Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2014 infection, CDROM.sys compromised by zero.access


  • This topic is locked This topic is locked
27 replies to this topic

#1 loadblok

loadblok

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 30 May 2013 - 01:32 PM

DDS log file as requested:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Deb at 13:13:41 on 2013-05-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2037.1363 [GMT -5:00]
.
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG update module *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\RECIPE~2\bar\1.bin\2jbrmon.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uURLSearchHooks: <No Name>: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - c:\program files\recipehub_2j\bar\1.bin\2jSrcAs.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Toolbar BHO: {06e3475c-5521-4de8-bb12-50720f21631c} - c:\program files\recipehub_2j\bar\1.bin\2jbar.dll
BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\unfriendapp\ie\common.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Search Assistant BHO: {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - c:\program files\recipehub_2j\bar\1.bin\2jSrcAs.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Recipe Hub: {CF51DE5B-EB36-4114-BB69-84DF63FBADB4} - c:\program files\recipehub_2j\bar\1.bin\2jbar.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} -
TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - c:\program files\recipehub_2j\bar\1.bin\2jbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Recipe Hub Search Scope Monitor] "c:\progra~1\recipe~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h
mRun: [RecipeHub_2j Browser Plugin Loader] c:\progra~1\recipe~2\bar\1.bin\2jbrmon.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
TCP: NameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
TCP: Interfaces\{76627545-144C-434C-8E33-AAB09F2D4429} : DHCPNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\deb\application data\mozilla\firefox\profiles\hoq4tyg0.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={1810B864-8C3E-4EF0-B88F-2A47E08C0D3F}&mid=e986bc6c68e2adc30ef05557afaed688-91be2c333fc4a4d7e12fdc3a685adb579ef035ae&lang=us&ds=AVG&pr=fr&d=2012-02-14 09:25:08&v=14.2.0.1&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={1810B864-8C3E-4EF0-B88F-2A47E08C0D3F}&mid=e986bc6c68e2adc30ef05557afaed688-91be2c333fc4a4d7e12fdc3a685adb579ef035ae&lang=us&ds=AVG&pr=fr&d=2012-02-14 09:25:08&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\recipehub_2j\bar\1.bin\NP2jStub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-2-28 37664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-12 116608]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-2-19 282624]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2013-2-19 1418184]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-2-27 4937264]
S2 RecipeHub_2jService;Recipe HubService;c:\progra~1\recipe~2\bar\1.bin\2jbarsvc.exe [2012-6-14 42504]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-5-30 30464]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-29 35144]
.
=============== Created Last 30 ================
.
2013-05-30 15:35:54    30464    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-05-30 15:34:54    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
2013-05-30 15:15:59    --------    d-----w-    c:\windows\snack
2013-05-29 18:33:09    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-05-29 18:32:30    --------    d-----w-    C:\Malwarebytes
2013-05-27 23:25:15    0    ----a-w-    c:\documents and settings\deb\notepad.exe
2013-05-27 23:25:15    0    ----a-w-    c:\documents and settings\deb\acrobatreader.exe
2013-05-27 23:25:14    0    ----a-w-    c:\documents and settings\deb\googleupdate.exe
2013-05-11 10:37:28    209472    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-05-30 15:17:53    62976    ----a-w-    c:\windows\system32\drivers\cdrom.sys.dump
2013-05-21 04:24:35    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-05-14 20:54:32    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 20:54:32    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-04 19:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-06 22:56:10    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 22:56:08    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-06 22:56:08    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-06 22:56:08    143872    ----a-w-    c:\windows\system32\javacpl.cpl
.
============= FINISH: 13:14:21.39 ===============
 

RogueKiller logs (I ran it multiple times):

 

Log #1:

 

***********************************************************************

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Deb [Admin rights]
Mode : Scan -- Date : 05/30/2013 10:16:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : ynjcrpeu (C:\Documents and Settings\NetworkService\Local Settings\Application Data\vyttpvokh\kydxahotssd.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : ynjcrpeu (C:\Documents and Settings\NetworkService\Local Settings\Application Data\vyttpvokh\kydxahotssd.exe) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] $NtUninstallKB8340$ : C:\WINDOWS\$NtUninstallKB8340$ --> FOUND
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] 032610d848dedb32d8860fad5d38ed5d
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05302013_02d1016.txt >>
RKreport[1]_S_05302013_02d1016.txt
***********************************************************************

 


 

RogueKiller log #2:

***********************************************************************

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Deb [Admin rights]
Mode : Remove -- Date : 05/30/2013 10:19:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : ynjcrpeu (C:\Documents and Settings\NetworkService\Local Settings\Application Data\vyttpvokh\kydxahotssd.exe) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\WINDOWS\$NtUninstallKB8340$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FILE] @ : C:\WINDOWS\$NtUninstallKB8340$\1320709676\@ [-] --> REMOVED
[Del.Parent][FILE] Desktop.ini : C:\WINDOWS\$NtUninstallKB8340$\1320709676\Desktop.ini [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB8340$\1320709676\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS\$NtUninstallKB8340$\1320709676\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 6715e287 : C:\WINDOWS\$NtUninstallKB8340$\1320709676\L\6715e287 [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\WINDOWS\$NtUninstallKB8340$\1320709676\L\76603ac3 [-] --> REMOVED
[Del.Parent][FILE] odetmngk : C:\WINDOWS\$NtUninstallKB8340$\1320709676\L\odetmngk [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB8340$\1320709676\L --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB8340$\1320709676\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\WINDOWS\$NtUninstallKB8340$\1320709676\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\WINDOWS\$NtUninstallKB8340$\1320709676\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\WINDOWS\$NtUninstallKB8340$\1320709676\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\WINDOWS\$NtUninstallKB8340$\1320709676\U\80000032.@ [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB8340$\1320709676\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB8340$\1320709676 --> REMOVED AT REBOOT
[Del.Parent][FILE] 1777263889 : C:\WINDOWS\$NtUninstallKB8340$\1777263889 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB8340$ --> REMOVED AT REBOOT
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys [-] --> CANNOT FIX

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] 032610d848dedb32d8860fad5d38ed5d
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05302013_02d1019.txt >>
RKreport[1]_S_05302013_02d1016.txt ; RKreport[2]_D_05302013_02d1019.txt
***********************************************************************

 

And finally, log #3

***********************************************************************

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Deb [Admin rights]
Mode : Scan -- Date : 05/30/2013 11:03:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtAllocateVirtualMemory -> HOOKED (\??\C:\WINDOWS\system32\drivers\hitmanpro37.sys @ 0xBA139566)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] 032610d848dedb32d8860fad5d38ed5d
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_05302013_02d1103.txt >>
RKreport[1]_S_05302013_02d1016.txt ; RKreport[2]_D_05302013_02d1019.txt ; RKreport[3]_S_05302013_02d1103.txt
***********************************************************************

 

I forgot to mention earlier that I ran HitManPro after RogueKiller, but it errored out after IDing the CDROM.sys as a compromised/corrupted/obfuscated file and before it could do any removal.

 

Thanks for your help!

 

Mark


 

 


 

 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 01 June 2013 - 09:33 PM


Hello loadblok

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 June 2013 - 10:33 AM

AdwCleaner Log:

 

# AdwCleaner v2.301 - Logfile created 06/03/2013 at 08:28:45
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Deb - D7FDJCF1
# Boot Mode : Normal
# Running from : C:\downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\DOCUME~1\Deb\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\DynConIE
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Deb\Application Data\Mozilla\Firefox\Profiles\hoq4tyg0.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={1810B864-8C3E-4EF0-B88F-2A47E08C[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={1810B864-8C3E-4EF0-B88F-2A47E08C0D3F}&m[...]

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Deb\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.26] : keyword = "isearch.avg.com",
Deleted [l.29] : search_url = "hxxp://isearch.avg.com/search?cid={1810B864-8C3E-4EF0-B88F-2A47E08C0D3F}&mid=e9[...]
Deleted [l.344] : homepage = "hxxp://isearch.avg.com/?cid={1810B864-8C3E-4EF0-B88F-2A47E08C0D3F}&mid=e986bc6c68e2a[...]
Deleted [l.499] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={1810B864-8C3E-4EF0-B88F-2A47E08C[...]

*************************

AdwCleaner[R1].txt - [6912 octets] - [03/06/2013 08:26:51]
AdwCleaner[R2].txt - [6972 octets] - [03/06/2013 08:28:35]
AdwCleaner[S1].txt - [6437 octets] - [03/06/2013 08:28:45]

########## EOF - C:\AdwCleaner[S1].txt - [6497 octets] ##########

 

 

 

 

 

 

Junkware Removal Tool Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Deb on Mon 06/03/2013 at  9:26:05.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\recipe hub search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\recipehub_2j browser plugin loader
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{A057A204-BACC-4D26-9990-79A187E2698F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{A057A204-BACC-4D26-9990-79A187E26990}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}

 

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"
Failed to delete: [Folder] "C:\Program Files\recipehub_2j"
Successfully deleted: [Folder] "C:\Program Files\recipehub_2jei"

 

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\2jffxtbr@recipehub_2j.com

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/03/2013 at  9:27:57.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 03 June 2013 - 12:29 PM


Hello loadblok

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 June 2013 - 05:00 PM

Hi Gringo, I started to run ComboFix, and had a few notifications because of AVG updater service, which I OK'd through. CF started the download of the recovery console, went thru 2 lines of "###### 100%" in the command window, then gives a message, "The file or directory is corrupt and unreadable", and the CF command window is open but no process activity in task manager.  The process CF1695.exe is listed in the process image list, but it is not using any CPU.  I know I want to tread lightly where CF is concerned, so I will leave it at this state until I hear back from you.    Thanks!   Mark (aka loadblok)

 

p.s. I had temporarily disabled AVG, but CF did not like the AVG updates service running


Edited by loadblok, 03 June 2013 - 05:03 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 03 June 2013 - 09:45 PM


Hello loadblok

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 04 June 2013 - 10:13 AM

Hi Gringo,

When I got back to it this morning, I had a message awaiting me that said something to the affect that the Recovery Console had successfully installed and when I acknowledged the message CF continued to run, and from the looks of the dialog, running successfully. It has not completed yet, but I see a message that the CDROM.sys was infected and had been restored, and that was the infected file at the beginning of all this.  When this run of CF finishes, should I still try safe mode to scan with CF?

 

Thanks for the help!

 

Mark


Edited by loadblok, 04 June 2013 - 10:17 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 04 June 2013 - 10:18 AM

no send me the report that it makes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 04 June 2013 - 01:56 PM

Gringo,

Since I posted earlier about the successful restoration of cdrom.sys, CF has not shown anything further within its command window; there is constant hard drive activity and the cursor is flashing below the "Successfully restored :)" message. The desktop wallpaper is visble in the background, but the desktop short cuts are hidden right now.  They have cycled between hidden  and unhidden several times during stage. This is an older XP machine, but should it run this long? I can let it go as long as needed, just haven't had enough experience with CF to know if I am frozen or it more is yet to come. 

 

Thanks,

Mark



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 04 June 2013 - 05:09 PM


Hello loadblok

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 04 June 2013 - 05:15 PM

Thanks Gringo,

I will run TDSSKiller and RogueKiller, but ComboFix is still running, it hasn't displayed any new text since the "CDROM.sys restored successfully" message, although the drive activity light keeps flickering.  I will let it go tonight again, but is there a point at which I should try to suspend it-or reboot if the PC is frozen? I have seen numerous warnings about Combofix so I want to treat it with respect.

 

Thanks,

Mark



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 04 June 2013 - 06:05 PM

go ahead and stop it - it does not take this long



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 June 2013 - 08:09 AM

Hi Gringo,

When I got back to it this morning, the system is now doing an automatic CHKDSK to fix a dirty volume.  I will post the results of combofix when this CHKDSK completes, then i will run the TDSS Killer and RogueKiller.

 

Thanks,

Mark



#14 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 June 2013 - 09:02 AM

Gringo,

The PC finished the chkdsk (thankfully) and popped up the ComboFix log at startup, so here is the CF log:

 

ComboFix 13-06-03.06 - Deb 06/04/2013   7:59.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2037.1306 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG update module *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\9038631038F3D2A800009037D2DBD618
c:\documents and settings\All Users\Application Data\9038631038F3D2A800009037D2DBD618\9038631038F3D2A800009037D2DBD618
c:\documents and settings\All Users\Application Data\9038631038F3D2A800009037D2DBD618\9038631038F3D2A800009037D2DBD618.ico
c:\documents and settings\Deb\acrobatreader.exe
c:\documents and settings\Deb\googleupdate.exe
c:\documents and settings\Deb\notepad.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\0246dd9804872c2c.fb
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\0b02588368ba48e2.fb
c:\windows\system32\Cache\12d868f896f92deb.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\230b2166f14624f5.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\4dd685e046470555.fb
c:\windows\system32\Cache\51a111923097eedf.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5b75f6c7e1c2f900.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\63391a168faf2cb6.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\968b95f06749d9a7.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\a1fc44206998e7eb.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fe53700fefc160c4.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_USNJSVC
-------\Service_6to4
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-05 to 2013-06-05  )))))))))))))))))))))))))))))))
.
.
2013-06-03 20:58 . 2013-06-03 20:58 -------- d-----w- c:\documents and settings\Deb\Local Settings\Application Data\AVG Secure Search
2013-06-03 20:58 . 2013-06-03 20:58 -------- d-----w- c:\documents and settings\Deb\Application Data\AVG Secure Search
2013-06-03 20:58 . 2013-06-03 20:58 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-06-03 20:58 . 2013-06-03 20:58 -------- d-----w- c:\program files\AVG Secure Search
2013-06-03 20:58 . 2013-06-03 20:58 -------- d-----w- c:\windows\LastGood.Tmp
2013-06-03 14:26 . 2013-06-03 14:26 -------- d-----w- c:\windows\ERUNT
2013-06-03 14:25 . 2013-06-03 14:25 -------- d-----w- C:\JRT
2013-05-30 16:40 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-05-30 16:40 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-05-30 15:35 . 2013-05-30 15:35 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-05-30 15:34 . 2013-05-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-05-30 15:15 . 2013-05-30 15:15 -------- d-----w- c:\windows\snack
2013-05-29 18:33 . 2013-05-29 18:33 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-05-29 18:32 . 2013-05-29 18:32 -------- d-----w- C:\Malwarebytes
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-03 20:58 . 2013-02-28 20:18 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-14 20:54 . 2012-04-11 12:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 20:54 . 2012-04-11 12:01 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-16 22:17 . 2004-08-10 18:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-10 18:51 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-10 18:51 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-10 18:51 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50 . 2010-01-14 21:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2004-08-10 18:51 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-03 20:58 1991344 ----a-w- c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-06-03 1991344]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-03-26 53248]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2006-10-03 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-06-03 1226928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2/28/2013 3:18 PM 37664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/12/2010 9:32 AM 116608]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [6/3/2013 3:58 PM 1015984]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [2/19/2013 4:02 AM 1418184]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
S2 RecipeHub_2jService;Recipe HubService;c:\progra~1\RECIPE~2\bar\1.bin\2jbarsvc.exe --> c:\progra~1\RECIPE~2\bar\1.bin\2jbarsvc.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [5/30/2013 10:35 AM 30464]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [5/29/2013 1:33 PM 35144]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys --> c:\windows\system32\DRIVERS\avgidsdriverx.sys [?]
S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGFWS
*NewlyCreated* - AVGIDSAGENT
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGLOGX
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 03:55 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:54]
.
2013-06-03 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:27]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:27]
.
2013-06-05 c:\windows\Tasks\User_Feed_Synchronization-{705F3BA5-8BF5-42B3-A3BF-F9B0830F6E4D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 8.8.4.4 8.8.8.8 204.127.203.135 216.148.225.135
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Deb\Application Data\Mozilla\Firefox\Profiles\hoq4tyg0.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 08:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2013-06-05  08:52:53 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-05 13:52
.
Pre-Run: 61,768,728,576 bytes free
Post-Run: 116,767,232,000 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EA67EFA232C1E568020E25EB32ACA82A
 



#15 loadblok

loadblok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 June 2013 - 10:23 AM

  

  TDSS Killer Log:
 
