Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sound muting, random audio clips, and conections cut off


  • This topic is locked This topic is locked
28 replies to this topic

#1 Houka

Houka

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 02 July 2013 - 03:03 PM

Ok so I hear this is where I should ahve PC problems. For straters my Wave Valume with mute itself quite a bit from a secend to up 3 hours or so. A long with that I often hear what appaer to be audio clips from some shows but nothing is running, no widow or video. My internet will some times cut off even though the cenections is "Good".

 

I've read some advice and it said to fallow the directions and post the result here. On issue I have is that it doesn't say if I am suposes to atatched the DDS.txt too. So sorry if I was suppose to add that in too.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 03 July 2013 - 01:28 AM



Hello Houka

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 03 July 2013 - 11:49 AM

Well Ok then. I did taht becouse that what your intruction said i was suppsoe to do.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2009 7:04:05 PM
System Uptime: 7/2/2013 11:51:12 AM (3 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | MS-7061
Processor: AMD Athlon™ XP 1800+ | Socket A | 1500/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 151 GiB total, 105.519 GiB free.
D: is FIXED (FAT32) - 56 GiB total, 52.701 GiB free.
E: is FIXED (NTFS) - 259 GiB total, 62.737 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM (CDFS)
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP246: 4/8/2013 4:42:10 AM - System Checkpoint
RP247: 4/15/2013 9:42:42 PM - System Checkpoint
RP248: 4/18/2013 9:03:02 PM - System Checkpoint
RP249: 6/4/2013 4:11:00 PM - System Checkpoint
RP250: 6/6/2013 11:10:44 AM - System Checkpoint
RP251: 6/10/2013 8:37:12 AM - System Checkpoint
RP252: 6/17/2013 9:26:43 PM - System Checkpoint
RP253: 6/19/2013 2:13:40 AM - System Checkpoint
RP254: 6/19/2013 9:46:23 PM - Restore Operation
RP255: 6/21/2013 11:20:32 PM - System Checkpoint
RP256: 6/23/2013 2:50:11 PM - System Checkpoint
RP257: 6/24/2013 6:06:47 PM - System Checkpoint
RP258: 6/25/2013 11:07:27 PM - System Checkpoint
RP259: 6/26/2013 11:14:35 PM - System Checkpoint
RP260: 6/28/2013 2:01:45 AM - System Checkpoint
RP261: 6/29/2013 8:15:29 PM - Removed AVG 2011
RP262: 6/29/2013 8:18:37 PM - Removed AVG 2011
RP263: 6/29/2013 9:44:28 PM - Installed AVG 2013
RP264: 6/29/2013 9:46:55 PM - Installed AVG 2013
RP265: 6/30/2013 7:30:41 PM - Installed Windows Internet Explorer 8.
RP266: 6/30/2013 8:45:26 PM - Removed Skype™ 6.1
.
==== Installed Programs ======================
.
7-Zip 4.57
AAC Decoder
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Aneesoft Free Apple TV Video Converter
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG 2013
Bonjour
Crazy Browser version 3.0.0 RC2
Crazy Browser version 3.0.5
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WaveStudio 7
D-Link AirPlus
Dealio Toolbar v4.3
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Free YouTube Download version 3.1.42.1212
GameXN GO
Google Chrome
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iLivid Download Manager
iTunes
Java™ 6 Update 16
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 3.9.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
midicairus Toolbar
MKV Splitter
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Platform
QuickTime
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923789)
Segoe UI
Skype Click to Call
Skype™ 5.0
Sound Blaster Audigy
Strongvault Online Backup
SuperAVConverter V9.5 Build 6500
TubeSucker
UniChrome IGP Driver and Utilities
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
Veoh Giraffic Video Accelerator
Veoh Web Player
VIA Platform Device Manager
WAV MP3 Converter v3.8 build 969
WeatherBug
WebFldrs XP
Windows ilivid Toolbar
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
YTD Toolbar v6.9
YTD Video Downloader 3.9.2
.
==== Event Viewer Messages From Past Week ========
.
7/2/2013 11:52:29 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.4 for the Network Card with network address 0080C8B027F2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/1/2013 1:29:58 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Yahoo! Updater service to connect.
7/1/2013 1:29:58 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Skype C2C Service service to connect.
7/1/2013 1:29:58 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
7/1/2013 1:29:58 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
7/1/2013 1:29:58 PM, error: Service Control Manager [7000]  - The Yahoo! Updater service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/1/2013 1:29:58 PM, error: Service Control Manager [7000]  - The SeaPort service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/1/2013 1:29:58 PM, error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/1/2013 1:29:26 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/30/2013 6:07:51 AM, error: Service Control Manager [7000]  - The Google Update Service (gupdate1ca3a1338cbe39a) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/30/2013 6:07:25 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1ca3a1338cbe39a) service to connect.
6/30/2013 6:02:03 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service gupdate1ca3a1338cbe39a with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/30/2013 4:20:46 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
6/30/2013 4:20:46 PM, error: Service Control Manager [7000]  - The AVGIDSAgent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/30/2013 2:29:27 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ViaIde
6/30/2013 2:29:27 AM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
6/30/2013 11:03:44 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
6/30/2013 11:03:44 AM, error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/29/2013 9:09:26 PM, error: Service Control Manager [7034]  - The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
6/29/2013 9:09:22 PM, error: Service Control Manager [7034]  - The Veoh Giraffic Video Accelerator service terminated unexpectedly.  It has done this 1 time(s).
6/26/2013 5:47:14 PM, error: Service Control Manager [7022]  - The AVGIDSAgent service hung on starting.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_16
Run by Andrew Teifke at 14:27:25 on 2013-07-02
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.447.75 [GMT -5:00]
.
AV: AVG Anti-Virus 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe
C:\Program Files\Strongvault Online Backup\SMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe
C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\StrongVault\StrongVaultApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\windows\system32\blank.htm
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uInternet Connection Wizard,ShellNext = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
uProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - c:\windows\system32\ieframe.dll
mWinlogon: Shell = Explorer.exe
mWinlogon: Userinit = c:\windows\system32\userinit.exe,
mWinlogon: SFCDisable = dword:0
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: midicairus Toolbar: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - c:\program files\midicairus\prxtbmid0.dll
TB: midicairus Toolbar: {EFB1E45A-148D-40F9-A3F0-09D5577F9970} - c:\program files\midicairus\prxtbmid0.dll
TB: midicairus Toolbar: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - c:\program files\midicairus\prxtbmid0.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [YouTube Mini] c:\program files\youtubedownloader.org\youtubedownloader\YouTube Mini.exe
uRun: [Messenger] "c:\program files\strongvault online backup\SMessenger.exe"
uRun: [1964emu_099] RUNDLL32.EXE "c:\documents and settings\andrew teifke\local settings\application data\1964emu_099\tlwfmpsl.dll",D3DXQuaternionInverse
uRun: [ROC_ROC_APR2013_AV] c:\documents and settings\andrew teifke\application data\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3d5ae48843d047d688c7d1c98e54ce01-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID ROC_APR2013_AV
uRun: [GameXN GO] "c:\documents and settings\all users\application data\gamexn\GameXNGO.exe" /startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [VTTimer] VTTimer.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DATAMNGR] c:\progra~1\wi3712~1\datamngr\DATAMN~1.EXE
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzYtMTY1NTk1NDMwMi1CQSsxLUtWMys3LVhMKzEtVDEtVUNBTEwrMS1CQVI4RysxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNMTFDKzEtVVBHKzIwMTEtRjhNMTFFKzEtWE8xMCsxMi1MSUMrMi1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVVArNC1TUDFTMisxLVNQMVMzKzEtRERUKzA"&"prod=90"&"ver=10.0.1432
