great Sea Battle The Game of Battleship\TheGreatSeaBattle.exe
11:50:05.0970 1772  C:\Program Files\The Great Sea Battle The Game of Battleship\TheGreatSeaBattle.exe - ok
11:50:05.0972 1772  [ 5A74CC6BE5764FA3F2C26C4B46D9C5E8 ] C:\Program Files\The Treasures Of Montezuma\TheTreasuresofMontezuma.exe
11:50:05.0973 1772  C:\Program Files\The Treasures Of Montezuma\TheTreasuresofMontezuma.exe - ok
11:50:05.0975 1772  [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
11:50:05.0975 1772  C:\Windows\System32\hnetcfg.dll - ok
11:50:05.0977 1772  [ DD74CF6F19C23F013F66A005F0581AB4 ] C:\Program Files\The Treasures Of Montezuma\ReflexiveArcade\unins000.exe
11:50:05.0977 1772  C:\Program Files\The Treasures Of Montezuma\ReflexiveArcade\unins000.exe - ok
11:50:05.0979 1772  [ E41978929DFEC0382F2EF9C0EB64A0D6 ] C:\Program Files\UV Realtime\UV Realtime.exe
11:50:05.0979 1772  C:\Program Files\UV Realtime\UV Realtime.exe - ok
11:50:05.0981 1772  [ 1F1E9FD2EB0B21991C272A273E1A82CA ] F:\games\Veronica Rivers Order of Conspiracy\The Order Of Conspiracy.exe
11:50:05.0981 1772  F:\games\Veronica Rivers Order of Conspiracy\The Order Of Conspiracy.exe - ok
11:50:05.0983 1772  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
11:50:05.0983 1772  C:\Windows\System32\wups2.dll - ok
11:50:05.0986 1772  [ D0AD8A0938A8247F475675B82AE6A4B3 ] F:\games\Veronica Rivers Order of Conspiracy\ReflexiveArcade\unins000.exe
11:50:05.0986 1772  F:\games\Veronica Rivers Order of Conspiracy\ReflexiveArcade\unins000.exe - ok
11:50:05.0988 1772  [ 9009AFE5AB6C2DAF8605D8B613951902 ] C:\Program Files\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe
11:50:05.0988 1772  C:\Program Files\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe - ok
11:50:05.0990 1772  [ BADAB463CD9E7BF087929CF5B1AEE139 ] C:\Windows\System32\Uninstal.exe
11:50:05.0990 1772  C:\Windows\System32\Uninstal.exe - ok
11:50:05.0992 1772  [ 5C3B930105163974C80A5B381654E6F1 ] F:\games\burger2\Burger Island 2-WT.exe
11:50:05.0992 1772  F:\games\burger2\Burger Island 2-WT.exe - ok
11:50:05.0994 1772  [ B7ED332A57FC78CA29E40D3619550225 ] C:\Windows\ehome\ehshell.exe
11:50:05.0994 1772  C:\Windows\ehome\ehshell.exe - ok
11:50:05.0996 1772  [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
11:50:05.0997 1772  C:\Program Files\Windows Collaboration\WinCollab.exe - ok
11:50:05.0999 1772  [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
11:50:05.0999 1772  C:\Program Files\Windows Mail\wab.exe - ok
11:50:06.0001 1772  [ 395335431AD55C167CFDBBAB8420DA73 ] C:\Program Files\Movie Maker\DVDMaker.exe
11:50:06.0001 1772  C:\Program Files\Movie Maker\DVDMaker.exe - ok
11:50:06.0003 1772  [ 04DA441BBF1BE78FF4E6D65245BB56CF ] C:\Program Files\Windows Media Components\Encoder\wmenc.exe
11:50:06.0003 1772  C:\Program Files\Windows Media Components\Encoder\wmenc.exe - ok
11:50:06.0005 1772  [ A65F84B50317427C58A14C1C3ACD8AA2 ] C:\Program Files\Windows Media Components\Encoder\wmeditor.exe
11:50:06.0005 1772  C:\Program Files\Windows Media Components\Encoder\wmeditor.exe - ok
11:50:06.0008 1772  [ 4EA314A1B26257B0A8724E2BF65B53C7 ] C:\Program Files\Windows Media Components\Encoder\WMProEdt.exe
11:50:06.0008 1772  C:\Program Files\Windows Media Components\Encoder\WMProEdt.exe - ok
11:50:06.0010 1772  [ BAE963F318A4E269799C1E04CF9E4056 ] C:\Program Files\Windows Media Components\Encoder\wmstreamedt.exe