09:46:07.0906 1088  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:46:09.0984 1088  ============================================================
09:46:09.0984 1088  Current date / time: 2013/06/05 09:46:09.0984
09:46:09.0984 1088  SystemInfo:
09:46:09.0984 1088 
09:46:09.0984 1088  OS Version: 5.1.2600 ServicePack
: 3.0
09:46:09.0984 1088  Product type: Workstation
09:46:09.0984 1088  ComputerName: D7FDJCF1
09:46:09.0984 1088  UserName: Deb
09:46:09.0984 1088  Windows directory: C:\WINDOWS
09:46:09.0984 1088  System windows directory: C:\WINDOWS
09:46:09.0984 1088  Processor architecture: Intel x86
09:46:09.0984 1088  Number of processors: 2
09:46:09.0984 1088  Page size: 0x1000
09:46:09.0984 1088  Boot type: Normal boot
09:46:09.0984 1088  ============================================================
09:46:15.0078 1088  BG loaded
09:46:16.0046 1088  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:46:16.0093 1088  ============================================================
09:46:16.0093 1088  \Device\Harddisk0\DR0:
09:46:16.0125 1088  MBR partitions:
09:46:16.0125 1088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x129ED876
09:46:16.0125 1088  ============================================================
09:46:16.0640 1088  C: <-> \Device\Harddisk0\DR0\Partition1
09:46:16.0921 1088  ============================================================
09:46:16.0921 1088  Initialize success
09:46:16.0921 1088  ============================================================
10:15:33.0203 0500  ============================================================
10:15:33.0203 0500  Scan started
10:15:33.0203 0500  Mode: Manual; SigCheck; TDLFS;
10:15:33.0203 0500  ============================================================
10:15:33.0453 0500  ================ Scan system memory ========================
10:15:33.0453 0500  System memory - ok
10:15:33.0453 0500  ================ Scan services =============================
10:15:33.0531 0500  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:15:34.0484 0500  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
10:15:34.0484 0500  !SASCORE - detected UnsignedFile.Multi.Generic (1)
10:15:34.0578 0500  Abiosdsk - ok
10:15:34.0578 0500  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:15:36.0031 0500  abp480n5 - ok
10:15:36.0078 0500  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:15:36.0312 0500  ACPI - ok
10:15:36.0328 0500  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:15:36.0500 0500  ACPIEC - ok
10:15:36.0562 0500  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:15:36.0578 0500  AdobeFlashPlayerUpdateSvc - ok
10:15:36.0609 0500  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:15:36.0734 0500  adpu160m - ok
10:15:36.0750 0500  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:15:36.0859 0500  aec - ok
10:15:36.0890 0500  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:15:37.0000 0500  AFD - ok
10:15:37.0015 0500  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:15:37.0140 0500  agp440 - ok
10:15:37.0156 0500  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:15:37.0250 0500  agpCPQ - ok
10:15:37.0265 0500  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:15:37.0328 0500  Aha154x - ok
10:15:37.0359 0500  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:15:37.0484 0500  aic78u2 - ok
10:15:37.0500 0500  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:15:37.0593 0500  aic78xx - ok
10:15:37.0640 0500  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:15:38.0421 0500  Alerter - ok
10:15:38.0453 0500  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
10:15:38.0562 0500  ALG - ok
10:15:38.0578 0500  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:15:38.0687 0500  AliIde - ok
10:15:38.0703 0500  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:15:38.0812 0500  alim1541 - ok
10:15:38.0828 0500  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:15:38.0937 0500  amdagp - ok
10:15:38.0937 0500  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
10:15:39.0000 0500  amsint - ok
10:15:39.0015 0500  AppMgmt - ok
10:15:39.0031 0500  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
10:15:39.0140 0500  asc - ok
10:15:39.0156 0500  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:15:39.0218 0500  asc3350p - ok
10:15:39.0234 0500  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:15:39.0328 0500  asc3550 - ok
10:15:39.0421 0500  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:15:39.0906 0500  aspnet_state - ok
10:15:39.0937 0500  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:15:40.0109 0500  AsyncMac - ok
10:15:40.0140 0500  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:15:40.0234 0500  atapi - ok
10:15:40.0234 0500  Atdisk - ok
10:15:40.0265 0500  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:15:40.0375 0500  Atmarpc - ok
10:15:40.0390 0500  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:15:40.0500 0500  AudioSrv - ok
10:15:40.0546 0500  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:15:40.0656 0500  audstub - ok
10:15:40.0687 0500  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
10:15:40.0703 0500  Avgfwfd - ok
10:15:40.0796 0500  [ DC4739DD82EAFD85299B4E87B5F63207 ] avgfws          C:\Program Files\AVG\AVG2013\avgfws.exe
10:15:41.0093 0500  avgfws - ok
10:15:41.0312 0500  [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
10:15:41.0640 0500  AVGIDSAgent - ok
10:15:41.0640 0500  AVGIDSDriver - ok
10:15:41.0656 0500  AVGIDSHX - ok
10:15:41.0656 0500  AVGIDSShim - ok
10:15:41.0671 0500  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:15:41.0703 0500  Avgldx86 - ok
10:15:41.0765 0500  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
10:15:41.0796 0500  Avglogx - ok
10:15:41.0796 0500  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:15:41.0812 0500  Avgmfx86 - ok
10:15:41.0812 0500  Avgrkx86 - ok
10:15:41.0812 0500  Avgtdix - ok
10:15:41.0843 0500  [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
10:15:41.0859 0500  avgtp - ok
10:15:41.0890 0500  [ DC98337F0D2A9F6C0B6FB682297ECE3B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
10:15:41.0906 0500  avgwd - ok
10:15:41.0953 0500  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:15:42.0078 0500  Beep - ok
10:15:42.0109 0500  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:15:42.0296 0500  BITS - ok
10:15:42.0328 0500  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
10:15:42.0390 0500  Browser - ok
10:15:42.0421 0500  catchme - ok
10:15:42.0453 0500  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:15:42.0562 0500  cbidf - ok
10:15:42.0578 0500  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:15:42.0671 0500  cbidf2k - ok
10:15:42.0703 0500  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:15:42.0812 0500  CCDECODE - ok
10:15:42.0828 0500  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:15:42.0890 0500  cd20xrnt - ok
10:15:42.0906 0500  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:15:43.0015 0500  Cdaudio - ok
10:15:43.0031 0500  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:15:43.0125 0500  Cdfs - ok
10:15:43.0156 0500  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:15:43.0265 0500  Cdrom - ok
10:15:43.0265 0500  Changer - ok
10:15:43.0312 0500  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:15:43.0437 0500  CiSvc - ok
10:15:43.0468 0500  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:15:43.0578 0500  ClipSrv - ok
10:15:43.0640 0500  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:15:43.0796 0500  clr_optimization_v2.0.50727_32 - ok
10:15:43.0828 0500  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:15:44.0000 0500  CmdIde - ok
10:15:44.0015 0500  COMSysApp - ok
10:15:44.0031 0500  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:15:44.0125 0500  Cpqarray - ok
10:15:44.0156 0500  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:15:44.0250 0500  CryptSvc - ok
10:15:44.0281 0500  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:15:44.0406 0500  dac2w2k - ok
10:15:44.0421 0500  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:15:44.0531 0500  dac960nt - ok
10:15:44.0578 0500  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:15:44.0656 0500  DcomLaunch - ok
10:15:44.0703 0500  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:15:44.0812 0500  Dhcp - ok
10:15:44.0843 0500  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:15:44.0937 0500  Disk - ok
10:15:45.0000 0500  [ 0659E6E0A95564F958D9DF7313F7701E ] DLABMFSM        C:\WINDOWS\system32\DLA\DLABMFSM.SYS
10:15:45.0015 0500  DLABMFSM - ok
10:15:45.0015 0500  [ 8691C78908F0BD66170669DB268369F2 ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:15:45.0031 0500  DLABOIOM - ok
10:15:45.0031 0500  [ 76167B5EB2DFFC729EDC36386876B40B ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:15:45.0046 0500  DLACDBHM - ok
10:15:45.0062 0500  [ 5615744A1056933B90E6AC54FEB86F35 ] DLADResM        C:\WINDOWS\system32\DLA\DLADResM.SYS
10:15:45.0062 0500  DLADResM - ok
10:15:45.0078 0500  [ 1AECA2AFA5005CE4A550CF8EB55A8C88 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:15:45.0093 0500  DLAIFS_M - ok
10:15:45.0093 0500  [ 840E7F6ABB885C72B9FFDDB022EF5B6D ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:15:45.0109 0500  DLAOPIOM - ok
10:15:45.0109 0500  [ 0294D18731AC05DA80132CE88F8A876B ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:15:45.0125 0500  DLAPoolM - ok
10:15:45.0125 0500  [ 91886FED52A3F9966207BCE46CFD794F ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
10:15:45.0140 0500  DLARTL_M - ok
10:15:45.0156 0500  [ CCA4E121D599D7D1706A30F603731E59 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:15:45.0171 0500  DLAUDFAM - ok
10:15:45.0171 0500  [ 7DAB85C33135DF24419951DA4E7D38E5 ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:15:45.0187 0500  DLAUDF_M - ok
10:15:45.0203 0500  dmadmin - ok
10:15:45.0250 0500  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:15:45.0421 0500  dmboot - ok
10:15:45.0453 0500  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:15:45.0593 0500  dmio - ok
10:15:45.0640 0500  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:15:45.0781 0500  dmload - ok
10:15:45.0812 0500  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:15:46.0078 0500  dmserver - ok
10:15:46.0093 0500  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:15:46.0218 0500  DMusic - ok
10:15:46.0250 0500  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:15:46.0359 0500  Dnscache - ok
10:15:46.0390 0500  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:15:46.0812 0500  Dot3svc - ok
10:15:46.0843 0500  [ BD05306428DA63369692477DDC0F6F5F ] Dot4Scan        C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
10:15:46.0968 0500  Dot4Scan - ok
10:15:46.0984 0500  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:15:47.0093 0500  dpti2o - ok
10:15:47.0125 0500  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:15:47.0234 0500  drmkaud - ok
10:15:47.0265 0500  [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:15:47.0265 0500  DRVMCDB - ok
10:15:47.0296 0500  [ 6E6AB29D3C06E64CE81FEACDA85394B5 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:15:47.0328 0500  DRVNDDM - ok
10:15:47.0359 0500  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:15:47.0484 0500  E100B - ok
10:15:47.0515 0500  [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:15:47.0531 0500  e1express - ok
10:15:47.0562 0500  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:15:47.0875 0500  EapHost - ok
10:15:47.0906 0500  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:15:48.0078 0500  ERSvc - ok
10:15:48.0109 0500  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
10:15:48.0187 0500  Eventlog - ok
10:15:48.0234 0500  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
10:15:48.0328 0500  EventSystem - ok
10:15:48.0343 0500  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:15:48.0453 0500  Fastfat - ok
10:15:48.0484 0500  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:15:48.0515 0500  FastUserSwitchingCompatibility - ok
10:15:48.0593 0500  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
10:15:48.0765 0500  Fax - ok
10:15:48.0796 0500  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:15:48.0921 0500  Fdc - ok
10:15:48.0937 0500  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:15:49.0046 0500  Fips - ok
10:15:49.0062 0500  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:15:49.0156 0500  Flpydisk - ok
10:15:49.0187 0500  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:15:49.0296 0500  FltMgr - ok
10:15:49.0390 0500  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:15:49.0406 0500  FontCache3.0.0.0 - ok
10:15:49.0421 0500  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:15:49.0546 0500  Fs_Rec - ok
10:15:49.0578 0500  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:15:49.0687 0500  Ftdisk - ok
10:15:49.0718 0500  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:15:49.0843 0500  Gpc - ok
10:15:49.0906 0500  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:15:49.0921 0500  gupdate - ok
10:15:49.0937 0500  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:15:49.0937 0500  gupdatem - ok
10:15:49.0984 0500  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:15:50.0000 0500  gusvc - ok
10:15:50.0015 0500  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:15:50.0125 0500  HDAudBus - ok
10:15:50.0187 0500  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:15:50.0281 0500  helpsvc - ok
10:15:50.0312 0500  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:15:50.0437 0500  HidServ - ok
10:15:50.0468 0500  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:15:50.0609 0500  HidUsb - ok
10:15:50.0640 0500  [ 05E0D8EE7D6FAB5CB672FEC3AAD93AA0 ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
10:15:50.0656 0500  hitmanpro37 - ok
10:15:50.0687 0500  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:15:51.0375 0500  hkmsvc - ok
10:15:51.0421 0500  [ 9E3944A558AB84853EF985988E23A8A4 ] HPFXBULK        C:\WINDOWS\system32\drivers\hpfxbulk.sys
10:15:51.0515 0500  HPFXBULK - ok
10:15:51.0531 0500  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
10:15:51.0703 0500  hpn - ok
10:15:51.0937 0500  [ 390920E11D7729A7B98799EBE20E38FB ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:15:52.0421 0500  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:15:52.0421 0500  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:15:52.0437 0500  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:15:52.0812 0500  HPZid412 - ok
10:15:52.0843 0500  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:15:52.0890 0500  HPZipr12 - ok
10:15:52.0921 0500  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:15:52.0984 0500  HPZius12 - ok
10:15:53.0125 0500  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:15:53.0453 0500  HTTP - ok
10:15:53.0484 0500  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:15:53.0828 0500  HTTPFilter - ok
10:15:53.0828 0500  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
10:15:53.0937 0500  i2omgmt - ok
10:15:53.0953 0500  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:15:54.0046 0500  i2omp - ok
10:15:54.0062 0500  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:15:54.0171 0500  i8042prt - ok
10:15:54.0328 0500  [ 28423512370705AEDA6A652FEDB25468 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:15:54.0890 0500  ialm - ok
10:15:54.0921 0500  [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
10:15:54.0953 0500  iaStor - ok
10:15:55.0046 0500  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:15:55.0062 0500  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:15:55.0062 0500  IDriverT - detected UnsignedFile.Multi.Generic (1)
10:15:55.0125 0500  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:15:56.0625 0500  idsvc - ok
10:15:56.0640 0500  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:15:56.0750 0500  Imapi - ok
10:15:56.0781 0500  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:15:56.0890 0500  ImapiService - ok
10:15:56.0906 0500  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:15:57.0015 0500  ini910u - ok
10:15:57.0562 0500  [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:15:58.0031 0500  IntcAzAudAddService - ok
10:15:58.0031 0500  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:15:58.0140 0500  IntelIde - ok
10:15:58.0171 0500  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:15:58.0265 0500  intelppm - ok
10:15:58.0296 0500  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:15:58.0437 0500  Ip6Fw - ok
10:15:58.0468 0500  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:15:58.0562 0500  IpFilterDriver - ok
10:15:58.0578 0500  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:15:58.0718 0500  IpInIp - ok
10:15:58.0734 0500  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:15:58.0843 0500  IpNat - ok
10:15:58.0875 0500  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:15:59.0000 0500  IPSec - ok
10:15:59.0015 0500  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:15:59.0125 0500  IRENUM - ok
10:15:59.0140 0500  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:15:59.0296 0500  isapnp - ok
10:15:59.0468 0500  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:15:59.0484 0500  JavaQuickStarterService - ok
10:15:59.0515 0500  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:15:59.0625 0500  Kbdclass - ok
10:15:59.0640 0500  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:15:59.0734 0500  kbdhid - ok
10:15:59.0765 0500  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:15:59.0875 0500  kmixer - ok
10:15:59.0906 0500  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:16:00.0093 0500  KSecDD - ok
10:16:00.0125 0500  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:16:00.0234 0500  lanmanserver - ok
10:16:00.0265 0500  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:16:00.0359 0500  lanmanworkstation - ok
10:16:00.0359 0500  lbrtfdc - ok
10:16:00.0390 0500  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:16:00.0500 0500  LmHosts - ok
10:16:00.0531 0500  [ 20856B8A44F41BB42F3F5F03C3BB2B00 ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:16:00.0546 0500  mbamchameleon - ok
10:16:00.0578 0500  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:16:00.0703 0500  Messenger - ok
10:16:00.0734 0500  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:00.0859 0500  mnmdd - ok
10:16:00.0875 0500  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:16:00.0984 0500  mnmsrvc - ok
10:16:01.0015 0500  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:16:01.0109 0500  Modem - ok
10:16:01.0140 0500  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:16:01.0234 0500  Mouclass - ok
10:16:01.0265 0500  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:16:01.0375 0500  mouhid - ok
10:16:01.0421 0500  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:16:01.0531 0500  MountMgr - ok
10:16:01.0578 0500  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:16:01.0593 0500  MozillaMaintenance - ok
10:16:01.0609 0500  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:16:01.0718 0500  mraid35x - ok
10:16:01.0734 0500  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:16:01.0843 0500  MRxDAV - ok
10:16:01.0890 0500  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:16:02.0156 0500  MRxSmb - ok
10:16:02.0234 0500  [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
10:16:02.0250 0500  MSCamSvc - ok
10:16:02.0281 0500  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:16:02.0875 0500  MSDTC - ok
10:16:02.0890 0500  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:16:03.0000 0500  Msfs - ok
10:16:03.0000 0500  MSIServer - ok
10:16:03.0031 0500  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:16:03.0140 0500  MSKSSRV - ok
10:16:03.0156 0500  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:16:03.0250 0500  MSPCLOCK - ok
10:16:03.0265 0500  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:16:03.0390 0500  MSPQM - ok