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\StrongVaultApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\strong~1.lnk - c:\documents and settings\andrew teifke\local settings\application data\strongvault\StrongVaultApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HonorAutoRunSetting = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: DisableRegistryTools = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: %SystemRoot%\system32\mswsock.dll
LSP: %SystemRoot%\system32\rsvpsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{D3082BB2-06E5-421C-85FD-1A286CCF2787} : DHCPNameServer = 208.67.222.222 208.67.220.220
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - c:\windows\system32\urlmon.dll
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - c:\windows\system32\shell32.dll
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - c:\windows\system32\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - c:\windows\system32\msvidctl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ipp - <Clsid value has no data>
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - c:\windows\system32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp - <Clsid value has no data>
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - c:\program files\common files\microsoft shared\web components\10\OWC10.DLL
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - c:\windows\system32\mshtml.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - c:\windows\system32\mshtml.dll
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - c:\windows\system32\wiascr.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - c:\program files\windows live\mail\mailcomm.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Notify: crypt32chain - crypt32.dll
Notify: cryptnet - cryptnet.dll
Notify: cscdll - cscdll.dll
Notify: dimsntfy - c:\windows\system32\dimsntfy.dll
Notify: ScCertProp - wlnotify.dll
Notify: Schedule - wlnotify.dll
Notify: sclgntfy - sclgntfy.dll
Notify: SensLogn - WlNotify.dll
Notify: termsrv - wlnotify.dll
Notify: wlballoon - wlnotify.dll
AppInit_DLLs= c:\progra~1\wi3712~1\datamngr\datamngr.dll c:\progra~1\wi3712~1\datamngr\IEBHO.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - c:\windows\system32\shell32.dll
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - c:\docume~1\andrew~1\locals~1\temp\scrncyc\smqpqqw\wow.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - c:\windows\system32\stobject.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - c:\windows\system32\browseui.dll
STS: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - c:\windows\system32\browseui.dll
SEH: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2
mASetup: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - c:\windows\system32\ieudinit.exe
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - c:\windows\inf\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - c:\windows\system32\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
mASetup: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - c:\windows\system32\shmgrate.exe OCInstallUserConfigOE
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - c:\windows\system32\regsvr32.exe /s /n /i:/userinstall c:\windows\system32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msnetmtg.inf,NetMtg.Install.PerUser.NT
mASetup: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msmsgs.inf,BLC.QuietInstall.PerUser
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\wmp11.inf,PerUserStub
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\system32\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\system32\rundll32.exe c:\windows\system32\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - c:\windows\system32\browseui.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\andrew teifke\application data\mozilla\firefox\profiles\tyk68un5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3184201&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=063013
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=063013&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\browserdirprovider.dll
FF - component: c:\program files\mozilla firefox\components\brwsrcmp.dll
FF - plugin: c:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrl.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\windows media player\npdrmv2.dll
FF - plugin: c:\program files\windows media player\npdsplay.dll
FF - plugin: c:\program files\windows media player\npwmsdrm.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
FF - plugin: c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\NPWPF.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32.dll
FF - ExtSQL: 2009-06-29 16:53; {bff829b6-b433-42ce-9a19-e459d3e4e483}; c:\program files\mozilla firefox\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483}
FF - ExtSQL: 2009-11-17 00:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-08-09 18:04; {efb1e45a-148d-40f9-a3f0-09d5577f9970}; c:\documents and settings\andrew teifke\application data\mozilla\firefox\profiles\tyk68un5.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970}
FF - ExtSQL: 2012-08-10 13:29; {972ce4c6-7e08-4474-a285-3208198ce6fd}; c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2012-08-11 19:57; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; c:\documents and settings\andrew teifke\application data\mozilla\firefox\profiles\tyk68un5.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
FF - ExtSQL: 2012-09-19 21:20; ffxtlbr@funmoods.com; c:\documents and settings\andrew teifke\application data\mozilla\firefox\profiles\tyk68un5.default\extensions\ffxtlbr@funmoods.com
FF - ExtSQL: 2012-09-20 15:51; wtxpcom@mybrowserbar.com; c:\program files\common files\spigot\wtxpcom
FF - ExtSQL: 2012-09-20 15:52; ytd@mybrowserbar.com; c:\program files\ytd toolbar\FF
FF - ExtSQL: 2012-12-24 16:37; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\common files\dvdvideosoft\plugins\ff
FF - ExtSQL: 2013-06-30 12:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDzztD0Czz0BtDtByB0FtB0FyC0B0AtN0D0Tzu0CtByCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=444789432
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDzztD0Czz0BtDtByB0FtB0FyC0B0AtN0D0Tzu0CtByCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=444789432
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDzztD0Czz0BtDtByB0FtB0FyC0B0AtN0D0Tzu0CtByCtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=444789432&q=
FF - user.js: extensions.funmoods.id - 0080C8B027F2F6BA
FF - user.js: extensions.funmoods.instlDay - 15602
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:6:2
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;c:\windows\system32\drivers\acpi.sys [2008-4-14 187776]
R0 atapi;Standard IDE/ESDI Hard Disk Controller;c:\windows\system32\drivers\atapi.sys [2008-4-14 96512]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 Disk;Disk Driver;c:\windows\system32\drivers\disk.sys [2008-4-14 36352]
R0 dmio;Logical Disk Manager Driver;c:\windows\system32\drivers\dmio.sys [2008-4-14 153344]
R0 dmload;dmload;c:\windows\system32\drivers\dmload.sys [2001-8-23 5888]
R0 FltMgr;FltMgr;c:\windows\system32\drivers\fltMgr.sys [2009-6-28 129792]
R0 Ftdisk;Volume Manager Driver;c:\windows\system32\drivers\ftdisk.sys [2001-8-23 125056]
R0 isapnp;PnP ISA/EISA Bus Driver;c:\windows\system32\drivers\isapnp.sys [2008-4-14 37248]
R0 KSecDD;KSecDD;c:\windows\system32\drivers\ksecdd.sys [2008-4-14 92928]
R0 MountMgr;MountMgr;c:\windows\system32\drivers\mountmgr.sys [2008-4-14 42368]
R0 Mup;Mup;c:\windows\system32\drivers\mup.sys [2008-4-14 105344]
R0 NDIS;NDIS System Driver;c:\windows\system32\drivers\ndis.sys [2008-4-14 182656]
R0 PartMgr;PartMgr;c:\windows\system32\drivers\partmgr.sys [2008-4-14 19712]
R0 PCI;PCI Bus Driver;c:\windows\system32\drivers\pci.sys [2008-4-14 68224]
R0 PxHelp20;PxHelp20;c:\windows\system32\drivers\PxHelp20.sys [2009-9-20 43528]
R0 sr;System Restore Filter Driver;c:\windows\system32\drivers\sr.sys [2009-6-28 73472]
R0 uagp35;Microsoft AGPv3.5 Filter;c:\windows\system32\drivers\UAGP35.SYS [2009-6-28 44672]
R0 ViaIde;ViaIde;c:\windows\system32\drivers\viaide.sys [2008-4-14 5376]
R0 videX32;videX32;c:\windows\system32\drivers\videX32.sys [2009-6-28 9216]
R0 VolSnap;VolSnap;c:\windows\system32\drivers\volsnap.sys [2008-4-14 52352]
R1 AFD;AFD;c:\windows\system32\drivers\afd.sys [2008-4-14 138496]
R1 AmdK7;AMD K7 Processor Driver;c:\windows\system32\drivers\amdk7.sys [2008-4-13 37760]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 Beep;Beep;c:\windows\system32\drivers\beep.sys [2001-8-23 4224]
R1 Cdrom;CD-ROM Driver;c:\windows\system32\drivers\cdrom.sys [2008-4-14 62976]