11:50:06.0010 1772  C:\Program Files\Windows Media Components\Encoder\wmstreamedt.exe - ok
11:50:06.0012 1772  [ 1BDEB72CC7A5DBDC61DF95438CDD1625 ] C:\Program Files\BillP Studios\WinPatrol\Setup.exe
11:50:06.0012 1772  C:\Program Files\BillP Studios\WinPatrol\Setup.exe - ok
11:50:06.0014 1772  [ 425962F5D0EA82AE0B5CD4403288C778 ] C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
11:50:06.0014 1772  C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe - ok
11:50:06.0017 1772  [ A24EDE1BD3B216B771E49754F8D6C66C ] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
11:50:06.0017 1772  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe - ok
11:50:06.0019 1772  [ CA9A97F36C096F79CC209C8685F24E5A ] C:\Program Files\WinPcap\Uninstall.exe
11:50:06.0019 1772  C:\Program Files\WinPcap\Uninstall.exe - ok
11:50:06.0021 1772  [ 5BD5DC04DA066AAC9FCCE42BC8EFFAC6 ] C:\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\LEGOBatman.exe
11:50:06.0021 1772  C:\Program Files\Warner Bros. Interactive Entertainment\LEGO Batman\LEGOBatman.exe - ok
11:50:06.0023 1772  [ 3BE15B58F47063478D419FC04E589DBA ] F:\UnrealTournament\System\UnrealTournament.exe
11:50:06.0023 1772  F:\UnrealTournament\System\UnrealTournament.exe - ok
11:50:06.0025 1772  [ D1336C1CE9F83DF298AE4381C7F7D7BA ] C:\Program Files\Telltale Games\Tales of Monkey Island\Rise of the Pirate God\MonkeyIsland105.exe
11:50:06.0025 1772  C:\Program Files\Telltale Games\Tales of Monkey Island\Rise of the Pirate God\MonkeyIsland105.exe - ok
11:50:06.0028 1772  [ 70DB9D901E9ABAD6E41C88500DA6C1EA ] C:\Program Files\LucasArts\LEGO® Indiana Jones™ 2\LEGOIndy2.exe
11:50:06.0028 1772  C:\Program Files\LucasArts\LEGO® Indiana Jones™ 2\LEGOIndy2.exe - ok
11:50:06.0031 1772  [ 5746CF2873F139724BC6002F9C164C5E ] C:\Program Files\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe
11:50:06.0031 1772  C:\Program Files\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe - ok
11:50:06.0033 1772  [ 6194BE67BE264F95BFAF220D8D4A3F1B ] C:\Program Files\Telltale Games\Tales of Monkey Island\The Trial and Execution of Guybrush Threepwood\MonkeyIsland104.exe
11:50:06.0033 1772  C:\Program Files\Telltale Games\Tales of Monkey Island\The Trial and Execution of Guybrush Threepwood\MonkeyIsland104.exe - ok
11:50:06.0035 1772  [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
11:50:06.0035 1772  C:\Windows\System32\netcfgx.dll - ok
11:50:06.0037 1772  [ 898ABECCD5F0B9A8E8F1318DDB234685 ] C:\Windows\System32\dot3api.dll
11:50:06.0037 1772  C:\Windows\System32\dot3api.dll - ok
11:50:06.0039 1772  [ 8D544AC1B7AA7FB9DFF0C3E7DA6AD295 ] C:\Windows\System32\wlanhlp.dll
11:50:06.0039 1772  C:\Windows\System32\wlanhlp.dll - ok
11:50:06.0041 1772  [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll
11:50:06.0041 1772  C:\Windows\System32\rastapi.dll - ok
11:50:06.0043 1772  [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp
11:50:06.0043 1772  C:\Windows\System32\unimdm.tsp - ok
11:50:06.0045 1772  [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll
11:50:06.0045 1772  C:\Windows\System32\uniplat.dll - ok
11:50:06.0047 1772  [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp
11:50:06.0047 1772  C:\Windows\System32\kmddsp.tsp - ok
11:50:06.0049 1772  [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp
11:50:06.0049 1772  C:\Windows\System32\ndptsp.tsp - ok
11:50:06.0051 1772  [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp
11:50:06.0051 1772  C:\Windows\System32\hidphone.tsp - ok
11:50:06.0053 1772  [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll
11:50:06.0053 1772  C:\Windows\System32\rasppp.dll - ok
11:50:06.0055 1772  [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll
11:50:06.0055 1772  C:\Windows\System32\rasqec.dll - ok
11:50:06.0057 1772  [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
11:50:06.0057 1772  C:\Windows\System32\raschap.dll - ok
11:50:06.0059 1772  [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
11:50:06.0059 1772  C:\Windows\System32\rastls.dll - ok
11:50:06.0061 1772  [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll
11:50:06.0061 1772  C:\Windows\System32\cryptui.dll - ok
11:50:06.0064 1772  [ 00000000000000000000000000000000 ] C:\Program Files\LucasArts\LEGO Indiana Jones\LEGOIndy.exe
11:50:06.0064 1772  C:\Program Files\LucasArts\LEGO Indiana Jones\LEGOIndy.exe - ok
11:50:06.0066 1772  [ E44C7D6F8D665DA2D9385E5E15EDEEF7 ] C:\Windows\System32\consent.exe
11:50:06.0066 1772  C:\Windows\System32\consent.exe - ok
11:50:06.0068 1772  [ 178A34E5554DCE485E1262DDF027960C ] C:\Windows\temp\tdsAF03.tmp
11:50:06.0068 1772  C:\Windows\temp\tdsAF03.tmp - ok
11:50:06.0070 1772  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\87176749.sys
11:50:06.0070 1772  C:\Windows\System32\drivers\87176749.sys - ok
11:50:06.0072 1772  [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
11:50:06.0072 1772  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
11:50:06.0074 1772  [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll
11:50:06.0074 1772  C:\Windows\System32\wbem\cimwin32.dll - ok
11:50:06.0076 1772  [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll
11:50:06.0076 1772  C:\Windows\System32\framedynos.dll - ok
11:50:06.0077 1772  [ 0A990AFB9F2726323D61C8ECB8B70B17 ] C:\Windows\System32\security.dll
11:50:06.0077 1772  C:\Windows\System32\security.dll - ok
11:50:06.0079 1772  [ 5FA382106B145A920E2A4F7087AF1B90 ] C:\Windows\System32\wbem\wmipcima.dll
11:50:06.0080 1772  C:\Windows\System32\wbem\wmipcima.dll - ok
11:50:06.0082 1772  [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
11:50:06.0082 1772  C:\Windows\System32\wmi.dll - ok
11:50:06.0083 1772  ============================================================
11:50:06.0083 1772  Scan finished
11:50:06.0083 1772  ============================================================
11:50:06.0087 1912  Detected object count: 6
11:50:06.0087 1912  Actual detected object count: 6
11:50:42.0739 1912  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:50:42.0740 1912  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:50:42.0740 1912  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:50:42.0740 1912  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:50:42.0741 1912  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:50:42.0741 1912  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:50:42.0741 1912  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:50:42.0741 1912  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:50:42.0742 1912  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
11:50:42.0742 1912  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:50:42.0743 1912  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:50:42.0743 1912  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:52:09.0540 2480  Deinitialize success
 