10:16:03.0406 0500  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:16:03.0515 0500  mssmbios - ok
10:16:03.0531 0500  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:16:03.0656 0500  MSTEE - ok
10:16:03.0687 0500  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:16:03.0750 0500  Mup - ok
10:16:03.0781 0500  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:16:03.0890 0500  NABTSFEC - ok
10:16:03.0921 0500  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:16:04.0265 0500  napagent - ok
10:16:04.0296 0500  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:16:04.0390 0500  NDIS - ok
10:16:04.0421 0500  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:16:04.0531 0500  NdisIP - ok
10:16:04.0562 0500  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:16:04.0578 0500  NdisTapi - ok
10:16:04.0578 0500  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:16:04.0687 0500  Ndisuio - ok
10:16:04.0703 0500  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:16:04.0828 0500  NdisWan - ok
10:16:04.0843 0500  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:16:04.0921 0500  NDProxy - ok
10:16:04.0953 0500  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
10:16:05.0000 0500  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:16:05.0000 0500  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:16:05.0015 0500  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:16:05.0125 0500  NetBIOS - ok
10:16:05.0156 0500  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:16:05.0265 0500  NetBT - ok
10:16:05.0296 0500  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:16:05.0406 0500  NetDDE - ok
10:16:05.0421 0500  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:16:05.0531 0500  NetDDEdsdm - ok
10:16:05.0546 0500  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:16:05.0656 0500  Netlogon - ok
10:16:05.0687 0500  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
10:16:05.0796 0500  Netman - ok
10:16:05.0843 0500  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:16:05.0859 0500  NetTcpPortSharing - ok
10:16:05.0921 0500  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:16:05.0984 0500  Nla - ok
10:16:06.0031 0500  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:16:06.0140 0500  Npfs - ok
10:16:06.0171 0500  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:16:06.0296 0500  Ntfs - ok
10:16:06.0312 0500  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:16:06.0437 0500  NtLmSsp - ok
10:16:06.0484 0500  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:16:06.0656 0500  NtmsSvc - ok
10:16:06.0671 0500  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:16:06.0796 0500  Null - ok
10:16:06.0984 0500  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:16:07.0218 0500  nv - ok
10:16:07.0234 0500  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:16:07.0375 0500  NwlnkFlt - ok
10:16:07.0390 0500  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:16:07.0546 0500  NwlnkFwd - ok
10:16:07.0609 0500  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:16:07.0640 0500  odserv - ok
10:16:07.0671 0500  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:16:07.0687 0500  ose - ok
10:16:07.0718 0500  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:16:07.0828 0500  Parport - ok
10:16:07.0843 0500  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:16:07.0968 0500  PartMgr - ok
10:16:08.0031 0500  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:16:08.0156 0500  ParVdm - ok
10:16:08.0156 0500  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:16:08.0265 0500  PCI - ok
10:16:08.0265 0500  PCIDump - ok
10:16:08.0281 0500  PCIIde - ok
10:16:08.0312 0500  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:16:08.0484 0500  Pcmcia - ok
10:16:08.0484 0500  PDCOMP - ok
10:16:08.0484 0500  PDFRAME - ok
10:16:08.0484 0500  PDRELI - ok
10:16:08.0500 0500  PDRFRAME - ok
10:16:08.0515 0500  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
10:16:08.0609 0500  perc2 - ok
10:16:08.0625 0500  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:16:08.0765 0500  perc2hib - ok
10:16:08.0796 0500  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:16:08.0859 0500  PlugPlay - ok
10:16:08.0890 0500  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
10:16:08.0906 0500  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:16:08.0906 0500  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:16:08.0937 0500  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:16:09.0031 0500  PolicyAgent - ok
10:16:09.0046 0500  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:16:09.0156 0500  PptpMiniport - ok
10:16:09.0156 0500  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:16:09.0250 0500  ProtectedStorage - ok
10:16:09.0265 0500  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:16:09.0375 0500  PSched - ok
10:16:09.0390 0500  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:16:09.0484 0500  Ptilink - ok
10:16:09.0531 0500  [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:16:09.0531 0500  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
10:16:09.0531 0500  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
10:16:09.0562 0500  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:16:09.0671 0500  ql1080 - ok
10:16:09.0671 0500  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:16:09.0781 0500  Ql10wnt - ok
10:16:09.0796 0500  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:16:09.0890 0500  ql12160 - ok
10:16:09.0906 0500  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:16:10.0015 0500  ql1240 - ok
10:16:10.0031 0500  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:16:10.0140 0500  ql1280 - ok
10:16:10.0156 0500  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:16:10.0265 0500  RasAcd - ok
10:16:10.0296 0500  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:16:10.0671 0500  RasAuto - ok
10:16:10.0687 0500  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:16:10.0812 0500  Rasl2tp - ok
10:16:10.0859 0500  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:16:10.0953 0500  RasMan - ok
10:16:10.0984 0500  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:16:11.0109 0500  RasPppoe - ok
10:16:11.0140 0500  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:16:11.0250 0500  Raspti - ok
10:16:11.0343 0500  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:16:11.0593 0500  Rdbss - ok
10:16:11.0625 0500  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:16:11.0734 0500  RDPCDD - ok
10:16:11.0750 0500  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:16:11.0843 0500  rdpdr - ok
10:16:11.0890 0500  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:16:12.0078 0500  RDPWD - ok
10:16:12.0109 0500  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:16:12.0218 0500  RDSessMgr - ok
10:16:12.0250 0500  RecipeHub_2jService - ok
10:16:12.0265 0500  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:16:12.0375 0500  redbook - ok
10:16:12.0406 0500  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:16:12.0734 0500  RemoteAccess - ok
10:16:12.0843 0500  [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:16:12.0937 0500  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
10:16:12.0937 0500  RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
10:16:12.0968 0500  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
10:16:13.0015 0500  RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
10:16:13.0015 0500  RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
10:16:13.0046 0500  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:16:13.0140 0500  RpcLocator - ok
10:16:13.0156 0500  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:16:13.0203 0500  RpcSs - ok
10:16:13.0265 0500  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:16:13.0359 0500  RSVP - ok
10:16:13.0375 0500  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:16:13.0468 0500  SamSs - ok
10:16:13.0484 0500  SASKUTIL - ok
10:16:13.0531 0500  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:16:13.0656 0500  SCardSvr - ok
10:16:13.0687 0500  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:16:13.0796 0500  Schedule - ok
10:16:13.0843 0500  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:16:14.0000 0500  Secdrv - ok
10:16:14.0031 0500  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:16:14.0171 0500  seclogon - ok
10:16:14.0203 0500  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
10:16:14.0359 0500  SENS - ok
10:16:14.0390 0500  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:16:14.0531 0500  serenum - ok
10:16:14.0546 0500  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:16:14.0687 0500  Serial - ok
10:16:14.0703 0500  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:16:14.0843 0500  Sfloppy - ok
10:16:14.0875 0500  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:16:15.0031 0500  SharedAccess - ok
10:16:15.0046 0500  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:16:15.0093 0500  ShellHWDetection - ok
10:16:15.0093 0500  Simbad - ok
10:16:15.0125 0500  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:16:15.0250 0500  sisagp - ok
10:16:15.0265 0500  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:16:15.0390 0500  SLIP - ok
10:16:15.0421 0500  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:16:15.0500 0500  Sparrow - ok
10:16:15.0546 0500  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:16:15.0687 0500  splitter - ok
10:16:15.0734 0500  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:16:15.0796 0500  Spooler - ok
10:16:15.0828 0500  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:16:15.0968 0500  sr - ok
10:16:16.0000 0500  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:16:16.0140 0500  srservice - ok
10:16:16.0171 0500  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:16:16.0250 0500  Srv - ok
10:16:16.0296 0500  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:16:16.0453 0500  SSDPSRV - ok
10:16:16.0484 0500  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:16:16.0625 0500  stisvc - ok
10:16:16.0656 0500  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:16:16.0671 0500  stllssvr ( UnsignedFile.Multi.Generic ) - warning
10:16:16.0671 0500  stllssvr - detected UnsignedFile.Multi.Generic (1)
10:16:16.0703 0500  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:16:16.0875 0500  streamip - ok
10:16:16.0906 0500  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:16:17.0015 0500  swenum - ok
10:16:17.0031 0500  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:16:17.0140 0500  swmidi - ok
10:16:17.0140 0500  SwPrv - ok
10:16:17.0156 0500  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
10:16:17.0250 0500  symc810 - ok
10:16:17.0265 0500  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:16:17.0359 0500  symc8xx - ok
10:16:17.0390 0500  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:16:17.0484 0500  sym_hi - ok
10:16:17.0500 0500  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:16:17.0609 0500  sym_u3 - ok
10:16:17.0625 0500  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:16:17.0734 0500  sysaudio - ok
10:16:17.0781 0500  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:16:17.0890 0500  SysmonLog - ok
10:16:17.0921 0500  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:16:18.0046 0500  TapiSrv - ok
10:16:18.0078 0500  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:16:18.0125 0500  Tcpip - ok
10:16:18.0140 0500  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:16:18.0234 0500  TDPIPE - ok
10:16:18.0265 0500  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:16:18.0359 0500  TDTCP - ok
10:16:18.0375 0500  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:16:18.0484 0500  TermDD - ok
10:16:18.0515 0500  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
10:16:18.0640 0500  TermService - ok
10:16:18.0671 0500  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:16:18.0687 0500  Themes - ok
10:16:18.0687 0500  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
10:16:18.0796 0500  TosIde - ok
10:16:18.0828 0500  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:16:18.0953 0500  TrkWks - ok
10:16:18.0984 0500  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:16:19.0078 0500  Udfs - ok
10:16:19.0078 0500  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
10:16:19.0140 0500  ultra - ok
10:16:19.0218 0500  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:16:19.0500 0500  Update - ok
10:16:19.0531 0500  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:16:19.0640 0500  upnphost - ok
10:16:19.0656 0500  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
10:16:19.0828 0500  UPS - ok
10:16:19.0859 0500  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:16:19.0953 0500  usbaudio - ok
10:16:19.0984 0500  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:16:20.0078 0500  usbccgp - ok
10:16:20.0093 0500  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:16:20.0203 0500  usbehci - ok
10:16:20.0218 0500  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:16:20.0328 0500  usbhub - ok
10:16:20.0359 0500  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:16:20.0468 0500  usbprint - ok
10:16:20.0484 0500  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:16:20.0578 0500  USBSTOR - ok
10:16:20.0593 0500  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:16:20.0687 0500  usbuhci - ok
10:16:20.0703 0500  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:16:20.0796 0500  VgaSave - ok
10:16:20.0828 0500  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:16:20.0921 0500  viaagp - ok
10:16:20.0953 0500  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:16:21.0046 0500  ViaIde - ok
10:16:21.0062 0500  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:16:21.0171 0500  VolSnap - ok
10:16:21.0250 0500  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
10:16:21.0375 0500  VSS - ok
10:16:21.0421 0500  [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
10:16:21.0453 0500  vToolbarUpdater15.2.0 - ok
10:16:21.0593 0500  [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000          C:\WINDOWS\system32\DRIVERS\VX3000.sys
10:16:21.0687 0500  VX3000 - ok
10:16:21.0703 0500  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
10:16:21.0828 0500  w32time - ok
10:16:21.0875 0500  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:16:21.0968 0500  Wanarp - ok
10:16:21.0984 0500  WDICA - ok
10:16:22.0015 0500  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:16:22.0171 0500  wdmaud - ok
10:16:22.0203 0500  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:16:22.0343 0500  WebClient - ok
10:16:22.0421 0500  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:16:22.0562 0500  winmgmt - ok
10:16:22.0625 0500  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
10:16:22.0703 0500  WLSetupSvc - ok
10:16:22.0750 0500  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:16:22.0859 0500  WmdmPmSN - ok
10:16:22.0890 0500  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:16:23.0000 0500  WmiApSrv - ok
10:16:23.0093 0500  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:16:23.0265 0500  WMPNetworkSvc - ok
10:16:23.0296 0500  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:16:23.0406 0500  WS2IFSL - ok
10:16:23.0453 0500  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:16:23.0578 0500  wscsvc - ok
10:16:23.0609 0500  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:16:23.0703 0500  WSTCODEC - ok
10:16:23.0718 0500  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:16:23.0828 0500  wuauserv - ok
10:16:23.0859 0500  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:16:23.0937 0500  WudfPf - ok
10:16:23.0953 0500  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:16:23.0968 0500  WudfRd - ok
10:16:24.0000 0500  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:16:24.0671 0500  WudfSvc - ok
10:16:24.0718 0500  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:16:24.0906 0500  WZCSVC - ok
10:16:24.0953 0500  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:16:25.0062 0500  xmlprov - ok
10:16:25.0078 0500  ================ Scan global ===============================
10:16:25.0109 0500  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:16:25.0140 0500  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:16:25.0156 0500  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:16:25.0171 0500  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:16:25.0171 0500  [Global] - ok
10:16:25.0171 0500  ================ Scan MBR ==================================
10:16:25.0187 0500  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:16:25.0453 0500  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:16:25.0453 0500  \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:16:25.0453 0500  ================ Scan VBR ==================================
10:16:25.0468 0500  [ 9C01BBC6D83CFF3674538187DF6CAD23 ] \Device\Harddisk0\DR0\Partition1
10:16:25.0468 0500  \Device\Harddisk0\DR0\Partition1 - ok
10:16:25.0468 0500  ================ Scan active images ========================
10:16:25.0468 0500  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
10:16:25.0468 0500  C:\WINDOWS\system32\drivers\intelppm.sys - ok
10:16:25.0468 0500  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
10:16:25.0468 0500  C:\WINDOWS\system32\drivers\videoprt.sys - ok
10:16:25.0468 0500  [ 28423512370705AEDA6A652FEDB25468 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
10:16:25.0468 0500  C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
10:16:25.0468 0500  [ 34AAA3B298A852B3663E6E0D94D12945 ] C:\WINDOWS\system32\drivers\e1e5132.sys
10:16:25.0468 0500  C:\WINDOWS\system32\drivers\e1e5132.sys - ok
10:16:25.0468 0500  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
10:16:25.0468 0500  C:\WINDOWS\system32\drivers\usbport.sys - ok
10:16:25.0484 0500  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
10:16:25.0484 0500  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
10:16:25.0484 0500  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
10:16:25.0484 0500  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
10:16:25.0484 0500  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
10:16:25.0484 0500  C:\WINDOWS\system32\drivers\usbehci.sys - ok
10:16:25.0484 0500  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
10:16:25.0484 0500  C:\WINDOWS\system32\drivers\fdc.sys - ok
10:16:25.0484 0500  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
10:16:25.0484 0500  C:\WINDOWS\system32\drivers\imapi.sys - ok
10:16:25.0500 0500  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
10:16:25.0500 0500  C:\WINDOWS\system32\drivers\cdrom.sys - ok
10:16:25.0500 0500  [ 76167B5EB2DFFC729EDC36386876B40B ] C:\WINDOWS\system32\drivers\DLACDBHM.SYS
10:16:25.0500 0500  C:\WINDOWS\system32\drivers\DLACDBHM.SYS - ok
10:16:25.0500 0500  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
10:16:25.0500 0500  C:\WINDOWS\system32\drivers\ks.sys - ok
10:16:25.0500 0500  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
10:16:25.0500 0500  C:\WINDOWS\system32\drivers\redbook.sys - ok
10:16:25.0500 0500  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
10:16:25.0500 0500  C:\WINDOWS\system32\drivers\audstub.sys - ok
10:16:25.0515 0500  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
10:16:25.0515 0500  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
10:16:25.0515 0500  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
10:16:25.0515 0500  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
10:16:25.0515 0500  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
10:16:25.0515 0500  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
10:16:25.0515 0500  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
10:16:25.0515 0500  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
10:16:25.0515 0500  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
10:16:25.0515 0500  C:\WINDOWS\system32\drivers\tdi.sys - ok