R1 Fips;Fips;c:\windows\system32\drivers\fips.sys [2008-4-14 44544]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;c:\windows\system32\drivers\i8042prt.sys [2008-4-14 52480]
R1 Imapi;CD-Burning Filter Driver;c:\windows\system32\drivers\imapi.sys [2008-4-14 42112]
R1 IPSec;IPSEC driver;c:\windows\system32\drivers\ipsec.sys [2008-4-14 75264]
R1 Kbdclass;Keyboard Class Driver;c:\windows\system32\drivers\kbdclass.sys [2008-4-14 24576]
R1 mnmdd;mnmdd;c:\windows\system32\drivers\mnmdd.sys [2001-8-23 4224]
R1 Mouclass;Mouse Class Driver;c:\windows\system32\drivers\mouclass.sys [2008-4-13 23040]
R1 MRxSmb;MRXSMB;c:\windows\system32\drivers\mrxsmb.sys [2008-4-14 455936]
R1 Msfs;Msfs;c:\windows\system32\drivers\msfs.sys [2008-4-14 19072]
R1 NetBIOS;NetBIOS Interface;c:\windows\system32\drivers\netbios.sys [2008-4-14 34688]
R1 NetBT;NetBios over Tcpip;c:\windows\system32\drivers\netbt.sys [2008-4-14 162816]
R1 Npfs;Npfs;c:\windows\system32\drivers\npfs.sys [2008-4-14 30848]
R1 Null;Null;c:\windows\system32\drivers\null.sys [2001-8-23 2944]
R1 RasAcd;Remote Access Auto Connection Driver;c:\windows\system32\drivers\rasacd.sys [2001-8-23 8832]
R1 Rdbss;Rdbss;c:\windows\system32\drivers\rdbss.sys [2008-4-14 175744]
R1 RDPCDD;RDPCDD;c:\windows\system32\drivers\rdpcdd.sys [2001-8-23 4224]
R1 redbook;Digital CD Audio Playback Filter Driver;c:\windows\system32\drivers\redbook.sys [2009-6-28 57600]
R1 Serial;Serial port driver;c:\windows\system32\drivers\serial.sys [2008-4-14 64512]
R1 Tcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\tcpip.sys [2008-4-14 361600]
R1 TermDD;Terminal Device Driver;c:\windows\system32\drivers\termdd.sys [2009-6-28 40840]
R1 VgaSave;VgaSave;c:\windows\system32\drivers\vga.sys [2008-4-14 20992]
R2 Apple Mobile Device;Apple Mobile Device;c:\program files\common files\apple\mobile device support\AppleMobileDeviceService.exe [2011-2-18 37664]
R2 AudioSrv;Windows Audio;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 BITS;Background Intelligent Transfer Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Bonjour Service;Bonjour Service;c:\program files\bonjour\mDNSResponder.exe [2010-10-7 345376]
R2 Browser;Computer Browser;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access;c:\windows\system32\CTSVCCDA.EXE [2009-6-28 44032]
R2 CryptSvc;CryptSvc;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 DcomLaunch;DCOM Server Process Launcher;c:\windows\system32\svchost -k dcomlaunch --> c:\windows\system32\svchost -k DcomLaunch [?]
R2 Dhcp;DHCP Client;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 dmserver;Logical Disk Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Dnscache;DNS Client;c:\windows\system32\svchost.exe -k NetworkService [2008-4-14 14336]
R2 ERSvc;Error Reporting Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Eventlog;Event Log;c:\windows\system32\services.exe [2008-4-14 110592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-24 54760]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 helpsvc;Help and Support;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\java\jre6\bin\jqs.exe [2009-10-12 153376]
R2 LanmanServer;Server;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 lanmanworkstation;Workstation;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 LmHosts;TCP/IP NetBIOS Helper;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 ParVdm;ParVdm;c:\windows\system32\drivers\parvdm.sys [2001-8-23 6784]
R2 PlugPlay;Plug and Play;c:\windows\system32\services.exe [2008-4-14 110592]
R2 PolicyAgent;IPSEC Services;c:\windows\system32\lsass.exe [2008-4-14 13312]
R2 ProtectedStorage;Protected Storage;c:\windows\system32\lsass.exe [2008-4-14 13312]
R2 RemoteRegistry;Remote Registry;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 RpcSs;Remote Procedure Call (RPC);c:\windows\system32\svchost -k rpcss --> c:\windows\system32\svchost -k rpcss [?]
R2 SamSs;Security Accounts Manager;c:\windows\system32\lsass.exe [2008-4-14 13312]
R2 Schedule;Task Scheduler;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2010-5-14 249136]
R2 seclogon;Secondary Logon;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 SENS;System Event Notification;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 ShellHWDetection;Shell Hardware Detection;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 Spooler;Print Spooler;c:\windows\system32\spoolsv.exe [2008-4-14 58880]
R2 srservice;System Restore Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 stisvc;Windows Image Acquisition (WIA);c:\windows\system32\svchost.exe -k imgsvc [2008-4-14 14336]
R2 Themes;Themes;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 TrkWks;Distributed Link Tracking Client;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 W32Time;Windows Time;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 WebClient;WebClient;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 winmgmt;Windows Management Instrumentation;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 wscsvc;Security Center;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 WZCSVC;Wireless Zero Configuration;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 AIRPLUS;D-Link AirPlus Wireless Adapter;c:\windows\system32\drivers\AIRPLUS.sys [2009-6-28 255360]
R3 audstub;Audio Stub Driver;c:\windows\system32\drivers\audstub.sys [2009-6-28 3072]
R3 ctsfm2k;Creative SoundFont Management Device Driver;c:\windows\system32\drivers\ctsfm2k.sys [2005-1-10 138752]
R3 EventSystem;COM+ Event System;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 FastUserSwitchingCompatibility;Fast User Switching Compatibility;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 Fdc;Floppy Disk Controller Driver;c:\windows\system32\drivers\fdc.sys [2008-4-14 27392]
R3 Flpydisk;Floppy Disk Driver;c:\windows\system32\drivers\flpydisk.sys [2008-4-14 20480]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;c:\windows\system32\drivers\GEARAspiWDM.sys [2011-2-25 26600]
R3 Gpc;Generic Packet Classifier;c:\windows\system32\drivers\msgpc.sys [2008-4-14 35072]
R3 HTTP;HTTP;c:\windows\system32\drivers\http.sys [2008-4-14 265728]
R3 ltmodem5;LT Modem Driver;c:\windows\system32\drivers\ltmdmnt.sys [2009-6-28 625537]
R3 Modem;Modem;c:\windows\system32\drivers\modem.sys [2008-4-13 30080]
R3 MRxDAV;WebDav Client Redirector;c:\windows\system32\drivers\mrxdav.sys [2008-4-14 180608]
R3 mssmbios;Microsoft System Management BIOS Driver;c:\windows\system32\drivers\mssmbios.sys [2008-4-13 15488]
R3 NdisTapi;Remote Access NDIS TAPI Driver;c:\windows\system32\drivers\ndistapi.sys [2008-4-14 10112]
R3 Ndisuio;NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ndisuio.sys [2008-4-13 14592]
R3 NdisWan;Remote Access NDIS WAN Driver;c:\windows\system32\drivers\ndiswan.sys [2008-4-14 91520]
R3 NDProxy;NDIS Proxy;c:\windows\system32\drivers\ndproxy.sys [2008-4-14 40960]
R3 Netman;Network Connections;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 Nla;Network Location Awareness (NLA);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 ossrv;Creative OS Services Driver;c:\windows\system32\drivers\ctoss2k.sys [2005-1-10 106496]
R3 P17;Sound Blaster Audigy;c:\windows\system32\drivers\P17.sys [2005-7-7 1389056]
R3 Parport;Parallel port driver;c:\windows\system32\drivers\parport.sys [2008-4-13 80128]
R3 PptpMiniport;WAN Miniport (PPTP);c:\windows\system32\drivers\raspptp.sys [2008-4-14 48384]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
R3 Ptilink;Direct Parallel Link Driver;c:\windows\system32\drivers\ptilink.sys [2001-8-23 17792]
R3 Rasl2tp;WAN Miniport (L2TP);c:\windows\system32\drivers\rasl2tp.sys [2008-4-14 51328]
R3 RasMan;Remote Access Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 RasPppoe;Remote Access PPPOE Driver;c:\windows\system32\drivers\raspppoe.sys [2008-4-14 41472]
R3 Raspti;Direct Parallel;c:\windows\system32\drivers\raspti.sys [2001-8-23 16512]
R3 rdpdr;Terminal Server Device Redirector Driver;c:\windows\system32\drivers\rdpdr.sys [2009-6-28 196224]
R3 serenum;Serenum Filter Driver;c:\windows\system32\drivers\serenum.sys [2008-4-14 15744]
R3 Srv;Srv;c:\windows\system32\drivers\srv.sys [2008-4-14 357888]
R3 SSDPSRV;SSDP Discovery Service;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
R3 swenum;Software Bus Driver;c:\windows\system32\drivers\swenum.sys [2008-4-13 4352]
R3 sysaudio;Microsoft Kernel System Audio Device;c:\windows\system32\drivers\sysaudio.sys [2009-6-28 60800]
R3 TapiSrv;Telephony;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 TermService;Terminal Services;c:\windows\system32\svchost -k dcomlaunch --> c:\windows\system32\svchost -k DComLaunch [?]
R3 Update;Microcode Update Driver;c:\windows\system32\drivers\update.sys [2008-4-14 384768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;c:\windows\system32\drivers\usbehci.sys [2008-4-14 30208]