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 12 May 2013 - 09:48 PM

Download the enclosed file. [attachment=137576:CFScript.txt]

 

Save it next to Combofix.

 

CFScriptB-4.gif

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

 

Run TDSSKiller once again and delete the following only:

 

\Device\Harddisk0\DR0 ( TDSS File System )
\Device\Harddisk0\DR0 ( TDSS File System )

 

How is it doing?

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 12 May 2013 - 10:47 PM

Latest combofix log:

 

ComboFix 13-05-12.01 - Richard 05/12/2013  20:32:35.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2297 [GMT -7:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
Command switches used :: c:\users\Richard\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-13 to 2013-05-13  )))))))))))))))))))))))))))))))
.
.
2013-05-13 03:38 . 2013-05-13 03:38 -------- d-----w- c:\users\Richard\AppData\Local\temp
2013-05-13 03:38 . 2013-05-13 03:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-13 03:38 . 2013-05-13 03:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-13 03:38 . 2013-05-13 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-12 12:54 . 2013-05-12 18:42 -------- d-----w- C:\FRST
2013-05-11 15:44 . 2013-05-11 15:44 -------- d-----w- C:\MATS
2013-05-11 15:39 . 2013-05-11 15:45 -------- d-----w- c:\users\Richard\AppData\Local\ElevatedDiagnostics
2013-05-10 02:36 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6B2DAD7-978B-416F-ADE2-E56946B8A1CF}\mpengine.dll
2013-05-08 22:48 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-23 15:46 . 2013-04-23 15:45 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC4A4020-6C5D-404E-91B1-68ACE478A750}\gapaengine.dll
2013-04-14 15:04 . 2013-04-14 15:04 -------- d-----w- c:\program files\DVD Shrink
2013-04-14 14:28 . 2013-03-15 05:46 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-04-14 14:28 . 2013-03-15 05:46 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2013-04-14 14:28 . 2013-03-15 05:46 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2013-04-14 14:28 . 2013-03-15 05:46 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-04-14 14:28 . 2013-03-15 05:46 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-04-14 14:28 . 2013-03-15 05:46 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2013-04-14 14:28 . 2013-03-15 05:46 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2013-04-14 14:28 . 2013-03-15 05:46 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-04-14 14:28 . 2013-03-15 05:46 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-04-14 14:28 . 2013-03-15 05:46 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-11 03:11 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 02:27 . 2012-04-14 14:43 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-10 02:27 . 2011-07-05 05:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2009-10-01 02:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-15 05:46 . 2012-10-11 05:14 2539128 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 05:46 . 2012-10-11 05:14 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2013-03-15 02:59 . 2009-05-01 07:07 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 02:59 . 2009-05-01 07:07 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-03-15 02:59 . 2009-05-01 07:07 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 02:59 . 2009-05-01 07:07 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 02:59 . 2009-05-01 07:07 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-13 00:09 . 2013-03-13 00:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 00:09 . 2012-05-18 04:39 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-13 00:09 . 2010-04-15 20:42 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 00:09 . 2013-03-13 00:09 0 ----a-w- c:\windows\system32\RENEF1E.tmp
2013-03-13 00:09 . 2013-03-13 00:09 0 ----a-w- c:\windows\system32\RENEF1D.tmp
2013-03-11 13:25 . 2013-04-10 16:17 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 16:17 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 16:17 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 16:17 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 16:17 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 16:17 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-05 01:40 . 2013-04-10 16:17 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-03-03 19:07 . 2013-04-10 16:17 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-21 20:34 . 2013-02-21 20:34 0 ----a-w- c:\windows\system32\RENC45E.tmp
2013-02-21 20:34 . 2013-02-21 20:34 0 ----a-w- c:\windows\system32\RENC45D.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UV Realtime.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UV Realtime.lnk
backup=c:\windows\pss\UV Realtime.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2010-10-12 21:56 979328 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXRCV]
2011-03-09 08:00 495616 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2011-03-09 08:00 856064 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-10 05:09 133104 ----atw- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-05-03 23:35 1635752 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2010-05-31 11:18 323976 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-15 15:44]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 01:46]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 01:46]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000Core.job
- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-10 05:09]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000UA.job
- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-10 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080410
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-12 20:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1768)
c:\users\Richard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2013-05-12  20:39:15
ComboFix-quarantined-files.txt  2013-05-13 03:39
ComboFix2.txt  2013-05-12 19:13
.
Pre-Run: 45,038,604,288 bytes free
Post-Run: 45,079,957,504 bytes free
.
- - End Of File - - 68E7EA51033B88E0CA761B7E65CD805A
 