10:16:25.0531 0500  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
10:16:25.0531 0500  C:\WINDOWS\system32\drivers\raspptp.sys - ok
10:16:25.0531 0500  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
10:16:25.0531 0500  C:\WINDOWS\system32\drivers\psched.sys - ok
10:16:25.0531 0500  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
10:16:25.0531 0500  C:\WINDOWS\system32\drivers\msgpc.sys - ok
10:16:25.0531 0500  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
10:16:25.0531 0500  C:\WINDOWS\system32\drivers\ptilink.sys - ok
10:16:25.0531 0500  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
10:16:25.0531 0500  C:\WINDOWS\system32\drivers\raspti.sys - ok
10:16:25.0546 0500  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
10:16:25.0546 0500  C:\WINDOWS\system32\drivers\termdd.sys - ok
10:16:25.0546 0500  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
10:16:25.0546 0500  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
10:16:25.0546 0500  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
10:16:25.0546 0500  C:\WINDOWS\system32\drivers\mouclass.sys - ok
10:16:25.0546 0500  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
10:16:25.0546 0500  C:\WINDOWS\system32\drivers\swenum.sys - ok
10:16:25.0546 0500  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
10:16:25.0546 0500  C:\WINDOWS\system32\drivers\update.sys - ok
10:16:25.0546 0500  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
10:16:25.0546 0500  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
10:16:25.0562 0500  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
10:16:25.0562 0500  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
10:16:25.0562 0500  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
10:16:25.0562 0500  C:\WINDOWS\system32\drivers\usbd.sys - ok
10:16:25.0562 0500  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
10:16:25.0562 0500  C:\WINDOWS\system32\drivers\usbhub.sys - ok
10:16:25.0562 0500  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
10:16:25.0562 0500  C:\WINDOWS\system32\drivers\drmk.sys - ok
10:16:25.0562 0500  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
10:16:25.0562 0500  C:\WINDOWS\system32\drivers\portcls.sys - ok
10:16:25.0578 0500  [ 17BBBABB21F86B650B2626045A9D016C ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:16:25.0578 0500  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
10:16:25.0578 0500  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
10:16:25.0578 0500  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
10:16:25.0578 0500  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
10:16:25.0578 0500  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
10:16:25.0578 0500  [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
10:16:25.0578 0500  C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
10:16:25.0578 0500  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
10:16:25.0578 0500  C:\WINDOWS\system32\drivers\beep.sys - ok
10:16:25.0593 0500  [ 91886FED52A3F9966207BCE46CFD794F ] C:\WINDOWS\system32\drivers\DLARTL_M.SYS
10:16:25.0593 0500  C:\WINDOWS\system32\drivers\DLARTL_M.SYS - ok
10:16:25.0593 0500  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
10:16:25.0593 0500  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
10:16:25.0593 0500  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
10:16:25.0593 0500  C:\WINDOWS\system32\drivers\null.sys - ok
10:16:25.0593 0500  [ 02A43ADBA362B89B7D5715221D5F3010 ] C:\WINDOWS\system32\drivers\avgtpx86.sys
10:16:25.0593 0500  C:\WINDOWS\system32\drivers\avgtpx86.sys - ok
10:16:25.0593 0500  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
10:16:25.0593 0500  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
10:16:25.0609 0500  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
10:16:25.0609 0500  C:\WINDOWS\system32\drivers\hidparse.sys - ok
10:16:25.0609 0500  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
10:16:25.0609 0500  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
10:16:25.0609 0500  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:25.0609 0500  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
10:16:25.0609 0500  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
10:16:25.0609 0500  C:\WINDOWS\system32\drivers\vga.sys - ok
10:16:25.0625 0500  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
10:16:25.0625 0500  C:\WINDOWS\system32\drivers\ipsec.sys - ok
10:16:25.0625 0500  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
10:16:25.0625 0500  C:\WINDOWS\system32\drivers\msfs.sys - ok
10:16:25.0625 0500  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
10:16:25.0625 0500  C:\WINDOWS\system32\drivers\npfs.sys - ok
10:16:25.0625 0500  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
10:16:25.0625 0500  C:\WINDOWS\system32\drivers\rasacd.sys - ok
10:16:25.0625 0500  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
10:16:25.0625 0500  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
10:16:25.0625 0500  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
10:16:25.0625 0500  C:\WINDOWS\system32\drivers\tcpip.sys - ok
10:16:25.0640 0500  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
10:16:25.0640 0500  C:\WINDOWS\system32\drivers\ipnat.sys - ok
10:16:25.0640 0500  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
10:16:25.0640 0500  C:\WINDOWS\system32\drivers\netbt.sys - ok
10:16:25.0640 0500  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
10:16:25.0640 0500  C:\WINDOWS\system32\drivers\wanarp.sys - ok
10:16:25.0640 0500  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
10:16:25.0640 0500  C:\WINDOWS\system32\drivers\afd.sys - ok
10:16:25.0656 0500  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
10:16:25.0656 0500  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
10:16:25.0656 0500  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
10:16:25.0656 0500  C:\WINDOWS\system32\drivers\netbios.sys - ok
10:16:25.0656 0500  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
10:16:25.0656 0500  C:\WINDOWS\system32\drivers\serial.sys - ok
10:16:25.0656 0500  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
10:16:25.0656 0500  C:\WINDOWS\system32\drivers\rdbss.sys - ok
10:16:25.0656 0500  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
10:16:25.0656 0500  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
10:16:25.0671 0500  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
10:16:25.0671 0500  C:\WINDOWS\system32\drivers\fips.sys - ok
10:16:25.0671 0500  [ 08FA13787D77A75DC413E27FD92B44E8 ] C:\WINDOWS\system32\drivers\avgldx86.sys
10:16:25.0671 0500  C:\WINDOWS\system32\drivers\avgldx86.sys - ok
10:16:25.0671 0500  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
10:16:25.0671 0500  C:\WINDOWS\system32\drivers\hidclass.sys - ok
10:16:25.0671 0500  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
10:16:25.0671 0500  C:\WINDOWS\system32\drivers\hidusb.sys - ok
10:16:25.0687 0500  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
10:16:25.0687 0500  C:\WINDOWS\system32\drivers\mouhid.sys - ok
10:16:25.0687 0500  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
10:16:25.0687 0500  C:\WINDOWS\system32\smss.exe - ok
10:16:25.0687 0500  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
10:16:25.0687 0500  C:\WINDOWS\system32\ntdll.dll - ok
10:16:25.0687 0500  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
10:16:25.0687 0500  C:\WINDOWS\system32\autochk.exe - ok
10:16:25.0687 0500  [ B9CB6D4E5A30968330F6E32ACB945641 ] C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
10:16:25.0703 0500  C:\PROGRA~1\AVG\AVG2013\avgrsx.exe - ok
10:16:25.0703 0500  [ 3B3D5E94A5F24417BE2C179DDD883702 ] C:\Program Files\AVG\AVG2013\avgsysx.dll
10:16:25.0703 0500  C:\Program Files\AVG\AVG2013\avgsysx.dll - ok
10:16:25.0703 0500  [ AE4D9DC676A2517DEE3E51978BCFE47C ] C:\Program Files\AVG\AVG2013\avgntopensslx.dll
10:16:25.0703 0500  C:\Program Files\AVG\AVG2013\avgntopensslx.dll - ok
10:16:25.0703 0500  [ 21139ED432EFB4A8CDF715862DBDF9E0 ] C:\Program Files\AVG\AVG2013\avglogx.dll
10:16:25.0703 0500  C:\Program Files\AVG\AVG2013\avglogx.dll - ok
10:16:25.0703 0500  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
10:16:25.0703 0500  C:\WINDOWS\system32\drivers\cdfs.sys - ok
10:16:25.0718 0500  [ 730E90935150048A4E5F392FCDD49DA3 ] C:\Program Files\AVG\AVG2013\avgapps.dll
10:16:25.0718 0500  C:\Program Files\AVG\AVG2013\avgapps.dll - ok
10:16:25.0718 0500  [ 75951D8A85067F8ECCD0076F21E9E4E8 ] C:\WINDOWS\system32\findstr.exe
10:16:25.0718 0500  C:\WINDOWS\system32\findstr.exe - ok
10:16:25.0718 0500  [ 5ED071407F58C1BE06AE8D251D6CCC6C ] C:\WINDOWS\system32\mfcsubs.dll
10:16:25.0718 0500  C:\WINDOWS\system32\mfcsubs.dll - ok
10:16:25.0718 0500  [ 45814FE9FBD6F569A0468D229455B3A2 ] C:\WINDOWS\system32\iernonce.dll
10:16:25.0718 0500  C:\WINDOWS\system32\iernonce.dll - ok
10:16:25.0734 0500  [ 1DE6ABBFCCB3F8E3FA19898A182998D2 ] C:\WINDOWS\system32\sort.exe
10:16:25.0734 0500  C:\WINDOWS\system32\sort.exe - ok
10:16:25.0734 0500  [ 8D7360835BBF21D8FD2AEEF7E046871C ] C:\Program Files\Adobe\Reader 11.0\Reader\ACE.dll
10:16:25.0734 0500  C:\Program Files\Adobe\Reader 11.0\Reader\ACE.dll - ok
10:16:25.0734 0500  [ 5048541AA4A4A2E69BB6C775ED2C6110 ] C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.dll
10:16:25.0734 0500  C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.dll - ok
10:16:25.0734 0500  [ DC5ECEA062C0633346B6D199FA2B578D ] C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
10:16:25.0734 0500  C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
10:16:25.0734 0500  [ AA3FD4237EE3C7C57D5DBC0EA38E2962 ] C:\Program Files\Adobe\Reader 11.0\Reader\AGM.dll
10:16:25.0734 0500  C:\Program Files\Adobe\Reader 11.0\Reader\AGM.dll - ok
10:16:25.0750 0500  [ 28CDB50D882D3BAD993D25BE596307EA ] C:\WINDOWS\system32\catsrv.dll
10:16:25.0750 0500  C:\WINDOWS\system32\catsrv.dll - ok
10:16:25.0750 0500  [ 414F57444511B818DB23FA5CF89F3205 ] C:\Program Files\AVG\AVG2013\avgclitx.dll
10:16:25.0750 0500  C:\Program Files\AVG\AVG2013\avgclitx.dll - ok
10:16:25.0750 0500  [ 9EED448E2C6306BFD8B2B19063FC21A1 ] C:\Program Files\AVG\AVG2013\avgidpmx.dll
10:16:25.0750 0500  C:\Program Files\AVG\AVG2013\avgidpmx.dll - ok
10:16:25.0750 0500  [ 2FEF21EEE9934BB10165AA02E530183C ] C:\Program Files\AVG\AVG2013\avglngx.dll
10:16:25.0750 0500  C:\Program Files\AVG\AVG2013\avglngx.dll - ok
10:16:25.0765 0500  [ 846300110A32ACDEE7CB60E54C7F693A ] C:\WINDOWS\system32\catsrvut.dll
10:16:25.0765 0500  C:\WINDOWS\system32\catsrvut.dll - ok
10:16:25.0765 0500  [ 3FE8C3EAE26F5B7774034731863DE81E ] C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe
10:16:25.0765 0500  C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe - ok
10:16:25.0765 0500  [ 5BECF8CF74F0E03854A21C7F5C203ACA ] C:\Program Files\Mozilla Firefox\smime3.dll
10:16:25.0765 0500  C:\Program Files\Mozilla Firefox\smime3.dll - ok
10:16:25.0765 0500  [ 40E12972BB73C2927E19553E30EAEE3C ] C:\Program Files\AVG\AVG2013\avgcommx.dll
10:16:25.0765 0500  C:\Program Files\AVG\AVG2013\avgcommx.dll - ok
10:16:25.0765 0500  [ 3A84DF3EC54601726A7B1FAADDDBF3E3 ] C:\WINDOWS\system32\url.dll
10:16:25.0765 0500  C:\WINDOWS\system32\url.dll - ok
10:16:25.0781 0500  [ 4B817450226F93C31ADD5BCC27FED27A ] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
10:16:25.0781 0500  C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe - ok
10:16:25.0781 0500  [ DCA5BC4913C1DE2668625D7680DF6F18 ] C:\WINDOWS\system32\iertutil.dll
10:16:25.0781 0500  C:\WINDOWS\system32\iertutil.dll - ok
10:16:25.0781 0500  [ F3DE10AABD5C7A1A186C9966F037D0C0 ] C:\WINDOWS\system32\mfc100u.dll
10:16:25.0781 0500  C:\WINDOWS\system32\mfc100u.dll - ok
10:16:25.0781 0500  [ BC83108B18756547013ED443B8CDB31B ] C:\WINDOWS\system32\msvcp100.dll
10:16:25.0781 0500  C:\WINDOWS\system32\msvcp100.dll - ok
10:16:25.0796 0500  [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\WINDOWS\system32\msvcr100.dll
10:16:25.0796 0500  C:\WINDOWS\system32\msvcr100.dll - ok
10:16:25.0796 0500  [ 2223775FDCB2EF7D4EC159AF3C764941 ] C:\WINDOWS\system32\ieframe.dll
10:16:25.0796 0500  C:\WINDOWS\system32\ieframe.dll - ok
10:16:25.0796 0500  [ 674540915241F737300B604EE811A139 ] C:\WINDOWS\system32\urlmon.dll
10:16:25.0796 0500  C:\WINDOWS\system32\urlmon.dll - ok
10:16:25.0796 0500  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:16:25.0796 0500  C:\WINDOWS\system32\winsrv.dll - ok
10:16:25.0796 0500  [ 9BB7B70D35A073C419005E1B74CD184D ] C:\Program Files\AVG\AVG2013\avgkrnlapix.dll
10:16:25.0796 0500  C:\Program Files\AVG\AVG2013\avgkrnlapix.dll - ok
10:16:25.0812 0500  [ B7A99C2F89380EC7A2C07D5190DEB228 ] C:\Program Files\AVG Secure Search\vprot.exe
10:16:25.0812 0500  C:\Program Files\AVG Secure Search\vprot.exe - ok
10:16:25.0812 0500  [ ECE9B82C7696AD211F9BD64E41DF598B ] C:\Program Files\AVG\AVG2013\avguires.dll
10:16:25.0812 0500  C:\Program Files\AVG\AVG2013\avguires.dll - ok
10:16:25.0812 0500  [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
10:16:25.0812 0500  C:\WINDOWS\system32\advpack.dll - ok
10:16:25.0812 0500  [ D6C1438020F899A252C4E477DA990D85 ] C:\Program Files\Mozilla Firefox\xul.dll
10:16:25.0812 0500  C:\Program Files\Mozilla Firefox\xul.dll - ok
10:16:25.0812 0500  [ 8C39722F8C291F1BBCCE80EE23065897 ] C:\WINDOWS\system32\ntoskrnl.exe
10:16:25.0812 0500  C:\WINDOWS\system32\ntoskrnl.exe - ok
10:16:25.0828 0500  [ 6C86CF1DD35984127BB6174DBEC0E1FF ] C:\Program Files\Mozilla Firefox\breakpadinjector.dll
10:16:25.0828 0500  C:\Program Files\Mozilla Firefox\breakpadinjector.dll - ok
10:16:25.0828 0500  [ 3DE6649B4998FB435A6781D2C58EAD58 ] C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll
10:16:25.0828 0500  C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll - ok
10:16:25.0828 0500  [ 1C9B45E87528B8BB8CFA884EA0099A85 ] C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
10:16:25.0828 0500  C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll - ok
10:16:25.0828 0500  [ 49314D17901B70A70322ECE4F8D29766 ] C:\Program Files\Mozilla Firefox\softokn3.dll
10:16:25.0828 0500  C:\Program Files\Mozilla Firefox\softokn3.dll - ok
10:16:25.0828 0500  [ EB946F77055B8DB7A1A42CC9AE8C11F5 ] C:\Program Files\Mozilla Firefox\ssl3.dll
10:16:25.0828 0500  C:\Program Files\Mozilla Firefox\ssl3.dll - ok
10:16:25.0843 0500  [ 6DD9251C4D427DE5EB828E0BFFB95C5A ] C:\WINDOWS\system32\mshtml.dll
10:16:25.0843 0500  C:\WINDOWS\system32\mshtml.dll - ok
10:16:25.0843 0500  [ E69A7AD873CAF58D3A39DD8B0DB94724 ] C:\Program Files\AVG\AVG2013\avgcslx.dll
10:16:25.0843 0500  C:\Program Files\AVG\AVG2013\avgcslx.dll - ok
10:16:25.0843 0500  [ E2083CA3A9DEEF9A9F8A478666918D52 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
10:16:25.0843 0500  C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
10:16:25.0843 0500  [ 1DC0B0A19F01735A74C254F23261F834 ] C:\Program Files\Mozilla Firefox\freebl3.dll
10:16:25.0843 0500  C:\Program Files\Mozilla Firefox\freebl3.dll - ok
10:16:25.0843 0500  [ 95110A1C5A1D228AC1DDF6AB67D00BEB ] C:\Program Files\Mozilla Firefox\firefox.exe
10:16:25.0843 0500  C:\Program Files\Mozilla Firefox\firefox.exe - ok
10:16:25.0859 0500  [ 14BB3FB0CC5C8C7222229BDD5153ED15 ] C:\Program Files\Mozilla Firefox\crashreporter.exe
10:16:25.0859 0500  C:\Program Files\Mozilla Firefox\crashreporter.exe - ok
10:16:25.0859 0500  [ 42A9B216A7A288512CE2F9A6BCCE96BC ] C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
10:16:25.0859 0500  C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll - ok
10:16:25.0859 0500  [ 96A0066AB9872D3575575A463C53FF6C ] C:\WINDOWS\system32\aclui.dll
10:16:25.0859 0500  C:\WINDOWS\system32\aclui.dll - ok
10:16:25.0859 0500  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
10:16:25.0859 0500  C:\WINDOWS\system32\alg.exe - ok
10:16:25.0859 0500  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
10:16:25.0859 0500  C:\WINDOWS\system32\wuauserv.dll - ok
10:16:25.0859 0500  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
10:16:25.0859 0500  C:\WINDOWS\system32\ipnathlp.dll - ok
10:16:25.0875 0500  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
10:16:25.0875 0500  C:\WINDOWS\system32\wscsvc.dll - ok
10:16:25.0875 0500  [ 6A3CA5BEBA4598338E14DEE535144773 ] C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0\ScriptHelper.exe
10:16:25.0875 0500  C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.2.0\ScriptHelper.exe - ok
10:16:25.0875 0500  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
10:16:25.0875 0500  C:\WINDOWS\system32\wbem\ncprov.dll - ok
10:16:25.0875 0500  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
10:16:25.0875 0500  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
10:16:25.0875 0500  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
10:16:25.0875 0500  C:\WINDOWS\system32\csrss.exe - ok
10:16:25.0890 0500  [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
10:16:25.0890 0500  C:\WINDOWS\system32\d3d8thk.dll - ok
10:16:25.0890 0500  [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
10:16:25.0890 0500  C:\WINDOWS\system32\icmp.dll - ok
10:16:25.0890 0500  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
10:16:25.0890 0500  C:\WINDOWS\system32\kbdus.dll - ok
10:16:25.0890 0500  [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
10:16:25.0890 0500  C:\WINDOWS\system32\ksuser.dll - ok
10:16:25.0890 0500  [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
10:16:25.0890 0500  C:\WINDOWS\system32\lz32.dll - ok
10:16:25.0906 0500  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
10:16:25.0906 0500  C:\WINDOWS\system32\msidle.dll - ok
10:16:25.0906 0500  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
10:16:25.0906 0500  C:\WINDOWS\system32\msimg32.dll - ok
10:16:25.0906 0500  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
10:16:25.0906 0500  C:\WINDOWS\system32\rasadhlp.dll - ok
10:16:25.0906 0500  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
10:16:25.0906 0500  C:\WINDOWS\system32\sfc.dll - ok
10:16:25.0906 0500  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
10:16:25.0906 0500  C:\WINDOWS\system32\vga.dll - ok
10:16:25.0921 0500  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
10:16:25.0921 0500  C:\WINDOWS\system32\wmi.dll - ok
10:16:25.0921 0500  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
10:16:25.0921 0500  C:\WINDOWS\system32\dciman32.dll - ok
10:16:25.0921 0500  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
10:16:25.0921 0500  C:\WINDOWS\system32\dot3dlg.dll - ok
10:16:25.0921 0500  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
10:16:25.0921 0500  C:\WINDOWS\system32\icaapi.dll - ok
10:16:25.0921 0500  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
10:16:25.0921 0500  C:\WINDOWS\system32\lsass.exe - ok
10:16:25.0921 0500  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
10:16:25.0921 0500  C:\WINDOWS\system32\netrap.dll - ok
10:16:25.0937 0500  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
10:16:25.0937 0500  C:\WINDOWS\system32\ntlsapi.dll - ok
10:16:25.0937 0500  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
10:16:25.0937 0500  C:\WINDOWS\system32\sensapi.dll - ok
10:16:25.0937 0500  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
10:16:25.0937 0500  C:\WINDOWS\system32\svchost.exe - ok
10:16:25.0937 0500  [ C551D15D5D0F875D7BF0BC4FBB6EB2D9 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
10:16:25.0937 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe - ok
10:16:25.0937 0500  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
10:16:25.0937 0500  C:\WINDOWS\system32\lmhsvc.dll - ok
10:16:25.0953 0500  [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
10:16:25.0953 0500  C:\WINDOWS\system32\mgmtapi.dll - ok
10:16:25.0953 0500  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
10:16:25.0953 0500  C:\WINDOWS\system32\nddeapi.dll - ok
10:16:25.0953 0500  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
10:16:25.0953 0500  C:\WINDOWS\system32\normaliz.dll - ok
10:16:25.0953 0500  [ D8361BEAB7109AB8B069F7F5028E37B1 ] C:\WINDOWS\system32\olesvr32.dll