R3 usbhub;USB2 Enabled Hub;c:\windows\system32\drivers\usbhub.sys [2008-4-14 59520]
R3 USBSTOR;USB Mass Storage Driver;c:\windows\system32\drivers\USBSTOR.SYS [2009-6-28 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;c:\windows\system32\drivers\usbuhci.sys [2008-4-14 20608]
R3 viagfx;viagfx;c:\windows\system32\drivers\vtmini.sys [2009-6-28 134144]
R3 Wanarp;Remote Access IP ARP Driver;c:\windows\system32\drivers\wanarp.sys [2008-4-14 34560]
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;c:\windows\system32\drivers\wdmaud.sys [2009-6-28 83072]
R4 Cdfs;Cdfs;c:\windows\system32\drivers\cdfs.sys [2008-4-14 63744]
R4 Fastfat;Fastfat;c:\windows\system32\drivers\fastfat.sys [2008-4-14 143744]
R4 Ntfs;Ntfs;c:\windows\system32\drivers\ntfs.sys [2008-4-14 574976]
S1 Cdaudio;Cdaudio;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]
S1 Changer;Changer; [x]
S1 i2omgmt;i2omgmt; [x]
S1 lbrtfdc;lbrtfdc; [x]
S1 PCIDump;PCIDump; [x]
S1 Sfloppy;Sfloppy;c:\windows\system32\drivers\sfloppy.sys [2008-4-14 11392]
S2 gupdate1ca3a1338cbe39a;Google Update Service (gupdate1ca3a1338cbe39a);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 aec;Microsoft Kernel Acoustic Echo Canceller;c:\windows\system32\drivers\aec.sys [2009-6-28 142592]
S3 ALG;Application Layer Gateway Service;c:\windows\system32\alg.exe [2008-4-14 44544]
S3 AppMgmt;Application Management;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 aspnet_state;ASP.NET State Service;c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [2008-7-25 34312]
S3 AsyncMac;RAS Asynchronous Media Driver;c:\windows\system32\drivers\asyncmac.sys [2008-4-14 14336]
S3 Atmarpc;ATM ARP Client Protocol;c:\windows\system32\drivers\atmarpc.sys [2008-4-14 59904]
S3 catchme;catchme;\??\c:\docume~1\andrew~1\locals~1\temp\catchme.sys --> c:\docume~1\andrew~1\locals~1\temp\catchme.sys [?]
S3 CiSvc;Indexing Service;c:\windows\system32\cisvc.exe [2008-4-14 5632]
S3 ClipSrv;ClipBook;c:\windows\system32\clipsrv.exe [2008-4-14 33280]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [2008-7-25 69632]
S3 COMSysApp;COM+ System Application;c:\windows\system32\dllhost.exe [2008-4-14 5120]
S3 dmadmin;Logical Disk Manager Administrative Service;c:\windows\system32\dmadmin.exe [2008-4-14 224768]
S3 DMusic;Microsoft Kernel DLS Syntheiszer;c:\windows\system32\drivers\DMusic.sys [2009-6-28 52864]
S3 Dot3svc;Wired AutoConfig;c:\windows\system32\svchost.exe -k dot3svc [2008-4-14 14336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;c:\windows\system32\drivers\drmkaud.sys [2009-6-28 2944]
S3 EapHost;Extensible Authentication Protocol Service;c:\windows\system32\svchost.exe -k eapsvcs [2008-4-14 14336]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;c:\windows\microsoft.net\framework\v3.0\wpf\PresentationFontCache.exe [2008-7-29 46104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 hkmsvc;Health Key and Certificate Management Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 HTTPFilter;HTTP SSL;c:\windows\system32\svchost.exe -k HTTPFilter [2008-4-14 14336]
S3 idsvc;Windows CardSpace;c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe [2008-7-29 881664]
S3 ImapiService;IMAPI CD-Burning COM Service;c:\windows\system32\imapi.exe [2008-4-14 150528]
S3 Ip6Fw;IPv6 Windows Firewall Driver;c:\windows\system32\drivers\ip6fw.sys [2008-4-14 36608]
S3 IpFilterDriver;IP Traffic Filter Driver;c:\windows\system32\drivers\ipfltdrv.sys [2001-8-23 32896]
S3 IpInIp;IP in IP Tunnel Driver;c:\windows\system32\drivers\ipinip.sys [2008-4-14 20864]
S3 IpNat;IP Network Address Translator;c:\windows\system32\drivers\ipnat.sys [2008-4-14 152832]
S3 iPod Service;iPod Service;c:\program files\ipod\bin\iPodService.exe [2011-3-7 820520]
S3 IRENUM;IR Enumerator Service;c:\windows\system32\drivers\irenum.sys [2009-6-28 11264]
S3 kmixer;Microsoft Kernel Wave Audio Mixer;c:\windows\system32\drivers\kmixer.sys [2009-6-28 172416]
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;c:\windows\system32\mnmsrvc.exe [2009-6-28 32768]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-10 115608]
S3 MSDTC;Distributed Transaction Coordinator;c:\windows\system32\msdtc.exe [2009-6-28 6144]
S3 MSIServer;Windows Installer;c:\windows\system32\msiexec.exe [2008-4-14 78848]
S3 MSKSSRV;Microsoft Streaming Service Proxy;c:\windows\system32\drivers\MSKSSRV.sys [2009-6-28 7552]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;c:\windows\system32\drivers\MSPCLOCK.sys [2009-6-28 5376]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;c:\windows\system32\drivers\MSPQM.sys [2009-6-28 4992]
S3 napagent;Network Access Protection Agent;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Netlogon;Net Logon;c:\windows\system32\lsass.exe [2008-4-14 13312]
S3 NtLmSsp;NT LM Security Support Provider;c:\windows\system32\lsass.exe [2008-4-14 13312]
S3 NtmsSvc;Removable Storage;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 NwlnkFlt;IPX Traffic Filter Driver;c:\windows\system32\drivers\nwlnkflt.sys [2001-8-23 12416]
S3 NwlnkFwd;IPX Traffic Forwarder Driver;c:\windows\system32\drivers\nwlnkfwd.sys [2001-8-23 32512]
S3 PDCOMP;PDCOMP; [x]
S3 PDFRAME;PDFRAME; [x]
S3 PDRELI;PDRELI; [x]
S3 PDRFRAME;PDRFRAME; [x]
S3 RasAuto;Remote Access Auto Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 RDPWD;RDPWD;c:\windows\system32\drivers\rdpwd.sys [2009-6-28 139656]
S3 RDSessMgr;Remote Desktop Help Session Manager;c:\windows\system32\sessmgr.exe [2009-6-28 141312]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;c:\windows\system32\locator.exe [2008-4-14 75264]
S3 RSVP;QoS RSVP;c:\windows\system32\rsvp.exe [2001-8-23 132608]
S3 SCardSvr;Smart Card;c:\windows\system32\scardsvr.exe [2008-4-14 95744]
S3 Secdrv;Secdrv;c:\windows\system32\drivers\secdrv.sys [2008-4-13 20480]
S3 splitter;Microsoft Kernel Audio Splitter;c:\windows\system32\drivers\splitter.sys [2009-6-28 6272]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer;c:\windows\system32\drivers\swmidi.sys [2009-6-28 56576]
S3 SwPrv;MS Software Shadow Copy Provider;c:\windows\system32\dllhost.exe [2008-4-14 5120]
S3 SysmonLog;Performance Logs and Alerts;c:\windows\system32\smlogsvc.exe [2008-4-14 89600]
S3 TDPIPE;TDPIPE;c:\windows\system32\drivers\tdpipe.sys [2009-6-28 12040]
S3 TDTCP;TDTCP;c:\windows\system32\drivers\tdtcp.sys [2009-6-28 21896]
S3 TlntSvr;Telnet;c:\windows\system32\tlntsvr.exe [2008-4-14 73216]
S3 upnphost;Universal Plug and Play Device Host;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
S3 UPS;Uninterruptible Power Supply;c:\windows\system32\ups.exe [2008-4-14 18432]
S3 usbprint;Microsoft USB PRINTER Class;c:\windows\system32\drivers\usbprint.sys [2002-12-31 25856]
S3 usbscan;USB Scanner Driver;c:\windows\system32\drivers\usbscan.sys [2009-8-16 15104]
S3 VSS;Volume Shadow Copy;c:\windows\system32\vssvc.exe [2008-4-14 289792]
S3 WDICA;WDICA; [x]
S3 WmdmPmSN;Portable Media Serial Number Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Wmi;Windows Management Instrumentation Driver Extensions;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WmiApSrv;WMI Performance Adapter;c:\windows\system32\wbem\wmiapsrv.exe [2009-6-28 126464]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service;c:\program files\windows media player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;c:\windows\system32\drivers\WudfPf.sys [2006-9-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;c:\windows\system32\drivers\WudfRd.sys [2006-9-28 82944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;c:\windows\system32\svchost.exe -k WudfServiceGroup [2008-4-14 14336]
S3 xmlprov;Network Provisioning Service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 Abiosdsk;Abiosdsk; [x]
S4 abp480n5;abp480n5; [x]
S4 ACPIEC;ACPIEC;c:\windows\system32\drivers\acpiec.sys [2001-8-23 11648]
S4 adpu160m;adpu160m; [x]
S4 Aha154x;Aha154x; [x]
S4 aic78u2;aic78u2; [x]
S4 aic78xx;aic78xx; [x]
S4 Alerter;Alerter;c:\windows\system32\svchost.exe -k LocalService [2008-4-14 14336]
S4 AliIde;AliIde; [x]
S4 amsint;amsint; [x]
S4 asc;asc; [x]
S4 asc3350p;asc3350p; [x]
S4 asc3550;asc3550; [x]
S4 Atdisk;Atdisk; [x]
S4 cbidf2k;cbidf2k;c:\windows\system32\drivers\cbidf2k.sys [2001-8-23 13952]
S4 cd20xrnt;cd20xrnt; [x]
S4 CmdIde;CmdIde; [x]
S4 Cpqarray;Cpqarray; [x]
S4 dac960nt;dac960nt; [x]
S4 dmboot;dmboot;c:\windows\system32\drivers\dmboot.sys [2008-4-14 799744]
S4 dpti2o;dpti2o; [x]
S4 HidServ;Human Interface Device Access;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 hpn;hpn; [x]
S4 i2omp;i2omp; [x]
S4 ini910u;ini910u; [x]
S4 IntelIde;IntelIde; [x]
S4 Messenger;Messenger;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 mraid35x;mraid35x; [x]
S4 NetDDE;Network DDE;c:\windows\system32\netdde.exe [2008-4-14 111104]