 

I ran TDSSKiller and deleted the TDSS File System as you said.  Did you want the new TDSS log?

 

I guess things are looking ok, should I try to re-install Microsoft security essentials yet?

 

Thanks

Rich



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 13 May 2013 - 02:54 PM

I guess things are looking ok, should I try to re-install Microsoft security essentials yet?

Yes, please. Let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 13 May 2013 - 03:07 PM

Same as before:

 

"Cannot complete the Security Essentials Installation

 

An error has prevented the Security Essentials setup wizard from completing

successfully. Please restart your computer and try again."

 

Error code:0x80070643

 

 

I verifiied that I have the right version (Vista 32bit). and have done the steps recommended in post :

http://www.bleepingcomputer.com/forums/t/494163/msse-seems-to-have-disappeared/?p=3047628

 

and in this post:

http://www.bleepingcomputer.com/forums/t/494163/msse-seems-to-have-disappeared/?p=3047902

 

Still no luck.

 

Also, I can not download anything directly on this PC as the virus check always fails (no virus program installed) and the downloaded file is immediately deleted.

 

-Rich


Edited by Richard14, 13 May 2013 - 03:20 PM.


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 13 May 2013 - 09:11 PM

Download OTL  to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

  • OTL should now start. Change the following settings
    • Change Drivers to All

    • Change Standard Registry to All

    • Under File Scans, change File age to 30


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.

    • Please post  the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.


 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:49 AM

Posted 13 May 2013 - 09:17 PM

Download also the latest version of FRST and perform a scan. Post its report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 13 May 2013 - 09:32 PM

OTL logfile created on: 5/13/2013 7:17:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 75.54% Memory free
6.19 Gb Paging File | 5.57 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 42.29 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.97 Gb Free Space | 73.13% Space Free | Partition Type: NTFS
Drive E: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.51 Gb Total Space | 200.06 Gb Free Space | 21.48% Space Free | Partition Type: NTFS
Drive G: | 1.96 Gb Total Space | 1.35 Gb Free Space | 68.76% Space Free | Partition Type: FAT
 
Computer Name: MAIN-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/13 19:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/05/02 17:59:51 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/03 16:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/14 22:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/07/16 20:52:18 | 000,548,264 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/03/14 22:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/09/12 01:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
 