10:16:25.0953 0500  C:\WINDOWS\system32\olesvr32.dll - ok
10:16:25.0953 0500  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
10:16:25.0953 0500  C:\WINDOWS\system32\pjlmon.dll - ok
10:16:25.0968 0500  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
10:16:25.0968 0500  C:\WINDOWS\system32\uniplat.dll - ok
10:16:25.0968 0500  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
10:16:25.0968 0500  C:\WINDOWS\system32\version.dll - ok
10:16:25.0968 0500  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
10:16:25.0968 0500  C:\WINDOWS\system32\winrnr.dll - ok
10:16:25.0968 0500  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
10:16:25.0968 0500  C:\WINDOWS\system32\ws2help.dll - ok
10:16:25.0968 0500  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
10:16:25.0968 0500  C:\WINDOWS\system32\wshtcpip.dll - ok
10:16:25.0968 0500  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
10:16:25.0968 0500  C:\WINDOWS\system32\wtsapi32.dll - ok
10:16:25.0984 0500  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
10:16:25.0984 0500  C:\WINDOWS\system32\dimsntfy.dll - ok
10:16:25.0984 0500  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
10:16:25.0984 0500  C:\WINDOWS\system32\dot3api.dll - ok
10:16:25.0984 0500  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
10:16:25.0984 0500  C:\WINDOWS\system32\linkinfo.dll - ok
10:16:25.0984 0500  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
10:16:25.0984 0500  C:\WINDOWS\system32\midimap.dll - ok
10:16:25.0984 0500  [ 99F59B3392AD68F08BB528791F5D880D ] C:\WINDOWS\system32\oleaccrc.dll
10:16:25.0984 0500  C:\WINDOWS\system32\oleaccrc.dll - ok
10:16:26.0000 0500  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
10:16:26.0000 0500  C:\WINDOWS\system32\powrprof.dll - ok
10:16:26.0000 0500  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
10:16:26.0000 0500  C:\WINDOWS\system32\profmap.dll - ok
10:16:26.0000 0500  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
10:16:26.0000 0500  C:\WINDOWS\system32\psapi.dll - ok
10:16:26.0000 0500  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
10:16:26.0000 0500  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
10:16:26.0000 0500  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
10:16:26.0000 0500  C:\WINDOWS\AppPatch\acadproc.dll - ok
10:16:26.0015 0500  [ 4CCC82B2EE8ED6D744CC635325B18EDA ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
10:16:26.0015 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe - ok
10:16:26.0015 0500  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:16:26.0015 0500  C:\WINDOWS\system32\basesrv.dll - ok
10:16:26.0015 0500  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
10:16:26.0015 0500  C:\WINDOWS\system32\cryptdll.dll - ok
10:16:26.0015 0500  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
10:16:26.0015 0500  C:\WINDOWS\system32\csrsrv.dll - ok
10:16:26.0015 0500  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
10:16:26.0015 0500  C:\WINDOWS\system32\drprov.dll - ok
10:16:26.0031 0500  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
10:16:26.0031 0500  C:\WINDOWS\system32\eapolqec.dll - ok
10:16:26.0031 0500  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
10:16:26.0031 0500  C:\WINDOWS\system32\ersvc.dll - ok
10:16:26.0031 0500  [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
10:16:26.0031 0500  C:\WINDOWS\system32\fxsmon.dll - ok
10:16:26.0031 0500  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
10:16:26.0031 0500  C:\WINDOWS\system32\hid.dll - ok
10:16:26.0031 0500  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
10:16:26.0031 0500  C:\WINDOWS\system32\hidserv.dll - ok
10:16:26.0046 0500  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
10:16:26.0046 0500  C:\WINDOWS\system32\ncobjapi.dll - ok
10:16:26.0046 0500  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
10:16:26.0046 0500  C:\WINDOWS\system32\odbcbcp.dll - ok
10:16:26.0046 0500  [ 86440EDFF27095E03741AEDC5752AA51 ] C:\WINDOWS\system32\olecnv32.dll
10:16:26.0046 0500  C:\WINDOWS\system32\olecnv32.dll - ok
10:16:26.0046 0500  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
10:16:26.0046 0500  C:\WINDOWS\system32\shfolder.dll - ok
10:16:26.0046 0500  [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
10:16:26.0046 0500  C:\WINDOWS\system32\snmpapi.dll - ok
10:16:26.0062 0500  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
10:16:26.0062 0500  C:\WINDOWS\system32\usbmon.dll - ok
10:16:26.0062 0500  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
10:16:26.0062 0500  C:\WINDOWS\system32\userinit.exe - ok
10:16:26.0062 0500  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
10:16:26.0062 0500  C:\WINDOWS\system32\wsock32.dll - ok
10:16:26.0062 0500  [ D3EFE03300CAF0FA2215206280D31220 ] C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrstub.dll
10:16:26.0062 0500  C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrstub.dll - ok
10:16:26.0062 0500  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
10:16:26.0062 0500  C:\WINDOWS\system32\batmeter.dll - ok
10:16:26.0062 0500  [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
10:16:26.0062 0500  C:\WINDOWS\system32\inetmib1.dll - ok
10:16:26.0078 0500  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
10:16:26.0078 0500  C:\WINDOWS\system32\msprivs.dll - ok
10:16:26.0078 0500  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
10:16:26.0078 0500  C:\WINDOWS\system32\perfdisk.dll - ok
10:16:26.0078 0500  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
10:16:26.0078 0500  C:\WINDOWS\system32\perfos.dll - ok
10:16:26.0078 0500  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
10:16:26.0078 0500  C:\WINDOWS\system32\regapi.dll - ok
10:16:26.0078 0500  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
10:16:26.0078 0500  C:\WINDOWS\system32\secur32.dll - ok
10:16:26.0093 0500  [ 32DFEEF66057184481ECC3C6116CE895 ] C:\Program Files\AVG\AVG2013\avgcertx.dll
10:16:26.0093 0500  C:\Program Files\AVG\AVG2013\avgcertx.dll - ok
10:16:26.0093 0500  [ BE32F42CA4FA7ED43665514ADF268575 ] C:\WINDOWS\system32\igxprd32.dll
10:16:26.0093 0500  C:\WINDOWS\system32\igxprd32.dll - ok
10:16:26.0093 0500  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
10:16:26.0093 0500  C:\WINDOWS\system32\rtutils.dll - ok
10:16:26.0093 0500  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
10:16:26.0093 0500  C:\WINDOWS\system32\seclogon.dll - ok
10:16:26.0093 0500  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
10:16:26.0093 0500  C:\WINDOWS\system32\dbghelp.dll - ok
10:16:26.0109 0500  [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
10:16:26.0109 0500  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
10:16:26.0109 0500  [ 999DB5F88C8E145CCA9D471E33227143 ] C:\Program Files\Java\jre7\bin\jqs.exe
10:16:26.0109 0500  C:\Program Files\Java\jre7\bin\jqs.exe - ok
10:16:26.0109 0500  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
10:16:26.0109 0500  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
10:16:26.0109 0500  [ 9CA6307A1463A77DE52A687EE4B46FA2 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\APSPluginDialogs.dll
10:16:26.0109 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\APSPluginDialogs.dll - ok
10:16:26.0109 0500  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
10:16:26.0109 0500  C:\WINDOWS\system32\audiosrv.dll - ok
10:16:26.0125 0500  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
10:16:26.0125 0500  C:\WINDOWS\system32\cfgmgr32.dll - ok
10:16:26.0125 0500  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
10:16:26.0125 0500  C:\WINDOWS\system32\eappprxy.dll - ok
10:16:26.0125 0500  [ FA1B9CAE64B23C950DA3D96ABBF23BD0 ] C:\WINDOWS\system32\olecli32.dll
10:16:26.0125 0500  C:\WINDOWS\system32\olecli32.dll - ok
10:16:26.0125 0500  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
10:16:26.0125 0500  C:\WINDOWS\system32\imagehlp.dll - ok
10:16:26.0125 0500  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
10:16:26.0125 0500  C:\WINDOWS\system32\mpr.dll - ok
10:16:26.0125 0500  [ 572334E13E0D4C8A2986CCA2A736DCE5 ] C:\WINDOWS\system32\msxml3r.dll
10:16:26.0125 0500  C:\WINDOWS\system32\msxml3r.dll - ok
10:16:26.0140 0500  [ AE9543F20FCC1E7BCAA13051CC076147 ] C:\WINDOWS\system32\olethk32.dll
10:16:26.0140 0500  C:\WINDOWS\system32\olethk32.dll - ok
10:16:26.0140 0500  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
10:16:26.0140 0500  C:\WINDOWS\system32\srvsvc.dll - ok
10:16:26.0140 0500  [ 8EEEF4C038A3FF7E56D47D9C0B912EAC ] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
10:16:26.0140 0500  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - ok
10:16:26.0140 0500  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
10:16:26.0140 0500  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
10:16:26.0140 0500  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
10:16:26.0140 0500  C:\WINDOWS\system32\apphelp.dll - ok
10:16:26.0156 0500  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
10:16:26.0156 0500  C:\WINDOWS\system32\authz.dll - ok
10:16:26.0156 0500  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
10:16:26.0156 0500  C:\WINDOWS\system32\dnsrslvr.dll - ok
10:16:26.0156 0500  [ 49DAD1C2DFDE9D3B13138DC12D4D9AC4 ] C:\WINDOWS\system32\igxpgd32.dll
10:16:26.0156 0500  C:\WINDOWS\system32\igxpgd32.dll - ok
10:16:26.0156 0500  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
10:16:26.0156 0500  C:\WINDOWS\system32\msasn1.dll - ok
10:16:26.0156 0500  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
10:16:26.0156 0500  C:\WINDOWS\system32\shimeng.dll - ok
10:16:26.0171 0500  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
10:16:26.0171 0500  C:\WINDOWS\system32\winsta.dll - ok
10:16:26.0171 0500  [ 392DE3E940155DBAB2DAB36801B48F48 ] C:\WINDOWS\system32\igfxsrvc.dll
10:16:26.0171 0500  C:\WINDOWS\system32\igfxsrvc.dll - ok
10:16:26.0171 0500  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
10:16:26.0171 0500  C:\WINDOWS\system32\wldap32.dll - ok
10:16:26.0171 0500  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
10:16:26.0171 0500  C:\WINDOWS\system32\ntdsapi.dll - ok
10:16:26.0171 0500  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
10:16:26.0171 0500  C:\WINDOWS\system32\samlib.dll - ok
10:16:26.0187 0500  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
10:16:26.0187 0500  C:\WINDOWS\system32\wintrust.dll - ok
10:16:26.0187 0500  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
10:16:26.0187 0500  C:\WINDOWS\system32\msvcrt40.dll - ok
10:16:26.0187 0500  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
10:16:26.0187 0500  C:\WINDOWS\system32\winipsec.dll - ok
10:16:26.0187 0500  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
10:16:26.0187 0500  C:\WINDOWS\system32\ws2_32.dll - ok
10:16:26.0187 0500  [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
10:16:26.0187 0500  C:\WINDOWS\system32\wsnmp32.dll - ok
10:16:26.0203 0500  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
10:16:26.0203 0500  C:\WINDOWS\system32\digest.dll - ok
10:16:26.0203 0500  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
10:16:26.0203 0500  C:\WINDOWS\system32\imm32.dll - ok
10:16:26.0203 0500  [ BA92C496F08D78F7DB263A20C36AA546 ] C:\Program Files\AVG\AVG2013\avgui.exe
10:16:26.0203 0500  C:\Program Files\AVG\AVG2013\avgui.exe - ok
10:16:26.0203 0500  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
10:16:26.0203 0500  C:\WINDOWS\system32\comdlg32.dll - ok
10:16:26.0203 0500  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
10:16:26.0203 0500  C:\WINDOWS\system32\odbcint.dll - ok
10:16:26.0218 0500  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
10:16:26.0218 0500  C:\WINDOWS\system32\wdigest.dll - ok
10:16:26.0218 0500  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
10:16:26.0218 0500  C:\WINDOWS\system32\atl.dll - ok
10:16:26.0218 0500  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
10:16:26.0218 0500  C:\WINDOWS\system32\eventlog.dll - ok
10:16:26.0218 0500  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:16:26.0218 0500  C:\WINDOWS\system32\services.exe - ok
10:16:26.0218 0500  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
10:16:26.0218 0500  C:\WINDOWS\system32\sfcfiles.dll - ok
10:16:26.0234 0500  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
10:16:26.0234 0500  C:\WINDOWS\system32\advapi32.dll - ok
10:16:26.0234 0500  [ 99EB84256BFA43C3A2A32341EDB8189E ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
10:16:26.0234 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe - ok
10:16:26.0234 0500  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
10:16:26.0234 0500  C:\WINDOWS\system32\gdi32.dll - ok
10:16:26.0234 0500  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
10:16:26.0234 0500  C:\WINDOWS\system32\kernel32.dll - ok
10:16:26.0234 0500  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
10:16:26.0234 0500  C:\WINDOWS\system32\ole32.dll - ok
10:16:26.0234 0500  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
10:16:26.0234 0500  C:\WINDOWS\system32\oleaut32.dll - ok
10:16:26.0250 0500  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
10:16:26.0250 0500  C:\WINDOWS\system32\cabinet.dll - ok
10:16:26.0250 0500  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
10:16:26.0250 0500  C:\WINDOWS\system32\rpcrt4.dll - ok
10:16:26.0250 0500  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
10:16:26.0250 0500  C:\WINDOWS\system32\shell32.dll - ok
10:16:26.0250 0500  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
10:16:26.0250 0500  C:\WINDOWS\system32\msacm32.dll - ok
10:16:26.0250 0500  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
10:16:26.0250 0500  C:\WINDOWS\system32\user32.dll - ok
10:16:26.0265 0500  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
10:16:26.0265 0500  C:\WINDOWS\system32\comctl32.dll - ok
10:16:26.0265 0500  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
10:16:26.0265 0500  C:\WINDOWS\system32\rasman.dll - ok
10:16:26.0265 0500  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
10:16:26.0265 0500  C:\WINDOWS\system32\spoolsv.exe - ok
10:16:26.0265 0500  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
10:16:26.0265 0500  C:\WINDOWS\system32\msvcrt.dll - ok
10:16:26.0265 0500  [ 681B807E53BDADA337735C28C0E48A1B ] C:\WINDOWS\system32\ntvdm.exe
10:16:26.0265 0500  C:\WINDOWS\system32\ntvdm.exe - ok
10:16:26.0281 0500  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
10:16:26.0281 0500  C:\WINDOWS\system32\shlwapi.dll - ok
10:16:26.0281 0500  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
10:16:26.0281 0500  C:\WINDOWS\system32\shsvcs.dll - ok
10:16:26.0281 0500  [ 045DF7AE14CAAED71338916D6FB66812 ] C:\WINDOWS\system32\wow32.dll
10:16:26.0281 0500  C:\WINDOWS\system32\wow32.dll - ok
10:16:26.0281 0500  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
10:16:26.0281 0500  C:\WINDOWS\system32\userenv.dll - ok
10:16:26.0281 0500  [ 4214464B38469F1AD82DC03593D4AF11 ] C:\WINDOWS\system32\igxpdv32.dll
10:16:26.0281 0500  C:\WINDOWS\system32\igxpdv32.dll - ok
10:16:26.0296 0500  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
10:16:26.0296 0500  C:\WINDOWS\system32\iphlpapi.dll - ok
10:16:26.0296 0500  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
10:16:26.0296 0500  C:\WINDOWS\system32\msapsspc.dll - ok
10:16:26.0296 0500  [ 66A2FCA8A8BA4C4E9731E0733698B488 ] C:\WINDOWS\system32\igxpdx32.dll
10:16:26.0296 0500  C:\WINDOWS\system32\igxpdx32.dll - ok
10:16:26.0296 0500  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
10:16:26.0296 0500  C:\WINDOWS\system32\winlogon.exe - ok
10:16:26.0296 0500  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
10:16:26.0296 0500  C:\WINDOWS\system32\crypt32.dll - ok
10:16:26.0296 0500  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
10:16:26.0296 0500  C:\WINDOWS\system32\netapi32.dll - ok
10:16:26.0312 0500  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
10:16:26.0312 0500  C:\WINDOWS\system32\qutil.dll - ok
10:16:26.0312 0500  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
10:16:26.0312 0500  C:\WINDOWS\system32\setupapi.dll - ok
10:16:26.0312 0500  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
10:16:26.0312 0500  C:\WINDOWS\system32\shgina.dll - ok
10:16:26.0312 0500  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
10:16:26.0312 0500  C:\WINDOWS\system32\msgina.dll - ok
10:16:26.0312 0500  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
10:16:26.0312 0500  C:\WINDOWS\system32\odbc32.dll - ok
10:16:26.0328 0500  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
10:16:26.0328 0500  C:\WINDOWS\system32\sfc_os.dll - ok
10:16:26.0328 0500  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
10:16:26.0328 0500  C:\WINDOWS\system32\umpnpmgr.dll - ok
10:16:26.0328 0500  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
10:16:26.0328 0500  C:\WINDOWS\system32\sxs.dll - ok
10:16:26.0328 0500  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
10:16:26.0328 0500  C:\WINDOWS\system32\winscard.dll - ok
10:16:26.0328 0500  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
10:16:26.0328 0500  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
10:16:26.0343 0500  [ AE8028E980FCAB6CCAF68E6850D8FE50 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
10:16:26.0343 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok
10:16:26.0343 0500  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
10:16:26.0343 0500  C:\WINDOWS\system32\cnbjmon.dll - ok
10:16:26.0343 0500  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
10:16:26.0343 0500  C:\WINDOWS\system32\dnsapi.dll - ok
10:16:26.0343 0500  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
10:16:26.0343 0500  C:\WINDOWS\system32\msvcp60.dll - ok
10:16:26.0343 0500  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
10:16:26.0343 0500  C:\WINDOWS\system32\scesrv.dll - ok
10:16:26.0359 0500  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
10:16:26.0359 0500  C:\WINDOWS\system32\tcpmon.dll - ok
10:16:26.0359 0500  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
10:16:26.0359 0500  C:\WINDOWS\system32\winmm.dll - ok
10:16:26.0359 0500  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
10:16:26.0359 0500  C:\WINDOWS\system32\wups.dll - ok
10:16:26.0359 0500  [ AC923C0F47C33356773F72EBB42BD212 ] C:\WINDOWS\system32\FXCompChannel.dll
10:16:26.0359 0500  C:\WINDOWS\system32\FXCompChannel.dll - ok
10:16:26.0359 0500  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
10:16:26.0359 0500  C:\WINDOWS\system32\lsasrv.dll - ok
10:16:26.0375 0500  [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll
10:16:26.0375 0500  C:\WINDOWS\system32\fxsroute.dll - ok
10:16:26.0375 0500  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
10:16:26.0375 0500  C:\WINDOWS\system32\samsrv.dll - ok
10:16:26.0375 0500  [ CAFBD14F56A68E6C1A55C0EAC7E487FA ] C:\WINDOWS\system32\vbajet32.dll
10:16:26.0375 0500  C:\WINDOWS\system32\vbajet32.dll - ok
10:16:26.0375 0500  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
10:16:26.0375 0500  C:\WINDOWS\AppPatch\acgenral.dll - ok
10:16:26.0375 0500  [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
10:16:26.0375 0500  C:\WINDOWS\system32\fxsevent.dll - ok
10:16:26.0375 0500  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
10:16:26.0375 0500  C:\WINDOWS\system32\pstorsvc.dll - ok
10:16:26.0390 0500  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
10:16:26.0390 0500  C:\WINDOWS\system32\raschap.dll - ok
10:16:26.0390 0500  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
10:16:26.0390 0500  C:\WINDOWS\system32\schannel.dll - ok
10:16:26.0390 0500  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
10:16:26.0390 0500  C:\WINDOWS\system32\ssdpapi.dll - ok
10:16:26.0390 0500  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
10:16:26.0390 0500  C:\WINDOWS\system32\uxtheme.dll - ok
10:16:26.0390 0500  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
10:16:26.0390 0500  C:\WINDOWS\system32\kerberos.dll - ok