S4 NetDDEdsdm;Network DDE DSDM;c:\windows\system32\netdde.exe [2008-4-14 111104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;c:\windows\microsoft.net\framework\v3.0\windows communication foundation\SMSvcHost.exe [2008-7-29 132096]
S4 PCIIde;PCIIde; [x]
S4 Pcmcia;Pcmcia;c:\windows\system32\drivers\pcmcia.sys [2008-4-14 120192]
S4 perc2;perc2; [x]
S4 perc2hib;perc2hib; [x]
S4 ql1080;ql1080; [x]
S4 Ql10wnt;Ql10wnt; [x]
S4 ql12160;ql12160; [x]
S4 ql1240;ql1240; [x]
S4 ql1280;ql1280; [x]
S4 RemoteAccess;Routing and Remote Access;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 SharedAccess;Windows Firewall/Internet Connection Sharing (ICS);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 Simbad;Simbad; [x]
S4 Sparrow;Sparrow; [x]
S4 sym_hi;sym_hi; [x]
S4 sym_u3;sym_u3; [x]
S4 symc810;symc810; [x]
S4 symc8xx;symc8xx; [x]
S4 TosIde;TosIde; [x]
S4 Udfs;Udfs;c:\windows\system32\drivers\udfs.sys [2008-4-14 66048]
S4 ultra;ultra; [x]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: ComFile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="c:\windows\hh.exe" %1
FileExt: .ini: inifile=c:\windows\system32\NOTEPAD.EXE %1
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1
ShellExec: 1964 V 0.8.5.exe: open="e:\games\n64\1964_084\1964 V 0.8.5.exe" "%1"
ShellExec: 1964 V 0.9.exe: open="e:\games\n64\1964_084\1964 V 0.9.exe" "%1"
ShellExec: 1964.exe: open="e:\games\n64\1964 9.9.0\099\1964.exe" "%1"
ShellExec: avgemcx.exe: open="c:\program files\avg\avg10\avgemcx.exe" "%1"
ShellExec: avgui.exe: open="c:\program files\avg\avg10\avgui.exe" "%1"
ShellExec: calc.exe: open="c:\windows\system32\calc.exe" "%1"
ShellExec: Crazy Browser.exe: open="c:\program files\crazy browser\Crazy Browser.exe" "%1"
ShellExec: CTCMSu.exe: Open="c:\program files\creative\mediasource5\CTCMSu.exe" /PlayNow "%L"
ShellExec: CTCMSu.exe: Play="c:\program files\creative\mediasource5\CTCMSu.exe" /PlayNow "%L"
ShellExec: DeSmuME 0.3.6.exe: open="e:\games\nintendo ds\ndesmume\DeSmuME 0.3.6.exe" "%1"
ShellExec: DeSmuME.exe: open="e:\games\nintendo ds\desmume 0.9.8\DeSmuME.exe" "%1"
ShellExec: DeSmuME_x64.exe: open="e:\games\nintendo ds\DeSmuME_x64.exe" "%1"
ShellExec: dsemu.exe: open="e:\games\nintendo ds\nds 0.4.8\dsemu.exe" "%1"
ShellExec: dualis.exe: open="e:\games\nintendo ds\dualis v19.1\dualis.exe" "%1"
ShellExec: Firefox Setup 14.0.1.exe: open="e:\games\nintendo ds\Firefox Setup 14.0.1.exe" "%1"
ShellExec: firefox.exe: open="c:\program files\mozilla firefox\firefox.exe" "%1"
ShellExec: free-youtube-downloader.exe: open="c:\documents and settings\andrew teifke\my documents\downloads\free-youtube-downloader.exe" "%1"
ShellExec: FreeYouTubeDownload.exe: open="c:\documents and settings\andrew teifke\my documents\downloads\FreeYouTubeDownload.exe" "%1"
ShellExec: FreeYTVDownloader.exe: open="c:\program files\dvdvideosoft\free youtube download\FreeYTVDownloader.exe" "%1"
ShellExec: ideas.exe: open="e:\games\nintendo ds\ideas 1.0.0.8\ideas.exe" "%1"
ShellExec: iexplore.exe: open="c:\program files\internet explorer\IEXPLORE.EXE" %1
ShellExec: ilivid.exe: open="c:\program files\ilivid\ilivid.exe" "%1"
ShellExec: iTunes.exe: open="c:\program files\itunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="c:\program files\itunes\iTunes.exe" /play "%L"
ShellExec: iTunesSetup.exe: open="c:\documents and settings\andrew teifke\desktop\iTunesSetup.exe" "%1"
ShellExec: mbam.exe: open="c:\program files\malwarebytes' anti-malware\mbam.exe" "%1"
ShellExec: moviemk.exe: open="c:\program files\movie maker\moviemk.exe" "%1"
ShellExec: msmsgs.exe: open="c:\program files\messenger\msmsgs.exe" "%1"
ShellExec: mspaint.exe: edit="c:\windows\system32\mspaint.exe" "%1"
ShellExec: NDeSmuME.exe: open="e:\games\nintendo ds\desmume 0.4.0\NDeSmuME.exe" "%1"
ShellExec: NO$GBA.EXE: open="e:\games\nintendo ds\no$gba\NO$GBA.EXE" "%1"
ShellExec: notepad.exe: edit=c:\windows\system32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=c:\windows\system32\NOTEPAD.EXE %1
ShellExec: Project64.exe: open="e:\games\n64\project 64\Project64.exe" "%1"
ShellExec: QuickTimeInstaller.exe: open="c:\documents and settings\andrew teifke\desktop\QuickTimeInstaller.exe" "%1"
ShellExec: QuickTimePlayer.exe: open=c:\program files\quicktime\QuickTimePlayer.exe "%1"
ShellExec: RealPlayer.exe: open="c:\documents and settings\andrew teifke\my documents\downloads\RealPlayer.exe" "%1"
ShellExec: rstrui.exe: open="c:\windows\system32\restore\rstrui.exe" "%1"
ShellExec: SAFlashPlayer.exe: open=c:\program files\macromedia\flash 8\players\SAFlashPlayer.exe "%1"
ShellExec: setup.exe: open="c:\documents and settings\andrew teifke\my documents\downloads\setup.exe" "%1"
ShellExec: shimgvw.dll: open=rundll32.exe c:\windows\system32\shimgvw.dll,ImageView_Fullscreen %1
ShellExec: shimgvw.dll: print=rundll32.exe c:\windows\system32\shimgvw.dll,ImageView_Fullscreen %1
ShellExec: Skype.exe: open="c:\program files\skype\phone\Skype.exe" "%1"
ShellExec: sndrec32.exe: open="c:\windows\system32\sndrec32.exe" "%1"
ShellExec: sndvol32.exe: open="c:\windows\system32\sndvol32.exe" "%1"
ShellExec: SoftonicDownloader_for_desmume.exe: open="e:\games\nintendo ds\SoftonicDownloader_for_desmume.exe" "%1"
ShellExec: TubeSucker.exe: open="c:\program files\tubesucker\TubeSucker.exe" "%1"
ShellExec: uninstall.exe: open="c:\program files\videolan\vlc\uninstall.exe" "%1"
ShellExec: VirtualDub.exe: open="c:\program files\virtualdub-1.9.11\VirtualDub.exe" "%1"
ShellExec: VisualBoyAdvance.exe: open="e:\games\advance\visablboy\VisualBoyAdvance.exe" "%1"
ShellExec: vlcmediaplayer-setup.exe: open="c:\documents and settings\andrew teifke\my documents\downloads\vlcmediaplayer-setup.exe" "%1"
ShellExec: WAV MP3 Converter.lnk: open="c:\documents and settings\all users\desktop\WAV MP3 Converter.lnk" %1
ShellExec: WinRAR.exe: open="c:\program files\winrar\WinRAR.exe" "%1"
ShellExec: WINWORD.EXE: edit="c:\program files\microsoft office\office10\WINWORD.EXE" /n /dde
ShellExec: WLXPhotoViewer.dll: open=c:\program files\windows live\photo gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open=c:\program files\windows media player\wmplayer.exe /Open "%L"
ShellExec: wmplayer.exe: play=c:\program files\windows media player\wmplayer.exe /Play "%L"
ShellExec: wordpad.exe: open="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1"
ShellExec: YahooMessenger.exe: open="c:\program files\yahoo!\messenger\YahooMessenger.exe" "%1"
ShellExec: YTD Video Downloader.lnk: open="c:\documents and settings\all users\desktop\YTD Video Downloader.lnk" %1
ShellExec: ytd.exe: open="c:\program files\greentree applications\ytd video downloader\ytd.exe" "%1"
ShellExec: YTDSetup.exe: open="c:\documents and settings\andrew teifke\my documents\downloads\YTDSetup.exe" "%1"
ShellExec: zsnesw.exe: open="e:\games\snes\zsnesw.exe" "%1"
.
=============== Created Last 60 ================
.
2013-07-01 01:54:09    --------    d-----w-    c:\program files\common files\Skype
2013-07-01 00:29:47    --------    dc-h--w-    c:\windows\ie8
2013-06-30 16:01:14    362029    ----a-w-    c:\documents and settings\andrew teifke\sqlite3.dll
2013-06-30 02:52:39    --------    d-----w-    c:\documents and settings\andrew teifke\application data\AVG2013
2013-06-30 02:48:27    --------    d--h--w-    C:\$AVG
2013-06-30 02:48:26    --------    d-----w-    c:\documents and settings\all users\application data\AVG2013
2013-06-30 01:16:07    --------    d-----w-    c:\documents and settings\andrew teifke\application data\TuneUp Software
2013-06-30 00:22:36    --------    d-----w-    c:\documents and settings\andrew teifke\local settings\application data\MFAData
2013-06-30 00:22:36    --------    d-----w-    c:\documents and settings\andrew teifke\local settings\application data\Avg2013
2013-06-20 02:53:36    --------    d-----w-    C:\Config.Msi
2013-05-14 18:31:10    6128760    ----a-w-    c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-05-14 18:31:10    6128760    ----a-w-    c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find6M  ====================
.
2013-04-04 19:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500630A rev.3.AAF -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x841D44B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x841db93c]; MOV EAX, [0x841dbab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8436C030]
3 CLASSPNP[0xF752BFD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005f[0x8437EF18]
5 ACPI[0xF74A2620] -> nt!IofCallDriver[0x804E37D5] -> [0x843803C0]
\Driver\atapi[0x836C4570] -> IRP_MJ_CREATE -> 0x841D44B1
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x841D42E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:30:33.65 ===============
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 03 July 2013 - 12:25 PM