 
========== Driver Services (All) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Richard\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/03/14 22:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/03/03 12:07:52 | 001,082,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2013/01/04 04:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2013/01/04 04:28:19 | 000,914,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2013/01/03 18:55:18 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2012/08/21 04:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2012/07/25 20:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2012/07/25 19:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2012/07/25 19:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2012/06/04 08:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2012/05/01 07:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/03/20 16:28:50 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/02/29 06:32:37 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2011/07/06 08:31:47 | 000,214,016 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/04/29 06:25:10 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 06:25:09 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/29 06:24:42 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/29 06:24:40 | 000,106,496 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/21 06:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2011/04/14 07:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/02/22 06:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/02/18 07:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/01/20 09:37:37 | 000,638,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2010/07/10 22:04:37 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\IASTOR.SYS -- (iaStor)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/06/23 10:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/02/20 13:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/02/18 04:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/09/30 18:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 09:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 09:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/04/10 23:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/10 23:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/10 23:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/10 23:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/10 23:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/10 23:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2009/04/10 23:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/10 23:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/10 23:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/10 23:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/10 23:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/10 23:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/10 22:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/10 21:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/10 21:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/10 21:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/10 21:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/10 21:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/10 21:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/10 21:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/10 21:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/10 21:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/10 21:43:04 | 000,062,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/04/10 21:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/10 21:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/10 21:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/10 21:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/10 21:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/10 21:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/10 21:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/10 21:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/10 21:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/10 21:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/10 21:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/10 21:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2008/06/16 03:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2008/04/10 10:18:45 | 000,025,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/04/10 10:18:45 | 000,021,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/10 10:18:45 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/04/10 10:18:45 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/04/10 10:18:45 | 000,018,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/04/10 10:18:45 | 000,017,592 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/04/10 10:18:45 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/04/10 10:18:45 | 000,016,056 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2008/04/10 10:14:13 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/04/10 10:14:13 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2008/04/10 10:14:13 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/04/10 10:12:06 | 000,020,920 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/10 10:12:06 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/04/10 10:09:29 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/10 10:09:29 | 000,106,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2008/04/10 10:09:29 | 000,058,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2008/04/10 10:09:29 | 000,054,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2008/04/10 10:09:29 | 000,054,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2008/04/10 10:09:29 | 000,053,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2008/04/10 10:09:29 | 000,053,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2008/04/10 10:09:29 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/19 00:42:31 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/19 00:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/19 00:42:18 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/19 00:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/19 00:41:52 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/19 00:41:49 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/19 00:41:30 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/19 00:41:14 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/19 00:41:14 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/18 23:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/18 23:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/18 23:14:09 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/01/18 23:01:15 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/18 23:01:09 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/18 23:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/18 23:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/18 23:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/18 22:57:16 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/18 22:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/18 22:56:34 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/18 22:56:34 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/18 22:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/18 22:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/18 22:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/18 22:56:29 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/18 22:56:28 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/18 22:56:28 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/18 22:56:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/18 22:56:23 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/18 22:56:07 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/18 22:55:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/18 22:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/18 22:55:41 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/18 22:55:40 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/18 22:55:19 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/18 22:55:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/18 22:55:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/18 22:54:46 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/18 22:53:40 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/18 22:53:29 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/18 22:53:20 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/18 22:53:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/18 22:52:19 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/18 22:52:06 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/18 22:49:20 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/18 22:49:19 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/18 22:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/18 22:49:18 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/18 22:49:18 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/18 22:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/18 22:49:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/18 22:49:12 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4)