10:16:26.0406 0500  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
10:16:26.0406 0500  C:\WINDOWS\system32\msnsspc.dll - ok
10:16:26.0406 0500  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
10:16:26.0406 0500  C:\WINDOWS\system32\mprapi.dll - ok
10:16:26.0406 0500  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
10:16:26.0406 0500  C:\WINDOWS\system32\msv1_0.dll - ok
10:16:26.0406 0500  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
10:16:26.0406 0500  C:\WINDOWS\system32\netlogon.dll - ok
10:16:26.0406 0500  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
10:16:26.0406 0500  C:\WINDOWS\system32\w32time.dll - ok
10:16:26.0421 0500  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
10:16:26.0421 0500  C:\WINDOWS\system32\atmfd.dll - ok
10:16:26.0421 0500  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
10:16:26.0421 0500  C:\WINDOWS\system32\cscdll.dll - ok
10:16:26.0421 0500  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
10:16:26.0421 0500  C:\WINDOWS\system32\msctf.dll - ok
10:16:26.0421 0500  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
10:16:26.0421 0500  C:\WINDOWS\system32\rsaenh.dll - ok
10:16:26.0421 0500  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
10:16:26.0421 0500  C:\WINDOWS\system32\mscoree.dll - ok
10:16:26.0437 0500  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
10:16:26.0437 0500  C:\WINDOWS\system32\scecli.dll - ok
10:16:26.0437 0500  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
10:16:26.0437 0500  C:\WINDOWS\system32\ntmarta.dll - ok
10:16:26.0437 0500  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
10:16:26.0437 0500  C:\WINDOWS\system32\rpcss.dll - ok
10:16:26.0437 0500  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
10:16:26.0437 0500  C:\WINDOWS\system32\xpsp2res.dll - ok
10:16:26.0437 0500  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
10:16:26.0437 0500  C:\WINDOWS\system32\mswsock.dll - ok
10:16:26.0453 0500  [ DA45AD502B4F2B7FC4ADEBA2E309F384 ] C:\WINDOWS\system32\netevent.dll
10:16:26.0453 0500  C:\WINDOWS\system32\netevent.dll - ok
10:16:26.0453 0500  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
10:16:26.0453 0500  C:\WINDOWS\system32\dhcpcsvc.dll - ok
10:16:26.0453 0500  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
10:16:26.0453 0500  C:\WINDOWS\system32\hnetcfg.dll - ok
10:16:26.0453 0500  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
10:16:26.0453 0500  C:\WINDOWS\system32\sens.dll - ok
10:16:26.0453 0500  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
10:16:26.0453 0500  C:\WINDOWS\system32\wzcsvc.dll - ok
10:16:26.0468 0500  [ C637FC4638A96165256B28D38DE7B953 ] C:\Program Files\HP\HP Software Update\hpwuschd2.exe
10:16:26.0468 0500  C:\Program Files\HP\HP Software Update\hpwuschd2.exe - ok
10:16:26.0468 0500  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
10:16:26.0468 0500  C:\WINDOWS\system32\esent.dll - ok
10:16:26.0468 0500  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
10:16:26.0468 0500  C:\WINDOWS\system32\wlnotify.dll - ok
10:16:26.0468 0500  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
10:16:26.0468 0500  C:\WINDOWS\system32\clbcatq.dll - ok
10:16:26.0468 0500  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
10:16:26.0468 0500  C:\WINDOWS\system32\comres.dll - ok
10:16:26.0468 0500  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
10:16:26.0468 0500  C:\WINDOWS\system32\cryptui.dll - ok
10:16:26.0484 0500  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
10:16:26.0484 0500  C:\WINDOWS\system32\rastls.dll - ok
10:16:26.0484 0500  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
10:16:26.0484 0500  C:\WINDOWS\system32\logonui.exe - ok
10:16:26.0484 0500  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
10:16:26.0484 0500  C:\WINDOWS\system32\activeds.dll - ok
10:16:26.0484 0500  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
10:16:26.0484 0500  C:\WINDOWS\system32\adsldpc.dll - ok
10:16:26.0484 0500  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
10:16:26.0484 0500  C:\WINDOWS\system32\rasapi32.dll - ok
10:16:26.0500 0500  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
10:16:26.0500 0500  C:\WINDOWS\system32\tapi32.dll - ok
10:16:26.0500 0500  [ 5C9D79CCBD4B1869EE331B35157EAB9F ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
10:16:26.0500 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll - ok
10:16:26.0500 0500  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
10:16:26.0500 0500  C:\WINDOWS\system32\duser.dll - ok
10:16:26.0500 0500  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
10:16:26.0500 0500  C:\WINDOWS\system32\oleacc.dll - ok
10:16:26.0500 0500  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
10:16:26.0500 0500  C:\WINDOWS\system32\riched20.dll - ok
10:16:26.0515 0500  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
10:16:26.0515 0500  C:\WINDOWS\system32\cryptsvc.dll - ok
10:16:26.0515 0500  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
10:16:26.0515 0500  C:\WINDOWS\system32\schedsvc.dll - ok
10:16:26.0515 0500  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
10:16:26.0515 0500  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
10:16:26.0515 0500  [ A081CB6FB9A12668F233EB5414BE3A0E ] C:\WINDOWS\system32\HPZinw12.dll
10:16:26.0515 0500  C:\WINDOWS\system32\HPZinw12.dll - ok
10:16:26.0515 0500  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
10:16:26.0515 0500  C:\WINDOWS\system32\wkssvc.dll - ok
10:16:26.0531 0500  [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
10:16:26.0531 0500  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
10:16:26.0531 0500  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
10:16:26.0531 0500  C:\WINDOWS\system32\cscui.dll - ok
10:16:26.0531 0500  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
10:16:26.0531 0500  C:\WINDOWS\system32\dpcdll.dll - ok
10:16:26.0531 0500  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
10:16:26.0531 0500  C:\WINDOWS\system32\msi.dll - ok
10:16:26.0531 0500  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
10:16:26.0531 0500  C:\WINDOWS\explorer.exe - ok
10:16:26.0531 0500  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
10:16:26.0531 0500  C:\WINDOWS\system32\browseui.dll - ok
10:16:26.0546 0500  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
10:16:26.0546 0500  C:\WINDOWS\system32\shdocvw.dll - ok
10:16:26.0546 0500  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
10:16:26.0546 0500  C:\WINDOWS\system32\mstask.dll - ok
10:16:26.0546 0500  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
10:16:26.0546 0500  C:\WINDOWS\system32\actxprxy.dll - ok
10:16:26.0546 0500  [ B265AD2A5791B25C65F8F401764C53A9 ] C:\WINDOWS\system32\igfxtray.exe
10:16:26.0546 0500  C:\WINDOWS\system32\igfxtray.exe - ok
10:16:26.0546 0500  [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
10:16:26.0546 0500  C:\WINDOWS\system32\msimtf.dll - ok
10:16:26.0562 0500  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
10:16:26.0562 0500  C:\WINDOWS\system32\ntshrui.dll - ok
10:16:26.0562 0500  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
10:16:26.0562 0500  C:\WINDOWS\system32\themeui.dll - ok
10:16:26.0562 0500  [ F8F80460C7B36D824CFFC8053DFF4C74 ] C:\WINDOWS\system32\hccutils.dll
10:16:26.0562 0500  C:\WINDOWS\system32\hccutils.dll - ok
10:16:26.0562 0500  [ DB28088CDADA0BE4A2896024393EFA93 ] C:\WINDOWS\system32\hkcmd.exe
10:16:26.0562 0500  C:\WINDOWS\system32\hkcmd.exe - ok
10:16:26.0562 0500  [ C591E7DB162689C9A73A3BC9E5050F8E ] C:\WINDOWS\system32\igfxpers.exe
10:16:26.0562 0500  C:\WINDOWS\system32\igfxpers.exe - ok
10:16:26.0578 0500  [ 44F5561C38F33CB1BC99D34573067CBD ] C:\WINDOWS\system32\igfxsrvc.exe
10:16:26.0578 0500  C:\WINDOWS\system32\igfxsrvc.exe - ok
10:16:26.0578 0500  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
10:16:26.0578 0500  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
10:16:26.0578 0500  [ 11D2EAAF3EB3FE282B38E9EC8E4BB206 ] C:\WINDOWS\system32\igfxdev.dll
10:16:26.0578 0500  C:\WINDOWS\system32\igfxdev.dll - ok
10:16:26.0578 0500  [ ADAC5FFC41BDA7897275037C0FEEBD01 ] C:\WINDOWS\system32\igfxres.dll
10:16:26.0578 0500  C:\WINDOWS\system32\igfxres.dll - ok
10:16:26.0578 0500  [ 6C4F7CC933A34C3E99B259917D8C0700 ] C:\WINDOWS\system32\igfxress.dll
10:16:26.0578 0500  C:\WINDOWS\system32\igfxress.dll - ok
10:16:26.0593 0500  [ FF3BF05021BFECC92DB81B8257EEB026 ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
10:16:26.0593 0500  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe - ok
10:16:26.0593 0500  [ BD57A6AFA05DF87BCAE9BB11FB0C4DDE ] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
10:16:26.0593 0500  C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe - ok
10:16:26.0593 0500  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
10:16:26.0593 0500  C:\WINDOWS\system32\dsound.dll - ok
10:16:26.0593 0500  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
10:16:26.0593 0500  C:\WINDOWS\system32\msvcp71.dll - ok
10:16:26.0593 0500  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
10:16:26.0593 0500  C:\WINDOWS\system32\msvcr71.dll - ok
10:16:26.0609 0500  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
10:16:26.0609 0500  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
10:16:26.0609 0500  [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
10:16:26.0609 0500  C:\WINDOWS\system32\d3d9.dll - ok
10:16:26.0609 0500  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
10:16:26.0609 0500  C:\WINDOWS\system32\ddraw.dll - ok
10:16:26.0609 0500  [ EF6E025F902E99D078812F9CC4D61602 ] C:\WINDOWS\vVX3000.exe
10:16:26.0609 0500  C:\WINDOWS\vVX3000.exe - ok
10:16:26.0609 0500  [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll
10:16:26.0609 0500  C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll - ok
10:16:26.0625 0500  [ 411EA589240F875E685F3C985357AE08 ] C:\Program Files\Microsoft LifeCam\LifeExp.exe
10:16:26.0625 0500  C:\Program Files\Microsoft LifeCam\LifeExp.exe - ok
10:16:26.0625 0500  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
10:16:26.0625 0500  C:\WINDOWS\system32\oledlg.dll - ok
10:16:26.0625 0500  [ 743E556A998074ED7EEB99CA495B2E5D ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll
10:16:26.0625 0500  C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
10:16:26.0625 0500  [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\WINDOWS\system32\mfc71.dll
10:16:26.0625 0500  C:\WINDOWS\system32\mfc71.dll - ok
10:16:26.0625 0500  [ 9ABF687071C649609BF7E177062A9008 ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
10:16:26.0625 0500  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok
10:16:26.0640 0500  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll
10:16:26.0640 0500  C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll - ok
10:16:26.0640 0500  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll
10:16:26.0640 0500  C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll - ok
10:16:26.0640 0500  [ ADE43E6677BA2D52413DDDAB38438555 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
10:16:26.0640 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok
10:16:26.0640 0500  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
10:16:26.0640 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok
10:16:26.0640 0500  [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
10:16:26.0640 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok
10:16:26.0640 0500  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
10:16:26.0640 0500  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
10:16:26.0656 0500  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
10:16:26.0656 0500  C:\WINDOWS\system32\msxml3.dll - ok
10:16:26.0656 0500  [ 38A06338E10BC8C636FC20E8ADFE6BCA ] C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll
10:16:26.0656 0500  C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll - ok
10:16:26.0656 0500  [ BD4170FA48BE0E97CC1414811246B933 ] C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll
10:16:26.0656 0500  C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll - ok
10:16:26.0656 0500  [ AB9AAC01AC223F03707748C038A03244 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
10:16:26.0656 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok
10:16:26.0656 0500  [ 89D783717FAEF904B477E8FD69143CA5 ] C:\WINDOWS\system32\cdral.dll
10:16:26.0656 0500  C:\WINDOWS\system32\cdral.dll - ok
10:16:26.0671 0500  [ 34DB287373333A7B1C6C451BE6F5D321 ] C:\WINDOWS\system32\cdrtc.dll
10:16:26.0671 0500  C:\WINDOWS\system32\cdrtc.dll - ok
10:16:26.0671 0500  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
10:16:26.0671 0500  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
10:16:26.0671 0500  [ 65BC271F337637731D3C71455AE1F476 ] C:\WINDOWS\system32\HPZipm12.dll
10:16:26.0671 0500  C:\WINDOWS\system32\HPZipm12.dll - ok
10:16:26.0671 0500  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
10:16:26.0671 0500  C:\WINDOWS\system32\netmsg.dll - ok
10:16:26.0671 0500  [ 9138E5C7FB95A70030324EDB430BF4B3 ] C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
10:16:26.0671 0500  C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe - ok
10:16:26.0687 0500  [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
10:16:26.0687 0500  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
10:16:26.0687 0500  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
10:16:26.0687 0500  C:\WINDOWS\system32\spoolss.dll - ok
10:16:26.0687 0500  [ F0A0EBF086597E645BC14B0D98F8BA58 ] C:\WINDOWS\system32\scrrun.dll
10:16:26.0687 0500  C:\WINDOWS\system32\scrrun.dll - ok
10:16:26.0687 0500  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
10:16:26.0687 0500  C:\WINDOWS\system32\webclnt.dll - ok
10:16:26.0687 0500  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
10:16:26.0687 0500  C:\WINDOWS\system32\winhttp.dll - ok
10:16:26.0703 0500  [ DB6FD0C11B499AC1B4778F3F82C3805F ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
10:16:26.0703 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll - ok
10:16:26.0703 0500  [ 24BB2810506502DAF47E956103A2FCE0 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
10:16:26.0703 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll - ok
10:16:26.0703 0500  [ 11E19171255D683DE352673E477D7FE2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
10:16:26.0703 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll - ok
10:16:26.0703 0500  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
10:16:26.0703 0500  C:\WINDOWS\system32\webcheck.dll - ok
10:16:26.0703 0500  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
10:16:26.0703 0500  C:\WINDOWS\system32\mlang.dll - ok
10:16:26.0703 0500  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
10:16:26.0703 0500  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
10:16:26.0718 0500  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
10:16:26.0718 0500  C:\WINDOWS\system32\stobject.dll - ok
10:16:26.0718 0500  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
10:16:26.0718 0500  C:\WINDOWS\system32\localspl.dll - ok
10:16:26.0718 0500  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
10:16:26.0718 0500  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
10:16:26.0718 0500  [ 63A7C1F9B258380D67BE87D181BAC473 ] C:\WINDOWS\system32\hppaecpm.dll
10:16:26.0718 0500  C:\WINDOWS\system32\hppaecpm.dll - ok
10:16:26.0718 0500  [ 0268E31EA510A41900B2A3CDC25E6520 ] C:\WINDOWS\system32\ltkrn11n.dll
10:16:26.0718 0500  C:\WINDOWS\system32\ltkrn11n.dll - ok
10:16:26.0734 0500  [ 19117E84A947E12E2ABC1A05E18B75A8 ] C:\WINDOWS\system32\HPTcpMon.dll
10:16:26.0734 0500  C:\WINDOWS\system32\HPTcpMon.dll - ok
10:16:26.0734 0500  [ F1C55AA1EE8133162353A558BA4D38FB ] C:\WINDOWS\system32\HPTcpMUI.dll
10:16:26.0734 0500  C:\WINDOWS\system32\HPTcpMUI.dll - ok
10:16:26.0734 0500  [ C66AA39E2A96E3EAAE52BA9144B5DB57 ] C:\WINDOWS\system32\HPTcpMib.dll
10:16:26.0734 0500  C:\WINDOWS\system32\HPTcpMib.dll - ok
10:16:26.0734 0500  [ 3584A093E8778C9E5F80CED99F0B7F35 ] C:\WINDOWS\system32\hpzjrd01.dll
10:16:26.0734 0500  C:\WINDOWS\system32\hpzjrd01.dll - ok
10:16:26.0734 0500  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
10:16:26.0734 0500  C:\WINDOWS\system32\wzcsapi.dll - ok
10:16:26.0750 0500  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
10:16:26.0750 0500  C:\WINDOWS\system32\inetpp.dll - ok
10:16:26.0750 0500  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
10:16:26.0750 0500  C:\WINDOWS\system32\netshell.dll - ok
10:16:26.0750 0500  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
10:16:26.0750 0500  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
10:16:26.0750 0500  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
10:16:26.0750 0500  C:\WINDOWS\system32\win32spl.dll - ok
10:16:26.0750 0500  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
10:16:26.0750 0500  C:\WINDOWS\system32\credui.dll - ok
10:16:26.0765 0500  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
10:16:26.0765 0500  C:\WINDOWS\system32\eappcfg.dll - ok
10:16:26.0765 0500  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
10:16:26.0765 0500  C:\WINDOWS\system32\onex.dll - ok
10:16:26.0765 0500  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
10:16:26.0765 0500  C:\WINDOWS\system32\certcli.dll - ok
10:16:26.0765 0500  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
10:16:26.0765 0500  C:\WINDOWS\system32\es.dll - ok
10:16:26.0765 0500  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
10:16:26.0765 0500  C:\WINDOWS\system32\davclnt.dll - ok
10:16:26.0781 0500  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
10:16:26.0781 0500  C:\WINDOWS\system32\pdh.dll - ok
10:16:26.0781 0500  [ AF8841FEF8DE40D36E77C6662843EDAE ] C:\WINDOWS\AppPatch\aclayers.dll
10:16:26.0781 0500  C:\WINDOWS\AppPatch\aclayers.dll - ok
10:16:26.0781 0500  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
10:16:26.0781 0500  C:\WINDOWS\system32\psbase.dll - ok
10:16:26.0781 0500  [ CF34EEC288A4C53E71602D5E0D65EF89 ] C:\WINDOWS\system32\msxml4r.dll
10:16:26.0781 0500  C:\WINDOWS\system32\msxml4r.dll - ok
10:16:26.0781 0500  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
10:16:26.0781 0500  C:\WINDOWS\system32\rastapi.dll - ok
10:16:26.0781 0500  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
10:16:26.0781 0500  C:\WINDOWS\system32\ipsecsvc.dll - ok
10:16:26.0796 0500  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
10:16:26.0796 0500  C:\WINDOWS\system32\oakley.dll - ok
10:16:26.0796 0500  [ 3C03DB6F66C9792C9B6E30473E847CA2 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
10:16:26.0796 0500  C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll - ok
10:16:26.0796 0500  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
10:16:26.0796 0500  C:\WINDOWS\system32\dssenh.dll - ok
10:16:26.0796 0500  [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\WINDOWS\system32\msxml4.dll
10:16:26.0796 0500  C:\WINDOWS\system32\msxml4.dll - ok
10:16:26.0796 0500  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
10:16:26.0796 0500  C:\WINDOWS\system32\wiaservc.dll - ok
10:16:26.0812 0500  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
10:16:26.0812 0500  C:\WINDOWS\system32\srsvc.dll - ok
10:16:26.0812 0500  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
10:16:26.0812 0500  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
10:16:26.0812 0500  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
10:16:26.0812 0500  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
10:16:26.0812 0500  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
10:16:26.0812 0500  C:\WINDOWS\system32\termsrv.dll - ok
10:16:26.0812 0500  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
10:16:26.0812 0500  C:\WINDOWS\system32\mstlsapi.dll - ok
10:16:26.0828 0500  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
10:16:26.0828 0500  C:\WINDOWS\system32\wbem\wbemess.dll - ok
10:16:26.0828 0500  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
10:16:26.0828 0500  C:\WINDOWS\system32\imapi.exe - ok