Hello Houka

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 03 July 2013 - 01:47 PM

No issue came up so far.

 

# AdwCleaner v2.304 - Logfile created 07/03/2013 at 13:10:17
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andrew Teifke - ATEIFKE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andrew Teifke\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\Searchqu.ini
File Deleted : C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\searchplugins\GoogleFeed.xml
File Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\searchplugins\search.xml
File Deleted : C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\funmoods-speeddial.crx
Folder Deleted : C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\CT3184201
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Funmoods
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\CT3184201
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\extensions\{efb1e45a-148d-40f9-a3f0-09d5577f9970}
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\midicairus
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Andrew Teifke\Start Menu\Programs\Ilivid
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\midicairus
Folder Deleted : C:\Program Files\Windows iLivid Toolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI3712~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI3712~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Dealio
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Dealio
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Key Deleted : HKCU\Software\midicairus
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{156F4006-0999-4E54-9ED3-B7B064D3DD0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3184201
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EE4B749-82E9-4907-B8CF-ECEF7DA6DE74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C096E10E-29D5-4015-AC15-00E3BA914908}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\midicairus Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{156F4006-0999-4E54-9ED3-B7B064D3DD0A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23A03A6765D10864EB278629A2DF32C3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C2D840AB81518B4E8007294C43143F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A4FCCE032CA50340A6975C92410AE30
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6059D61EECDC80945A4F394A2796D98A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6334ACC8923CC1241ACEAD4E9F158639
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E00D9B24354FBA44AE2CA0FA86EF2E2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C13F41728A69EF41AA1A3372FB86FA6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\81EC02DB04E46864B82B67EE402176C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B92A2929968AED344BD6B34AD60E6604
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D1DC57F55B9713541BF737FD481087A8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2BDC886A30209F4EBE1141B470A8090
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\midicairus Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\Software\midicairus
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchquMediabarTb
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EFB1E45A-148D-40F9-A3F0-09D5577F9970}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EFB1E45A-148D-40F9-A3F0-09D5577F9970}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\prefs.js

C:\Documents and Settings\Andrew Teifke\Application Data\Mozilla\Firefox\Profiles\tyk68un5.default\user.js ... Deleted !