DRV - [2008/01/18 22:49:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/18 22:49:10 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2008/01/18 22:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/18 22:49:09 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2008/01/18 22:30:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/18 22:30:23 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/18 22:28:09 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/18 22:28:02 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/18 22:27:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2007/09/12 01:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/09/12 01:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 02:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 02:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:04 | 000,058,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,056,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 02:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2006/11/02 02:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 02:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 01:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 01:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 01:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2006/11/02 01:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 01:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 01:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 01:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2006/11/02 01:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 01:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 01:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 01:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 01:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 01:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 01:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 01:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 01:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 01:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 01:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 01:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 01:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 01:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2006/11/02 00:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/01 23:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080410
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.152_0\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Richard\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 10:26:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/26 21:09:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Users\Richard\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Richard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Richard\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Richard\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/05/12 12:07:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEF195D4-F0C3-4080-9549-49A59BFEE100}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Richard\Pictures\2011-2012 Nick 2nd grade school picture.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richard\Pictures\2011-2012 Nick 2nd grade school picture.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/13 19:16:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2013/05/12 20:44:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/12 20:39:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/12 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\temp
[2013/05/12 20:38:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/12 11:53:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/12 11:53:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/12 11:53:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/12 11:53:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/12 05:54:56 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/11 16:02:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/11 08:44:01 | 000,000,000 | ---D | C] -- C:\MATS
[2013/05/11 08:39:15 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\ElevatedDiagnostics
[2013/05/11 08:35:37 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Fix it portable
[2013/05/09 19:44:01 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Italian
[2013/04/14 08:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2013/04/14 08:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2013/04/14 07:28:26 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/04/14 07:28:26 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/04/14 07:28:26 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/04/14 07:28:26 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/04/14 07:28:25 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/04/14 07:28:25 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/04/14 07:28:25 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/04/14 07:28:25 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013/04/14 07:28:25 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013/04/14 07:28:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/13 19:14:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/13 19:14:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 19:14:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 19:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/13 19:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2013/05/13 13:20:22 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/13 13:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/12 20:37:37 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000UA.job
[2013/05/12 12:07:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/11 07:03:28 | 000,649,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/11 07:03:28 | 000,122,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/10 17:37:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-137111657-3113389662-2625091050-1000Core.job
[2013/05/10 11:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/05/09 19:27:08 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/09 19:27:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/07 17:29:57 | 000,018,216 | ---- | M] () -- C:\Users\Richard\Documents\AC Fish.odt
[2013/05/02 08:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 15:17:33 | 000,017,718 | ---- | M] () -- C:\Users\Richard\Documents\ptable_6.pdf
[2013/04/16 13:56:34 | 000,059,758 | ---- | M] () -- C:\Users\Richard\Desktop\72095_4893338532100_353195239_n.jpg
[2013/04/14 20:38:51 | 000,924,722 | ---- | M] () -- C:\Users\Richard\Desktop\IMAG0554.jpg
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/12 11:53:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/12 11:53:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/12 11:53:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/12 11:53:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/12 11:53:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/07 17:29:56 | 000,018,216 | ---- | C] () -- C:\Users\Richard\Documents\AC Fish.odt
[2013/04/29 15:18:17 | 000,017,718 | ---- | C] () -- C:\Users\Richard\Documents\ptable_6.pdf
[2013/04/16 13:56:34 | 000,059,758 | ---- | C] () -- C:\Users\Richard\Desktop\72095_4893338532100_353195239_n.jpg
[2013/04/14 20:38:48 | 000,924,722 | ---- | C] () -- C:\Users\Richard\Desktop\IMAG0554.jpg
[2013/01/01 10:44:44 | 000,000,448 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/09/01 17:02:11 | 000,001,018 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\DVDSubEdit.ini
[2012/01/08 19:30:26 | 000,000,106 | ---- | C] () -- C:\Windows\EWF645.ini
[2011/08/27 13:51:52 | 000,058,168 | ---- | C] () -- C:\Windows\System32\Uninstal.exe
[2011/06/12 18:57:09 | 000,000,095 | ---- | C] () -- C:\Users\Richard\AppData\Local\fusioncache.dat
[2010/07/14 19:00:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/09 19:10:34 | 000,257,712 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/08 10:46:50 | 000,001,356 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2009/03/14 21:27:49 | 000,000,000 | ---- | C] () -- C:\Users\Richard\AppData\Local\rx_image.Cache
[2009/01/14 17:46:55 | 000,242,688 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Richard\Documents\Untitled1.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Richard\Documents\tangled.dmsd:Roxio EMC Stream
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:45F3AD49
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:207C4C79
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2E0B7D8A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:38C4D9C2

< End of report >

 

Extras.txt is attached.  

 

Thankyou for all this help

 

-Rich



#15 Richard14

Richard14
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 13 May 2013 - 09:34 PM

Sorry, here's the extras.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users