10:16:26.0828 0500  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
10:16:26.0828 0500  C:\WINDOWS\system32\rasmans.dll - ok
10:16:26.0828 0500  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
10:16:26.0828 0500  C:\WINDOWS\system32\netcfgx.dll - ok
10:16:26.0828 0500  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
10:16:26.0828 0500  C:\WINDOWS\system32\upnp.dll - ok
10:16:26.0843 0500  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
10:16:26.0843 0500  C:\WINDOWS\system32\rasppp.dll - ok
10:16:26.0843 0500  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
10:16:26.0843 0500  C:\WINDOWS\system32\ssdpsrv.dll - ok
10:16:26.0843 0500  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
10:16:26.0843 0500  C:\WINDOWS\system32\rasqec.dll - ok
10:16:26.0843 0500  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
10:16:26.0843 0500  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
10:16:26.0843 0500  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
10:16:26.0843 0500  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
10:16:26.0859 0500  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
10:16:26.0859 0500  C:\WINDOWS\system32\wbem\framedyn.dll - ok
10:16:26.0859 0500  [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
10:16:26.0859 0500  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
10:16:26.0859 0500  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
10:16:26.0859 0500  C:\WINDOWS\system32\rasdlg.dll - ok
10:16:26.0859 0500  [ B60DDDD2D63CE41CB8C487FCFBB6419E ] C:\Program Files\Internet Explorer\iexplore.exe
10:16:26.0859 0500  C:\Program Files\Internet Explorer\iexplore.exe - ok
10:16:26.0859 0500  [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
10:16:26.0859 0500  C:\WINDOWS\system32\fxsst.dll - ok
10:16:26.0875 0500  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
10:16:26.0875 0500  C:\WINDOWS\system32\mscms.dll - ok
10:16:26.0875 0500  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
10:16:26.0875 0500  C:\WINDOWS\system32\tapisrv.dll - ok
10:16:26.0875 0500  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
10:16:26.0875 0500  C:\WINDOWS\system32\trkwks.dll - ok
10:16:26.0875 0500  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
10:16:26.0875 0500  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
10:16:26.0875 0500  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
10:16:26.0875 0500  C:\WINDOWS\system32\vssapi.dll - ok
10:16:26.0875 0500  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
10:16:26.0875 0500  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
10:16:26.0890 0500  [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe
10:16:26.0890 0500  C:\WINDOWS\system32\fxssvc.exe - ok
10:16:26.0890 0500  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
10:16:26.0890 0500  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
10:16:26.0890 0500  [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll
10:16:26.0890 0500  C:\WINDOWS\system32\fxstiff.dll - ok
10:16:26.0890 0500  [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
10:16:26.0890 0500  C:\WINDOWS\system32\fxsapi.dll - ok
10:16:26.0890 0500  [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll
10:16:26.0890 0500  C:\WINDOWS\system32\fxst30.dll - ok
10:16:26.0906 0500  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
10:16:26.0906 0500  C:\WINDOWS\system32\wbem\esscli.dll - ok
10:16:26.0906 0500  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
10:16:26.0906 0500  C:\WINDOWS\system32\wbem\fastprox.dll - ok
10:16:26.0906 0500  [ 24422E879BAEA2B69C9B131548D16888 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll
10:16:26.0906 0500  C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
10:16:26.0906 0500  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
10:16:26.0906 0500  C:\WINDOWS\system32\browser.dll - ok
10:16:26.0906 0500  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
10:16:26.0906 0500  C:\WINDOWS\system32\netman.dll - ok
10:16:26.0921 0500  [ 641199534871783DD74138FE0BCFDAE7 ] C:\Program Files\Microsoft LifeCam\MSCamS32.exe
10:16:26.0921 0500  C:\Program Files\Microsoft LifeCam\MSCamS32.exe - ok
10:16:26.0921 0500  [ EBCDE8B48FADC6479D96A56D0A432160 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:16:26.0921 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe - ok
10:16:26.0921 0500  [ 54E10AD6EBBEDCB221ADED5D9F0C8F3F ] C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll
10:16:26.0921 0500  C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll - ok
10:16:26.0921 0500  [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\system32\msjet40.dll
10:16:26.0921 0500  C:\WINDOWS\system32\msjet40.dll - ok
10:16:26.0921 0500  [ AFDC647D16B285B9AE6140335B3B3255 ] C:\WINDOWS\system32\mswstr10.dll
10:16:26.0921 0500  C:\WINDOWS\system32\mswstr10.dll - ok
10:16:26.0937 0500  [ BE87245CE60329B31C94F1B4236E5832 ] C:\WINDOWS\system32\expsrv.dll
10:16:26.0937 0500  C:\WINDOWS\system32\expsrv.dll - ok
10:16:26.0937 0500  [ 86947F0A12A04408467305A8437140A6 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSAlbumObjects.dll
10:16:26.0937 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSAlbumObjects.dll - ok
10:16:26.0937 0500  [ E5DE87DDDB8CBE4687EADF296E58452A ] C:\WINDOWS\system32\msjtes40.dll
10:16:26.0937 0500  C:\WINDOWS\system32\msjtes40.dll - ok
10:16:26.0937 0500  [ 0FB6987D0B151090C35C887B6D7CB894 ] C:\Program Files\Roxio\VideoCore 9\CPSVideoObjects.dll
10:16:26.0937 0500  C:\Program Files\Roxio\VideoCore 9\CPSVideoObjects.dll - ok
10:16:26.0937 0500  [ BB87F0D17A6E0C54918F488E1C68A55A ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileProtocolHandler.dll
10:16:26.0937 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileProtocolHandler.dll - ok
10:16:26.0953 0500  [ EF5A686DC00A9C60E3E7C02E1411DE96 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFormatLoaderPNG.dll
10:16:26.0953 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFormatLoaderPNG.dll - ok
10:16:26.0953 0500  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
10:16:26.0953 0500  C:\WINDOWS\system32\comsvcs.dll - ok
10:16:26.0953 0500  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
10:16:26.0953 0500  C:\WINDOWS\system32\resutils.dll - ok
10:16:26.0953 0500  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
10:16:26.0953 0500  C:\WINDOWS\system32\colbact.dll - ok
10:16:26.0953 0500  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
10:16:26.0953 0500  C:\WINDOWS\system32\mtxclu.dll - ok
10:16:26.0968 0500  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:16:26.0968 0500  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - ok
10:16:26.0968 0500  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
10:16:26.0968 0500  C:\WINDOWS\system32\clusapi.dll - ok
10:16:26.0968 0500  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
10:16:26.0968 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe - ok
10:16:26.0968 0500  [ E616A6A6E91B0A86F2F6217CDE835FFE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
10:16:26.0968 0500  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
10:16:26.0968 0500  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
10:16:26.0968 0500  C:\WINDOWS\system32\msls31.dll - ok
10:16:26.0984 0500  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
10:16:26.0984 0500  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
10:16:26.0984 0500  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
10:16:26.0984 0500  C:\WINDOWS\system32\ntlanman.dll - ok
10:16:26.0984 0500  [ 0689622E6484934EB6E5F4D3A96311F9 ] C:\WINDOWS\system32\jscript.dll
10:16:26.0984 0500  C:\WINDOWS\system32\jscript.dll - ok
10:16:26.0984 0500  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
10:16:26.0984 0500  C:\WINDOWS\system32\netui0.dll - ok
10:16:26.0984 0500  [ 1AAD451CCBECE62987591B35AE8037A8 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
10:16:26.0984 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe - ok
10:16:26.0984 0500  [ BF0CFC7156E22D24184CC53BC5A8A50A ] C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll
10:16:26.0984 0500  C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll - ok
10:16:27.0000 0500  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
10:16:27.0000 0500  C:\WINDOWS\system32\netui1.dll - ok
10:16:27.0000 0500  [ BF67A8F7CC0E83D226FED8B4E27F8C33 ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
10:16:27.0000 0500  C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe - ok
10:16:27.0000 0500  [ 6427E51EA86489503FC34F81DA48C9AB ] C:\Program Files\Roxio\Drag-to-Disc\AS_Storage.dll
10:16:27.0000 0500  C:\Program Files\Roxio\Drag-to-Disc\AS_Storage.dll - ok
10:16:27.0000 0500  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
10:16:27.0000 0500  C:\WINDOWS\system32\rundll32.exe - ok
10:16:27.0000 0500  [ 254CCDC043DFADC5D5EF99B533BB1DC2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
10:16:27.0000 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll - ok
10:16:27.0015 0500  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
10:16:27.0015 0500  C:\WINDOWS\system32\wuapi.dll - ok
10:16:27.0015 0500  [ DC4739DD82EAFD85299B4E87B5F63207 ] C:\Program Files\AVG\AVG2013\avgfws.exe
10:16:27.0015 0500  C:\Program Files\AVG\AVG2013\avgfws.exe - ok
10:16:27.0015 0500  [ 0E3605A5E7C23F1139C5C448E1EAF494 ] C:\WINDOWS\system32\shimgvw.dll
10:16:27.0015 0500  C:\WINDOWS\system32\shimgvw.dll - ok
10:16:27.0015 0500  [ C9F44E08EF18BE1139386095360B0E39 ] C:\Program Files\AVG\AVG2013\avgcorex.dll
10:16:27.0015 0500  C:\Program Files\AVG\AVG2013\avgcorex.dll - ok
10:16:27.0015 0500  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
10:16:27.0015 0500  C:\WINDOWS\system32\wuauclt.exe - ok
10:16:27.0031 0500  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
10:16:27.0031 0500  C:\WINDOWS\system32\wuaueng.dll - ok
10:16:27.0031 0500  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
10:16:27.0031 0500  C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
10:16:27.0031 0500  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files\Google\Update\1.3.21.145\goopdate.dll
10:16:27.0031 0500  C:\Program Files\Google\Update\1.3.21.145\goopdate.dll - ok
10:16:27.0031 0500  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
10:16:27.0031 0500  C:\WINDOWS\system32\mspatcha.dll - ok
10:16:27.0031 0500  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
10:16:27.0031 0500  C:\WINDOWS\system32\wups2.dll - ok
10:16:27.0046 0500  [ D3FA27C8311AACC9B4394FD23C8086CD ] C:\Program Files\Mozilla Firefox\plds4.dll
10:16:27.0046 0500  C:\Program Files\Mozilla Firefox\plds4.dll - ok
10:16:27.0046 0500  [ 1992820D49D2C6AF5A7CD0D07D40A851 ] C:\Program Files\Mozilla Firefox\plc4.dll
10:16:27.0046 0500  C:\Program Files\Mozilla Firefox\plc4.dll - ok
10:16:27.0046 0500  [ BB6ECA435489775EADD9B05947450058 ] C:\Program Files\Mozilla Firefox\xpcom.dll
10:16:27.0046 0500  C:\Program Files\Mozilla Firefox\xpcom.dll - ok
10:16:27.0046 0500  [ 6FC79A950476A5F539EEB65F9097C0A8 ] C:\Program Files\Mozilla Firefox\plugin-container.exe
10:16:27.0046 0500  C:\Program Files\Mozilla Firefox\plugin-container.exe - ok
10:16:27.0046 0500  [ 6F3A266E6598E8C6C98D52395B53DCE1 ] C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
10:16:27.0046 0500  C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll - ok
10:16:27.0062 0500  [ 1C1ED047D622654A65A9BFF4FF2718EA ] C:\Program Files\Mozilla Firefox\libEGL.dll
10:16:27.0062 0500  C:\Program Files\Mozilla Firefox\libEGL.dll - ok
10:16:27.0062 0500  [ 37461F2C3F212CF508A20FDC729ABDE5 ] C:\WINDOWS\system32\clb.dll
10:16:27.0062 0500  C:\WINDOWS\system32\clb.dll - ok
10:16:27.0062 0500  [ 34781A7E9683F42C4B2FE6F09456568C ] C:\WINDOWS\system32\ipconfig.exe
10:16:27.0062 0500  C:\WINDOWS\system32\ipconfig.exe - ok
10:16:27.0062 0500  [ F4E8B8F221B8DDEF2A504BDA7A24E6E5 ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
10:16:27.0062 0500  C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
10:16:27.0062 0500  [ E17BFF4A8EBF941A2C8B9AE99C477DA9 ] C:\Program Files\Mozilla Firefox\nssutil3.dll
10:16:27.0062 0500  C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
10:16:27.0062 0500  [ 29C0B2468644975752B21FD55C08CEC1 ] C:\Program Files\Mozilla Firefox\nss3.dll
10:16:27.0062 0500  C:\Program Files\Mozilla Firefox\nss3.dll - ok
10:16:27.0078 0500  [ 0EEB56F60913514DE7D6EDDFBB895CFB ] C:\Program Files\Mozilla Firefox\nssckbi.dll
10:16:27.0078 0500  C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
10:16:27.0078 0500  [ 7797E159D38F7EE35FAE45A785EDED08 ] C:\Program Files\Mozilla Firefox\nspr4.dll
10:16:27.0078 0500  C:\Program Files\Mozilla Firefox\nspr4.dll - ok
10:16:27.0078 0500  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
10:16:27.0078 0500  C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
10:16:27.0078 0500  [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
10:16:27.0078 0500  C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
10:16:27.0078 0500  [ FAC10E7AC8DB4E6B7B77A72990151188 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
10:16:27.0078 0500  C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
10:16:27.0093 0500  [ 8416CA752F8377EA151D53C0D52017F0 ] C:\Program Files\Mozilla Firefox\mozjs.dll
10:16:27.0093 0500  C:\Program Files\Mozilla Firefox\mozjs.dll - ok
10:16:27.0093 0500  [ D7A99BBF38F69968A09C61C92C2D494F ] C:\Program Files\Mozilla Firefox\mozglue.dll
10:16:27.0093 0500  C:\Program Files\Mozilla Firefox\mozglue.dll - ok
10:16:27.0093 0500  [ 825BF0E46B4470A463AEB641480C5FCA ] C:\Program Files\Mozilla Firefox\maintenanceservice.exe
10:16:27.0093 0500  C:\Program Files\Mozilla Firefox\maintenanceservice.exe - ok
10:16:27.0093 0500  [ 35B738E177A78407305AB7DABBFB111F ] C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
10:16:27.0093 0500  C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe - ok
10:16:27.0093 0500  [ 85B6ABA9875961AF5A1099E0B6F89FB0 ] C:\Program Files\Mozilla Firefox\libGLESv2.dll
10:16:27.0093 0500  C:\Program Files\Mozilla Firefox\libGLESv2.dll - ok
10:16:27.0109 0500  [ 9E349174A3A14D68CC74A13063B34EFD ] C:\Program Files\Mozilla Firefox\gkmedias.dll
10:16:27.0109 0500  C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
10:16:27.0109 0500  [ 751068D5D0ECD64A4810379729A1F0BC ] C:\WINDOWS\system32\ulib.dll
10:16:27.0109 0500  C:\WINDOWS\system32\ulib.dll - ok
10:16:27.0109 0500  [ 92E2A2574186BCBB7027A6048E1B8B1B ] C:\WINDOWS\system32\srrstr.dll
10:16:27.0109 0500  C:\WINDOWS\system32\srrstr.dll - ok
10:16:27.0109 0500  [ D3D5DD2F21931E1653AC19C08200689F ] C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe
10:16:27.0109 0500  C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe - ok
10:16:27.0109 0500  [ 7412FBB8CD7E62FF8899F5568EFBF522 ] C:\Program Files\Mozilla Firefox\webapprt-stub.exe
10:16:27.0109 0500  C:\Program Files\Mozilla Firefox\webapprt-stub.exe - ok
10:16:27.0125 0500  [ 8DEB069F858075A1F16B74769D3A5C6B ] C:\Program Files\Mozilla Firefox\uninstall\helper.exe
10:16:27.0125 0500  C:\Program Files\Mozilla Firefox\uninstall\helper.exe - ok
10:16:27.0125 0500  [ 91DEFD7410105C07344067A64CFFC16E ] C:\Program Files\Mozilla Firefox\updater.exe
10:16:27.0125 0500  C:\Program Files\Mozilla Firefox\updater.exe - ok
10:16:27.0125 0500  [ 753BC16326FEE4A421ACB636CCD602F4 ] C:\ComboFix\NircmdB.exe
10:16:27.0125 0500  C:\ComboFix\NircmdB.exe - ok
10:16:27.0125 0500  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:16:27.0125 0500  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
10:16:27.0125 0500  [ 9ED39805DF38061BB031D0F2B20DFB77 ] C:\WINDOWS\system32\ntkrnlpa.exe
10:16:27.0125 0500  C:\WINDOWS\system32\ntkrnlpa.exe - ok
10:16:27.0140 0500  [ F040037B149FD0F5A5044AE563390FA7 ] C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:16:27.0140 0500  C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe - ok
10:16:27.0140 0500  [ 5C4AAC5A91422C95522ECC6C26FB93C8 ] C:\WINDOWS\system32\wininet.dll
10:16:27.0140 0500  C:\WINDOWS\system32\wininet.dll - ok
10:16:27.0140 0500  [ F042EE4C8D66248D9B86DCF52ABAE416 ] C:\ComboFix\PEV.exe
10:16:27.0140 0500  C:\ComboFix\PEV.exe - ok
10:16:27.0140 0500  [ BBAD10F039069325326CDA0A68D55356 ] C:\Program Files\AVG\AVG2013\avgcfgx.dll
10:16:27.0140 0500  C:\Program Files\AVG\AVG2013\avgcfgx.dll - ok
10:16:27.0140 0500  [ 5EFB4A0B6F794DA7380859F56E16CF8D ] C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
10:16:27.0140 0500  C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll - ok
10:16:27.0156 0500  [ 172BE63FE4CCB653446687BFB97E61C9 ] C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll
10:16:27.0156 0500  C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll - ok
10:16:27.0156 0500  [ 6D2EDE5CC51FF35004BD07E9EF3E1996 ] C:\PROGRA~1\AVG\AVG2013\avgcclix.dll
10:16:27.0156 0500  C:\PROGRA~1\AVG\AVG2013\avgcclix.dll - ok
10:16:27.0156 0500  [ 53B18D940D7155C49D507F076AF43554 ] C:\Program Files\AVG\AVG2013\avgcsrvx.exe
10:16:27.0156 0500  C:\Program Files\AVG\AVG2013\avgcsrvx.exe - ok
10:16:27.0156 0500  [ 2E967B05E5D1EF57632819BDC54F19B1 ] C:\Program Files\AVG\AVG2013\avgchclx.dll
10:16:27.0156 0500  C:\Program Files\AVG\AVG2013\avgchclx.dll - ok
10:16:27.0156 0500  [ 099D9F937F6EE23672391B3A5BD6D7E5 ] C:\Program Files\AVG\AVG2013\avgntsqlitex.dll
10:16:27.0156 0500  C:\Program Files\AVG\AVG2013\avgntsqlitex.dll - ok
10:16:27.0156 0500  [ 997E8F5939F2D12CD9F2E6B395724C16 ] C:\WINDOWS\system32\drivers\iastor.sys
10:16:27.0156 0500  C:\WINDOWS\system32\drivers\iastor.sys - ok
10:16:27.0171 0500  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
10:16:27.0171 0500  C:\WINDOWS\system32\drivers\dxapi.sys - ok
10:16:27.0171 0500  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
10:16:27.0171 0500  C:\WINDOWS\system32\watchdog.sys - ok
10:16:27.0171 0500  [ FC8A1F72A8097910A11D5184BC3F887B ] C:\WINDOWS\system32\win32k.sys
10:16:27.0171 0500  C:\WINDOWS\system32\win32k.sys - ok
10:16:27.0171 0500  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
10:16:27.0171 0500  C:\WINDOWS\system32\drivers\dxg.sys - ok
10:16:27.0171 0500  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
10:16:27.0171 0500  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
10:16:27.0187 0500  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
10:16:27.0187 0500  C:\WINDOWS\system32\msctfime.ime - ok
10:16:27.0187 0500  [ 6E6AB29D3C06E64CE81FEACDA85394B5 ] C:\WINDOWS\system32\drivers\DRVNDDM.SYS
10:16:27.0187 0500  C:\WINDOWS\system32\drivers\DRVNDDM.SYS - ok
10:16:27.0187 0500  [ 0659E6E0A95564F958D9DF7313F7701E ] C:\WINDOWS\system32\DLA\DLABMFSM.SYS
10:16:27.0187 0500  C:\WINDOWS\system32\DLA\DLABMFSM.SYS - ok
10:16:27.0187 0500  [ 8691C78908F0BD66170669DB268369F2 ] C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:16:27.0187 0500  C:\WINDOWS\system32\DLA\DLABOIOM.SYS - ok
10:16:27.0187 0500  [ 5615744A1056933B90E6AC54FEB86F35 ] C:\WINDOWS\system32\DLA\DLADResM.SYS
10:16:27.0187 0500  C:\WINDOWS\system32\DLA\DLADResM.SYS - ok
10:16:27.0203 0500  [ 1AECA2AFA5005CE4A550CF8EB55A8C88 ] C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:16:27.0203 0500  C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - ok
10:16:27.0203 0500  [ 840E7F6ABB885C72B9FFDDB022EF5B6D ] C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:16:27.0203 0500  C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - ok
10:16:27.0203 0500  [ 0294D18731AC05DA80132CE88F8A876B ] C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:16:27.0203 0500  C:\WINDOWS\system32\DLA\DLAPoolM.SYS - ok
10:16:27.0203 0500  [ CCA4E121D599D7D1706A30F603731E59 ] C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:16:27.0203 0500  C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - ok
10:16:27.0203 0500  [ 7DAB85C33135DF24419951DA4E7D38E5 ] C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:16:27.0203 0500  C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - ok
10:16:27.0203 0500  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
10:16:27.0203 0500  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
10:16:27.0218 0500  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