Deleted : user_pref("CT2653012..clientLogIsEnabled", true);
Deleted : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129653180391256971", true);
Deleted : user_pref("CT2653012.CTID", "ct2653012");
Deleted : user_pref("CT2653012.CurrentServerDate", "20-11-2011");
Deleted : user_pref("CT2653012.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2653012.DialogsGetterLastCheckTime", "Thu Nov 17 2011 15:29:36 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT2653012.DownloadReferralCookieData", "");
Deleted : user_pref("CT2653012.FirstServerDate", "3-7-2011");
Deleted : user_pref("CT2653012.FirstTime", true);
Deleted : user_pref("CT2653012.FirstTimeFF3", true);
Deleted : user_pref("CT2653012.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2653012.HasUserGlobalKeys", true);
Deleted : user_pref("CT2653012.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2653012.Initialize", true);
Deleted : user_pref("CT2653012.InitializeCommonPrefs", true);
Deleted : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2653012.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2653012.InstalledDate", "Sun Jul 03 2011 15:58:10 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2653012.IsAlertDBUpdated", true);
Deleted : user_pref("CT2653012.IsGrouping", false);
Deleted : user_pref("CT2653012.IsInitSetupIni", true);
Deleted : user_pref("CT2653012.IsMulticommunity", false);
Deleted : user_pref("CT2653012.IsOpenThankYouPage", false);
Deleted : user_pref("CT2653012.IsOpenUninstallPage", true);
Deleted : user_pref("CT2653012.IsProtectorsInit", true);
Deleted : user_pref("CT2653012.LanguagePackLastCheckTime", "Sun Jul 03 2011 15:58:32 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2653012.LastLogin_3.5.0.12", "Sun Nov 20 2011 09:42:23 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2653012.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT2653012.Locale", "en");
Deleted : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2653012.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2653012.RadioIsPodcast", false);
Deleted : user_pref("CT2653012.RadioMediaID", "21806912");
Deleted : user_pref("CT2653012.RadioMediaType", "Media Player");
Deleted : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Deleted : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2653012.SavedHomepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CT2653012.SearchBoxWidth", 150);
Deleted : user_pref("CT2653012.SearchEngineBeforeUnload", "Veoh Web Player Customized Web Search");
Deleted : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Deleted : user_pref("CT2653012.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Sun Jul 03 2011 15:58:33 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2653012.SearchProtectorEnabled", true);
Deleted : user_pref("CT2653012.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2653012.ServiceMapLastCheckTime", "Sat Nov 19 2011 16:03:32 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT2653012.SettingsLastCheckTime", "Sun Jul 03 2011 15:58:08 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2653012.SettingsLastUpdate", "1307440476");
Deleted : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Sun Jul 03 2011 15:58:08 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Deleted : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2653012.UserID", "UN10901584371606698");
Deleted : user_pref("CT2653012.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2653012.alertChannelId", "1045667");
Deleted : user_pref("CT2653012.backendstorage.cbfirsttime", "576564204E6F7620303920323031312031333A33393A30352[...]
Deleted : user_pref("CT2653012.backendstorage.ct2653012ads1", "25374225323261647325323225334125354225374225323[...]
Deleted : user_pref("CT2653012.backendstorage.ct2653012current_term", "547562657375636B6572");
Deleted : user_pref("CT2653012.backendstorage.ct2653012sdate", "3230");
Deleted : user_pref("CT2653012.backendstorage.url_history", "687474703A2F2F79616F692E792D67616C6C6572792E6E657[...]
Deleted : user_pref("CT2653012.backendstorage.url_history_time", "31333231383039373136353032");
Deleted : user_pref("CT2653012.ct2653012.AppTrackingLastCheckTime", "Sun Nov 20 2011 09:42:27 GMT-0600 (Centra[...]
Deleted : user_pref("CT2653012.ct2653012.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2653012.ct2653012.InvalidateCache", false);
Deleted : user_pref("CT2653012.ct2653012.LanguagePackLastCheckTime", "Sat Nov 19 2011 16:03:38 GMT-0600 (Centr[...]
Deleted : user_pref("CT2653012.ct2653012.Locale", "en");
Deleted : user_pref("CT2653012.ct2653012.RadioLastCheckTime", "Sat Nov 19 2011 16:03:38 GMT-0600 (Central Stan[...]
Deleted : user_pref("CT2653012.ct2653012.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2653012.ct2653012.RadioLastUpdateServer", "129438915777300000");
Deleted : user_pref("CT2653012.ct2653012.SearchInNewTabLastCheckTime", "Sat Nov 19 2011 16:03:32 GMT-0600 (Cen[...]
Deleted : user_pref("CT2653012.ct2653012.SettingsLastCheckTime", "Sun Nov 20 2011 09:41:43 GMT-0600 (Central S[...]
Deleted : user_pref("CT2653012.ct2653012.SettingsLastUpdate", "1321282734");
Deleted : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastCheck", "Tue Nov 08 2011 14:02:21 GMT-0600 (C[...]
Deleted : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2653012.ct2653012.globalFirstTimeInfoLastCheckTime", "Sun Nov 20 2011 09:42:23 GMT-0600[...]
Deleted : user_pref("CT2653012.ct2653012.toolbarAppMetaDataLastCheckTime", "Sat Nov 19 2011 16:03:38 GMT-0600 [...]
Deleted : user_pref("CT2653012.ct2653012.toolbarContextMenuLastCheckTime", "Sun Nov 06 2011 19:18:25 GMT-0600 [...]
Deleted : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Sun Jul 03 2011 15:58:42 GMT-0500 (Central [...]
Deleted : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2653012.initDone", true);
Deleted : user_pref("CT2653012.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2653012.isFirstRadioInstallation", false);
Deleted : user_pref("CT2653012.myStuffEnabled", true);
Deleted : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,111,129518362214439676,129[...]
Deleted : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2653012.testingCtid", "");
Deleted : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Sun Jul 03 2011 15:58:45 GMT-0500 (Central D[...]
Deleted : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Sun Jul 03 2011 15:58:32 GMT-0500 (Central D[...]
Deleted : user_pref("CT2653012.usagesFlag", 1);
Deleted : user_pref("CT3184201..clientLogIsEnabled", false);
Deleted : user_pref("CT3184201..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3184201..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3184201.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3184201.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3184201.AppTrackingLastCheckTime", "Thu Aug 09 2012 18:06:29 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT3184201.BrowserCompStateIsOpen_129724205037270565", true);
Deleted : user_pref("CT3184201.BrowserCompStateIsOpen_129724205037426813", true);
Deleted : user_pref("CT3184201.BrowserCompStateIsOpen_1330956386000", true);
Deleted : user_pref("CT3184201.BrowserCompStateIsOpen_6565815752657123216", true);
Deleted : user_pref("CT3184201.CTID", "CT3184201");
Deleted : user_pref("CT3184201.CurrentServerDate", "10-8-2012");
Deleted : user_pref("CT3184201.DSInstall", true);
Deleted : user_pref("CT3184201.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3184201.DialogsGetterLastCheckTime", "Thu Aug 09 2012 18:06:30 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT3184201.DownloadReferralCookieData", "");
Deleted : user_pref("CT3184201.EMailNotifierPollDate", "Thu Aug 09 2012 18:14:21 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT3184201.EnableClickToSearchBox", false);
Deleted : user_pref("CT3184201.EnableSearchHistory", false);
Deleted : user_pref("CT3184201.EnableSearchSuggest", false);
Deleted : user_pref("CT3184201.ExternalComponentPollDate5342832749374672449", "Thu Aug 09 2012 18:17:34 GMT-05[...]
Deleted : user_pref("CT3184201.FeedLastCount129724205037739308", 200);
Deleted : user_pref("CT3184201.FeedPollDate129237173390688207", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129237173390688210", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238703378572556", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238703378572557", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238703378572558", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238703378572559", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238703378572560", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238824209885828", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238824209885829", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedPollDate129238824209885830", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Da[...]
Deleted : user_pref("CT3184201.FeedTTL129237173390688207", 40);
Deleted : user_pref("CT3184201.FeedTTL129237173390688210", 40);
Deleted : user_pref("CT3184201.FeedTTL129238703378572556", 40);
Deleted : user_pref("CT3184201.FeedTTL129238703378572557", 40);
Deleted : user_pref("CT3184201.FeedTTL129238703378572558", 40);
Deleted : user_pref("CT3184201.FeedTTL129238703378572559", 40);
Deleted : user_pref("CT3184201.FeedTTL129238703378572560", 40);
Deleted : user_pref("CT3184201.FeedTTL129238824209885828", 40);
Deleted : user_pref("CT3184201.FeedTTL129238824209885829", 40);
Deleted : user_pref("CT3184201.FeedTTL129238824209885830", 40);
Deleted : user_pref("CT3184201.FirstServerDate", "10-8-2012");
Deleted : user_pref("CT3184201.FirstTime", true);
Deleted : user_pref("CT3184201.FirstTimeFF3", true);
Deleted : user_pref("CT3184201.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3184201.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3184201.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3184201.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3184201.HPInstall", true);
Deleted : user_pref("CT3184201.HasUserGlobalKeys", true);
Deleted : user_pref("CT3184201.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3184201.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3184201&SearchSource=[...]
Deleted : user_pref("CT3184201.Initialize", true);
Deleted : user_pref("CT3184201.InitializeCommonPrefs", true);
Deleted : user_pref("CT3184201.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3184201.InstallationId", "conduitinstaller.exe");
Deleted : user_pref("CT3184201.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT3184201.InstalledDate", "Thu Aug 09 2012 18:06:03 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3184201.InvalidateCache", false);
Deleted : user_pref("CT3184201.IsAlertDBUpdated", true);
Deleted : user_pref("CT3184201.IsGrouping", false);
Deleted : user_pref("CT3184201.IsInitSetupIni", true);
Deleted : user_pref("CT3184201.IsMulticommunity", false);
Deleted : user_pref("CT3184201.IsOpenThankYouPage", false);
Deleted : user_pref("CT3184201.IsOpenUninstallPage", false);
Deleted : user_pref("CT3184201.IsProtectorsInit", true);
Deleted : user_pref("CT3184201.LanguagePackLastCheckTime", "Thu Aug 09 2012 18:06:17 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT3184201.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3184201.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3184201.LastLogin_3.14.1.0", "Thu Aug 09 2012 18:06:17 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3184201.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3184201.Locale", "en");
Deleted : user_pref("CT3184201.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3184201.MCDetectTooltipShow", false);
Deleted : user_pref("CT3184201.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3184201.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3184201.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3184201.OriginalFirstVersion", "3.14.1.0");
Deleted : user_pref("CT3184201.RadioIsPodcast", false);
Deleted : user_pref("CT3184201.RadioLastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3184201.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3184201.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3184201.RadioMediaID", "9962");
Deleted : user_pref("CT3184201.RadioMediaType", "Media Player");
Deleted : user_pref("CT3184201.RadioMenuSelectedID", "EBRadioMenu_CT31842019962");
Deleted : user_pref("CT3184201.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3184201.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3184201.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3184201.SavedHomepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CT3184201.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT3184201.SearchCaption", "midicairus Customized Web Search");
Deleted : user_pref("CT3184201.SearchEngineBeforeUnload", "midicairus Customized Web Search");
Deleted : user_pref("CT3184201.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3184201.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT318[...]
Deleted : user_pref("CT3184201.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3184201.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3184201.SearchInNewTabLastCheckTime", "Thu Aug 09 2012 18:06:26 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT3184201.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3184201.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT3184201.SearchProtectorEnabled", true);
Deleted : user_pref("CT3184201.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT3184201.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3184201.ServiceMapLastCheckTime", "Thu Aug 09 2012 18:05:37 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT3184201.SettingsLastCheckTime", "Thu Aug 09 2012 18:05:39 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT3184201.SettingsLastUpdate", "1342807700");
Deleted : user_pref("CT3184201.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3184201&SearchSource=13");
Deleted : user_pref("CT3184201.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3184201.ThirdPartyComponentsLastCheck", "Thu Aug 09 2012 18:05:37 GMT-0500 (Central Day[...]
Deleted : user_pref("CT3184201.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3184201.ToolbarDisabled", true);
Deleted : user_pref("CT3184201.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3184201.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3184201");
Deleted : user_pref("CT3184201.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3184201.UserID", "UN08965371217400724");
Deleted : user_pref("CT3184201.WeatherNetwork", "");
Deleted : user_pref("CT3184201.WeatherPollDate", "Thu Aug 09 2012 18:06:14 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3184201.WeatherUnit", "F");
Deleted : user_pref("CT3184201.alertChannelId", "1594758");
Deleted : user_pref("CT3184201.approveUntrustedApps", false);
Deleted : user_pref("CT3184201.components.1000034", false);
Deleted : user_pref("CT3184201.components.1000082", false);
Deleted : user_pref("CT3184201.components.1000234", false);
Deleted : user_pref("CT3184201.components.129724205034145620", false);
Deleted : user_pref("CT3184201.components.129724205036020587", false);
Deleted : user_pref("CT3184201.components.129724205037114317", false);
Deleted : user_pref("CT3184201.components.129724205037270565", false);
Deleted : user_pref("CT3184201.components.129724205037426813", false);
Deleted : user_pref("CT3184201.components.129724205037739308", false);
Deleted : user_pref("CT3184201.components.129724205038051804", false);
Deleted : user_pref("CT3184201.components.129724205038520546", false);
Deleted : user_pref("CT3184201.components.129724205039301782", false);
Deleted : user_pref("CT3184201.components.129724205040551760", false);
Deleted : user_pref("CT3184201.components.1330956386000", false);
Deleted : user_pref("CT3184201.components.1958179879799928720", false);
Deleted : user_pref("CT3184201.components.4950963945127914423", false);
Deleted : user_pref("CT3184201.components.5342832749374672449", false);
Deleted : user_pref("CT3184201.components.6565815752657123216", false);
Deleted : user_pref("CT3184201.components.8446616961328789392", false);
Deleted : user_pref("CT3184201.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3184201.globalFirstTimeInfoLastCheckTime", "Thu Aug 09 2012 18:06:04 GMT-0500 (Central [...]
Deleted : user_pref("CT3184201.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3184201.initDone", true);
Deleted : user_pref("CT3184201.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3184201.isFirstRadioInstallation", false);
Deleted : user_pref("CT3184201.isSearchProtectorNotifyChanges", false);
Deleted : user_pref("CT3184201.myStuffEnabled", true);
Deleted : user_pref("CT3184201.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3184201.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3184201.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3184201.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3184201.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3184201.revertSettingsEnabled", false);
Deleted : user_pref("CT3184201.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3184201.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3184201.testingCtid", "");
Deleted : user_pref("CT3184201.toolbarAppMetaDataLastCheckTime", "Thu Aug 09 2012 18:06:04 GMT-0500 (Central D[...]
Deleted : user_pref("CT3184201.toolbarContextMenuLastCheckTime", "Thu Aug 09 2012 18:06:17 GMT-0500 (Central D[...]
Deleted : user_pref("CT3184201.usageEnabled", false);
Deleted : user_pref("CT3184201.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Veoh Web Player Customized Web Search,midicairus Cu[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3184201/CT3184201[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1594758/1588784/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3184201", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2653012", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3184201",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2653012&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2653012/CT2653012[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"8c9[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/15846407.xml", "\"745ec7d1bd50664c099[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16190898.xml", "\"99b52a4231cfb17be98[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16727535.xml", "\"fedb2a980b4fa75840e[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17461978.xml", "\"6eddb63d7448aec9b59[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/18676177.xml", "\"46719ae987a7bf060ce[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19058681.xml", "\"d619759437b4007a0da[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19554706.xml", "\"a6a35fbb55088043712[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/21324258.xml", "\"76e2a4ed7dfdefc9b56[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/21879024.xml", "\"0b871c9916d3ca82b00[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/2883841.xml", "\"81b44a8e3c754b107fc1[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Andrew Teifke\\App[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.searchqu.com/web?src=ffb&syst[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2653012,CT3184201");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012,CT3184201");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2653012,CT3184201");
Deleted : user_pref("CommunityToolbar.globalUserId", "7201bc79-c44e-4a44-8d2b-1e389756689d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Aug 09 2012 18:06:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Aug 09 2012 18:06:16 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Aug 09 2012 18:05:41 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "77f58bce-c18e-4bad-ab44-5ca1d9200146");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.searchqu.com/406");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Custom search");
Deleted : user_pref("CommunityToolbar.twitter.user_15846407.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_16190898.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_16727535.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_17461978.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_18676177.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_19058681.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_19554706.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_21324258.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_21879024.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_2883841.LastCheckTime", "Thu Aug 09 2012 18:06:24 GMT-0500 [...]
Deleted : user_pref("backup.old.browser.search.selectedEngine", "midicairus Customized Web Search");
Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3184201&SearchSo[...]
Deleted : user_pref("browser.search.defaultthis.engineName", "midicairus Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3184201&Sea[...]
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr%40funmoods.com:1.5.1,%7BE173B749-DB5B-4fd2-BA0E-94ECE[...]
Deleted : user_pref("extensions.funmoods.aflt", "axl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "1723DD6308F558288EC25734547EBA96");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.hrdid", "0080C8B027F2F6BA");
Deleted : user_pref("extensions.funmoods.id", "0080C8B027F2F6BA");
Deleted : user_pref("extensions.funmoods.instlDay", "15602");
Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Deleted : user_pref("extensions.funmoods.instlday", "15602");
Deleted : user_pref("extensions.funmoods.instlref", "axl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:6:2");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.monitorreport", true);
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"198\",\"lastVrsn\":\"198\",\"vrsnLoad\":\"[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:6:2");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2221:6:2");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:6:2");
Deleted : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]
Deleted : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Deleted : user_pref("extensions.veohsearchrecs.id", "8d9a10b68-cae2-5b47-c268-8a760232ce4");
Deleted : user_pref("extensions.veohsearchrecs.lastsitedate", "20");