10:16:27.0218 0500  C:\WINDOWS\system32\winspool.drv - ok
10:16:27.0218 0500  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
10:16:27.0218 0500  C:\WINDOWS\system32\wdmaud.drv - ok
10:16:27.0218 0500  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
10:16:27.0218 0500  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
10:16:27.0218 0500  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
10:16:27.0218 0500  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
10:16:27.0218 0500  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
10:16:27.0218 0500  C:\WINDOWS\system32\drivers\splitter.sys - ok
10:16:27.0234 0500  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
10:16:27.0234 0500  C:\WINDOWS\system32\drivers\aec.sys - ok
10:16:27.0234 0500  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
10:16:27.0234 0500  C:\WINDOWS\system32\drivers\swmidi.sys - ok
10:16:27.0234 0500  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
10:16:27.0234 0500  C:\WINDOWS\system32\drivers\dmusic.sys - ok
10:16:27.0234 0500  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
10:16:27.0234 0500  C:\WINDOWS\system32\drivers\kmixer.sys - ok
10:16:27.0234 0500  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
10:16:27.0234 0500  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
10:16:27.0250 0500  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
10:16:27.0250 0500  C:\WINDOWS\system32\msacm32.drv - ok
10:16:27.0250 0500  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
10:16:27.0250 0500  C:\WINDOWS\system32\desk.cpl - ok
10:16:27.0250 0500  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
10:16:27.0250 0500  C:\WINDOWS\system32\cmd.exe - ok
10:16:27.0250 0500  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Deb\LOCALS~1\Temp\49C27287-9892-4244-9327-FA142777AF75.exe
10:16:27.0250 0500  C:\DOCUME~1\Deb\LOCALS~1\Temp\49C27287-9892-4244-9327-FA142777AF75.exe - ok
10:16:27.0250 0500  [ 6A8BC204BC31E7CFDD1373CDB247A36C ] C:\WINDOWS\RTHDCPL.EXE
10:16:27.0250 0500  C:\WINDOWS\RTHDCPL.EXE - ok
10:16:27.0265 0500  [ D6B7814AA0D1412F0EA77845C0AF7B51 ] C:\dell\E-Center\EULALauncher.exe
10:16:27.0265 0500  C:\dell\E-Center\EULALauncher.exe - ok
10:16:27.0265 0500  [ 267B3A856E9F4DB1CABD4E6DB71E07D2 ] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
10:16:27.0265 0500  C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe - ok
10:16:27.0265 0500  [ 090D71E532AD77C93E0A577C97ED7500 ] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
10:16:27.0265 0500  C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe - ok
10:16:27.0265 0500  [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\WINDOWS\system32\MFC71ENU.DLL
10:16:27.0265 0500  C:\WINDOWS\system32\MFC71ENU.DLL - ok
10:16:27.0265 0500  [ D47E53787237AF1E235C0C68955E5BE9 ] C:\Program Files\Roxio\Drag-to-Disc\D2DRes.DLL
10:16:27.0265 0500  C:\Program Files\Roxio\Drag-to-Disc\D2DRes.DLL - ok
10:16:27.0281 0500  [ C0A447BCA69D9661D1EF7EDF4C700FE3 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
10:16:27.0281 0500  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok
10:16:27.0281 0500  [ 39877CE56747FEA382175CD57D3BBA10 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
10:16:27.0281 0500  C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll - ok
10:16:27.0281 0500  [ 900A9D261859EC999C9C7243410C3203 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll
10:16:27.0281 0500  C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll - ok
10:16:27.0281 0500  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
10:16:27.0281 0500  C:\WINDOWS\system32\ctfmon.exe - ok
10:16:27.0281 0500  [ 3C84FCA13C4EB607478A45F2D7E16DB3 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll
10:16:27.0281 0500  C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll - ok
10:16:27.0281 0500  [ 378894E833489C07AAE541BE974CB59B ] C:\WINDOWS\system32\DLAAPI_W.DLL
10:16:27.0281 0500  C:\WINDOWS\system32\DLAAPI_W.DLL - ok
10:16:27.0296 0500  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
10:16:27.0296 0500  C:\WINDOWS\system32\msutb.dll - ok
10:16:27.0296 0500  [ A1B7731BF604BBAC2FBFD954EA0AB3C3 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c9a59694\mscorlib.dll
10:16:27.0296 0500  C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c9a59694\mscorlib.dll - ok
10:16:27.0296 0500  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
10:16:27.0296 0500  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
10:16:27.0296 0500  [ 2A2C442F00B45E01D4C882EEA69A01BC ] C:\WINDOWS\system32\mfc100enu.dll
10:16:27.0296 0500  C:\WINDOWS\system32\mfc100enu.dll - ok
10:16:27.0296 0500  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
10:16:27.0296 0500  C:\WINDOWS\ime\sptip.dll - ok
10:16:27.0312 0500  [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
10:16:27.0312 0500  C:\WINDOWS\system32\hhctrl.ocx - ok
10:16:27.0312 0500  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\60700836.sys
10:16:27.0312 0500  C:\WINDOWS\system32\drivers\60700836.sys - ok
10:16:27.0312 0500  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
10:16:27.0312 0500  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
10:16:27.0312 0500  [ 3DC324435E21870CC3AFE5B178D4EC8E ] C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
10:16:27.0312 0500  C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll - ok
10:16:27.0312 0500  [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
10:16:27.0312 0500  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
10:16:27.0328 0500  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:16:27.0328 0500  C:\Program Files\SUPERAntiSpyware\SASCORE.EXE - ok
10:16:27.0328 0500  [ 8617C6B8EBDD29DCCD9B22A319847913 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_74af4e1b\System.Windows.Forms.dll
10:16:27.0328 0500  C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_74af4e1b\System.Windows.Forms.dll - ok
10:16:27.0328 0500  [ 6D0A021A23A281AB9F212CF1E2BD3757 ] C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
10:16:27.0328 0500  C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - ok
10:16:27.0328 0500  [ 0C3A78CC26051A1C134610F8A51C671D ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7ac042e5\System.dll
10:16:27.0328 0500  C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_7ac042e5\System.dll - ok
10:16:27.0328 0500  [ 126B84EAB69BD5116CC5A89C5F9E23FF ] C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll
10:16:27.0328 0500  C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll - ok
10:16:27.0343 0500  [ F53E2B13D7A40E7DE68A1B2542BED5E4 ] C:\Program Files\HP\ToolBoxFX\bin\HPTools.dll
10:16:27.0343 0500  C:\Program Files\HP\ToolBoxFX\bin\HPTools.dll - ok
10:16:27.0343 0500  [ 703C3BE2C306BBAB49D231504DE6E7EF ] C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
10:16:27.0343 0500  C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - ok
10:16:27.0343 0500  [ 5BDB1E096DEA119A4D205ACB6E958175 ] C:\Program Files\AVG\AVG2013\avgopensslx.dll
10:16:27.0343 0500  C:\Program Files\AVG\AVG2013\avgopensslx.dll - ok
10:16:27.0343 0500  [ 7C55731C8B11F2606679F2423D34BFA0 ] C:\Program Files\HP\ToolBoxFX\bin\AppConstants.dll
10:16:27.0343 0500  C:\Program Files\HP\ToolBoxFX\bin\AppConstants.dll - ok
10:16:27.0343 0500  [ F46ED5EEDA9EE2AD073A60985E079893 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2fd97ce1\System.Drawing.dll
10:16:27.0343 0500  C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2fd97ce1\System.Drawing.dll - ok
10:16:27.0359 0500  [ 1F925E719C2A931B27CD04CFC0368D41 ] C:\Program Files\HP\ToolBoxFX\bin\HPAppTools.dll
10:16:27.0359 0500  C:\Program Files\HP\ToolBoxFX\bin\HPAppTools.dll - ok
10:16:27.0359 0500  [ A5205B3AF85B1477AB2C2A1E12201598 ] C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
10:16:27.0359 0500  C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - ok
10:16:27.0359 0500  [ F07A8C86DB11469959C11F976A233F08 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ea5e89b7\System.Xml.dll
10:16:27.0359 0500  C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_ea5e89b7\System.Xml.dll - ok
10:16:27.0359 0500  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
10:16:27.0359 0500  C:\WINDOWS\system32\drivers\srv.sys - ok
10:16:27.0359 0500  [ 00AB99E13C24AEE11A547BE3301EAF59 ] C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10:16:27.0359 0500  C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - ok
10:16:27.0375 0500  [ 68FE12C5785B30B360BACE26A867FBAA ] C:\WINDOWS\system32\ltfil11n.DLL
10:16:27.0375 0500  C:\WINDOWS\system32\ltfil11n.DLL - ok
10:16:27.0375 0500  [ 5CFD15A43D5E85131853B43945FA1787 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
10:16:27.0375 0500  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL - ok
10:16:27.0375 0500  [ F6C66188DEF298E2C3827AF6FB2C0637 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll
10:16:27.0375 0500  C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll - ok
10:16:27.0375 0500  [ 5FCE5B36991DBAA99DA9E9C62D8E60AC ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll
10:16:27.0375 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll - ok
10:16:27.0375 0500  [ 1BAC818025403333C11817DAFBCEE283 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll
10:16:27.0375 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll - ok
10:16:27.0390 0500  [ C7C30B24C8C57078654BA9574CE70E3D ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll
10:16:27.0390 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll - ok
10:16:27.0390 0500  [ A27DDD6EEBD2B117DBDF05A210842A5C ] C:\Program Files\HP\ToolBoxFX\bin\HPToolkit.dll
10:16:27.0390 0500  C:\Program Files\HP\ToolBoxFX\bin\HPToolkit.dll - ok
10:16:27.0390 0500  [ 41857DA3EA7A2568E1AAE8FEDC8D8939 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll
10:16:27.0390 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll - ok
10:16:27.0390 0500  [ CCF5EA92755882D7FA5BD9A91F69B253 ] C:\Program Files\HP\ToolBoxFX\bin\Enumeration.dll
10:16:27.0390 0500  C:\Program Files\HP\ToolBoxFX\bin\Enumeration.dll - ok
10:16:27.0390 0500  [ 62F3C3348E41F47D2FAEAB84DBE9F45A ] C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
10:16:27.0390 0500  C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - ok
10:16:27.0406 0500  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
10:16:27.0406 0500  C:\WINDOWS\system32\unimdm.tsp - ok
10:16:27.0406 0500  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
10:16:27.0406 0500  C:\WINDOWS\system32\kmddsp.tsp - ok
10:16:27.0406 0500  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
10:16:27.0406 0500  C:\WINDOWS\system32\ndptsp.tsp - ok
10:16:27.0406 0500  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
10:16:27.0406 0500  C:\WINDOWS\system32\ipconf.tsp - ok
10:16:27.0406 0500  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
10:16:27.0406 0500  C:\WINDOWS\system32\h323.tsp - ok
10:16:27.0421 0500  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
10:16:27.0421 0500  C:\WINDOWS\system32\hidphone.tsp - ok
10:16:27.0421 0500  [ 7105017C49E2CBB031BFB20CBDDF3ED8 ] C:\Program Files\HP\ToolBoxFX\bin\HPFaxUtilities.dll
10:16:27.0421 0500  C:\Program Files\HP\ToolBoxFX\bin\HPFaxUtilities.dll - ok
10:16:27.0421 0500  [ 5C0C21705ADA761D85F79615235E5772 ] C:\Program Files\HP\ToolBoxFX\bin\HPStreamsInterface.dll
10:16:27.0421 0500  C:\Program Files\HP\ToolBoxFX\bin\HPStreamsInterface.dll - ok
10:16:27.0421 0500  [ E4816487BEF94A2412FDC881796E6572 ] C:\Program Files\HP\ToolBoxFX\bin\Alerts.dll
10:16:27.0421 0500  C:\Program Files\HP\ToolBoxFX\bin\Alerts.dll - ok
10:16:27.0421 0500  [ DE2D63C8E03184D7CA3B9E772C04D143 ] C:\Program Files\HP\ToolBoxFX\bin\NamedPipeChannel.dll
10:16:27.0421 0500  C:\Program Files\HP\ToolBoxFX\bin\NamedPipeChannel.dll - ok
10:16:27.0437 0500  [ 1E1B73FC9C17EFFE04F5676A40C82026 ] C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
10:16:27.0437 0500  C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll - ok
10:16:27.0437 0500  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
10:16:27.0437 0500  C:\WINDOWS\system32\drivers\http.sys - ok
10:16:27.0437 0500  [ 6CD899271FD5D133FACD32E434907500 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\AlbumCommonPlugins.dll
10:16:27.0437 0500  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\AlbumCommonPlugins.dll - ok
10:16:27.0437 0500  [ 557BAC2FC662137A9457DDD0A6531DB2 ] C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
10:16:27.0437 0500  C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll - ok
10:16:27.0437 0500  [ 6DE5C66E434A9C1729575763D891C6C2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
10:16:27.0437 0500  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll - ok
10:16:27.0453 0500  [ E7D91D008FE76423962B91C43C88E4EB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
10:16:27.0453 0500  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll - ok
10:16:27.0453 0500  [ 5F1EC52CED30D4A44369430ADF1B7C6F ] C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\15.2.0\avgdttbx.dll
10:16:27.0453 0500  C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\15.2.0\avgdttbx.dll - ok
10:16:27.0453 0500  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
10:16:27.0453 0500  C:\WINDOWS\system32\security.dll - ok
10:16:27.0453 0500  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
10:16:27.0453 0500  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
10:16:27.0453 0500  [ 2775CF7A0D1ABEBCBF2296A2D95AF793 ] C:\Program Files\Java\jre7\bin\awt.dll
10:16:27.0453 0500  C:\Program Files\Java\jre7\bin\awt.dll - ok
10:16:27.0453 0500  [ 8839C69D4E9468A1E5BDF4B9F4BCC5FE ] C:\Program Files\Java\jre7\bin\client\jvm.dll
10:16:27.0453 0500  C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
10:16:27.0468 0500  [ 60C2752036FAC5DA6E5F72CB9AB60747 ] C:\Program Files\Java\jre7\bin\dcpr.dll
10:16:27.0468 0500  C:\Program Files\Java\jre7\bin\dcpr.dll - ok
10:16:27.0468 0500  [ F38B92211F961CF9D48B2192BC7B00D6 ] C:\Program Files\Java\jre7\bin\deploy.dll
10:16:27.0468 0500  C:\Program Files\Java\jre7\bin\deploy.dll - ok
10:16:27.0468 0500  [ 24265143B1F4D8C57695630FBF6494CD ] C:\Program Files\Java\jre7\bin\fontmanager.dll
10:16:27.0468 0500  C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
10:16:27.0468 0500  [ 8A53582955841F6FFC62D7FD2E913773 ] C:\Program Files\Java\jre7\bin\java.dll
10:16:27.0468 0500  C:\Program Files\Java\jre7\bin\java.dll - ok
10:16:27.0468 0500  [ 0B56B878192DBA95D66A3162D38911F2 ] C:\Program Files\Java\jre7\bin\javaw.exe
10:16:27.0468 0500  C:\Program Files\Java\jre7\bin\javaw.exe - ok
10:16:27.0484 0500  [ C053C0F4F941A74EE163A601AEFE7AC3 ] C:\Program Files\Java\jre7\bin\jp2native.dll
10:16:27.0484 0500  C:\Program Files\Java\jre7\bin\jp2native.dll - ok
10:16:27.0484 0500  [ 467B0D0BC47D0B9CFA3837DA0A498C7F ] C:\Program Files\Java\jre7\bin\jpeg.dll
10:16:27.0484 0500  C:\Program Files\Java\jre7\bin\jpeg.dll - ok
10:16:27.0484 0500  [ 0A45A39E9A1D3D33A49D1BAF292659E3 ] C:\Program Files\Java\jre7\bin\net.dll
10:16:27.0484 0500  C:\Program Files\Java\jre7\bin\net.dll - ok
10:16:27.0484 0500  [ F897D8369C0523D32A5DD169DF545BCD ] C:\Program Files\Java\jre7\bin\nio.dll
10:16:27.0484 0500  C:\Program Files\Java\jre7\bin\nio.dll - ok
10:16:27.0484 0500  [ 76F27FAB5BA22E336E5D42626702E744 ] C:\Program Files\Java\jre7\bin\verify.dll
10:16:27.0484 0500  C:\Program Files\Java\jre7\bin\verify.dll - ok
10:16:27.0500 0500  [ 95A841BE3CF27181D7E9033DD66BC5CF ] C:\Program Files\Java\jre7\bin\zip.dll
10:16:27.0500 0500  C:\Program Files\Java\jre7\bin\zip.dll - ok
10:16:27.0500 0500  [ 5DFE72B9F1FF669070FC032090B7B982 ] C:\Program Files\Common Files\Java\Java Update\jucheck.exe
10:16:27.0500 0500  C:\Program Files\Common Files\Java\Java Update\jucheck.exe - ok
10:16:27.0500 0500  [ A7F317118AFDE7A29D2EF7A722AC13B2 ] C:\Program Files\Java\jre7\bin\javaws.exe
10:16:27.0500 0500  C:\Program Files\Java\jre7\bin\javaws.exe - ok
10:16:27.0500 0500  [ 04F4D7D7B97C616C33DC3EFFD48875E0 ] C:\Program Files\Java\jre7\bin\java.exe
10:16:27.0500 0500  C:\Program Files\Java\jre7\bin\java.exe - ok
10:16:27.0500 0500  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
10:16:27.0500 0500  C:\WINDOWS\system32\qmgr.dll - ok
10:16:27.0515 0500  [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
10:16:27.0515 0500  C:\WINDOWS\system32\qmgrprxy.dll - ok
10:16:27.0515 0500  [ 30B2B89BB7D7BB4BEB0162D8633B9DF9 ] C:\Program Files\Java\jre7\bin\sunec.dll
10:16:27.0515 0500  C:\Program Files\Java\jre7\bin\sunec.dll - ok
10:16:27.0515 0500  [ 1683548B3FDD5AD0B940F19CA6700BB8 ] C:\Program Files\Java\jre7\bin\sunmscapi.dll
10:16:27.0515 0500  C:\Program Files\Java\jre7\bin\sunmscapi.dll - ok
10:16:27.0515 0500  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
10:16:27.0515 0500  C:\WINDOWS\system32\cryptnet.dll - ok
10:16:27.0515 0500  [ 6C137D2BEF3CDD43F3AE2FD6705B9FED ] C:\DOCUME~1\Deb\LOCALS~1\Temp\jre-7u21-windows-i586-iftw.exe
10:16:27.0515 0500  C:\DOCUME~1\Deb\LOCALS~1\Temp\jre-7u21-windows-i586-iftw.exe - ok
10:16:27.0531 0500  [ 9FAD7DFF67555FF1E06BC4A3893024A7 ] C:\WINDOWS\system32\logon.scr
10:16:27.0531 0500  C:\WINDOWS\system32\logon.scr - ok
10:16:27.0531 0500  [ 29D41E4ED94B2048F96583D18BC1950F ] C:\WINDOWS\system32\defrag.exe
10:16:27.0531 0500  C:\WINDOWS\system32\defrag.exe - ok
10:16:27.0531 0500  [ 7DAC4089BCA671C305BB61242CDE29F8 ] C:\WINDOWS\system32\dfrgres.dll
10:16:27.0531 0500  C:\WINDOWS\system32\dfrgres.dll - ok
10:16:27.0531 0500  [ 609ADB6AAC0ACD162B051CCE9106F07E ] C:\WINDOWS\system32\dfrgntfs.exe
10:16:27.0531 0500  C:\WINDOWS\system32\dfrgntfs.exe - ok
10:16:27.0531 0500  [ 57EE7B58E1DA5E5D9D02590FBB3CA77F ] C:\Program Files\AVG\AVG2013\avgdecider.dll
10:16:27.0531 0500  C:\Program Files\AVG\AVG2013\avgdecider.dll - ok
10:16:27.0531 0500  [ DE5160912F4483F37704BE65C315B545 ] C:\WINDOWS\system32\msscript.ocx
10:16:27.0531 0500  C:\WINDOWS\system32\msscript.ocx - ok
10:16:27.0546 0500  ============================================================
10:16:27.0546 0500  Scan finished
10:16:27.0546 0500  ============================================================
10:16:27.0671 0612  Detected object count: 10
10:16:27.0671 0612  Actual detected object count: 10
10:17:32.0000 0612  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0000 0612  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0000 0612  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0000 0612  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0000 0612  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0000 0612  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0000 0612  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0000 0612  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0000 0612  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0000 0612  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0000 0612  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0000 0612  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0015 0612  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0015 0612  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0015 0612  RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0015 0612  RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0015 0612  stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:32.0015 0612  stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:32.0015 0612  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:17:32.0015 0612  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

 
 
 
RogueKiller log:
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK
gmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Deb [Admin rights]
Mode : Remove -- Date : 06/05/2013 09:29:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] 032610d848dedb32d8860fad5d38ed5d
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5]_D_06052013_02d0929.txt >>
RKreport[4]_S_06052013_02d0914.txt ; RKreport[5]_D_06052013_02d0929.txt

   

  


Edited by loadblok, 05 June 2013 - 10:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users