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.3] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L[...]
Deleted [l.7] : homepage = "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDzztD0Czz0BtDtBy[...]
Deleted [l.15] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2Xz[...]
Deleted [l.238] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3184201&SearchSource=48" ]
Deleted [l.247] : homepage = "hxxp://search.conduit.com/?ctid=CT3184201&SearchSource=48",

File : C:\Documents and Settings\Administrator.ATEIFKE\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [50622 octets] - [03/07/2013 13:10:17]

########## EOF - C:\AdwCleaner[S1].txt - [50683 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Andrew Teifke on Wed 07/03/2013 at 13:18:58.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\messenger
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\veohplugin
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1659004503-1284227242-1606980848-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

   Val Name      Type   Value Data
   ========      ====   ==========
    1964emu_099    REG_SZ    RUNDLL32.EXE "C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\1964emu_099\tlwfmpsl.dll",D3DXQuaternionInverse




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Andrew Teifke\desktop\1000 free songs!.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\stronghold_llc"
Successfully deleted: [Folder] "C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Program Files\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Failed to delete: [Folder] C:\Documents and Settings\Andrew Teifke\Application Data\mozilla\firefox\profiles\tyk68un5.default\extensions\wtxpcom@mybrowserbar.com
Failed to delete: [Folder] C:\Documents and Settings\Andrew Teifke\Application Data\mozilla\firefox\profiles\tyk68un5.default\extensions\ytd@mybrowserbar.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}
Emptied folder: C:\Documents and Settings\Andrew Teifke\Application Data\mozilla\firefox\profiles\tyk68un5.default\minidumps [35 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/03/2013 at 13:43:53.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edit: Oh my sound is still acting up internect hasn't done anything odd yet. It could be all day before that may show up.


Edited by Houka, 03 July 2013 - 05:03 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 03 July 2013 - 05:21 PM


Hello Houka

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 03 July 2013 - 10:31 PM

Umm is the scan suppose to take more then two hours? If it suppose to take a long time then might just run it over night as it getting late. My PC crashed twice while runing it for about that time.

 

Actrully now taht I think about it this is acting liek when I upgrade Skype recently. It would get stuck on the loading screen and my processer usage will sky rocket up making my PC pretty much unuseable. Until I closed it and then it reverts back to normal.


Edited by Houka, 03 July 2013 - 10:42 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 03 July 2013 - 11:15 PM


Hello Houka

No it should not I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 04 July 2013 - 12:58 AM

Oh looking my update thing is starting to work again, I think my speed seem to be a bit improved too. I have to wait a while to see if any of the main issue are any better.

 

00:18:06.0593 1432  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:18:08.0828 1432  ============================================================
00:18:08.0828 1432  Current date / time: 2013/07/04 00:18:08.0828
00:18:08.0828 1432  SystemInfo:
00:18:08.0828 1432  
00:18:08.0828 1432  OS Version: 5.1.2600 ServicePack: 3.0
00:18:08.0828 1432  Product type: Workstation
00:18:08.0828 1432  ComputerName: ATEIFKE
00:18:08.0828 1432  UserName: Andrew Teifke
00:18:08.0828 1432  Windows directory: C:\WINDOWS
00:18:08.0828 1432  System windows directory: C:\WINDOWS
00:18:08.0828 1432  Processor architecture: Intel x86
00:18:08.0828 1432  Number of processors: 1
00:18:08.0828 1432  Page size: 0x1000
00:18:08.0828 1432  Boot type: Normal boot
00:18:08.0828 1432  ============================================================
00:18:24.0640 1432  BG loaded
00:18:29.0890 1432  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:18:30.0312 1432  ============================================================
00:18:30.0390 1432  \Device\Harddisk0\DR0:
00:18:30.0593 1432  MBR partitions:
00:18:30.0593 1432  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x709B8F7
00:18:30.0640 1432  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x709B936, BlocksNum 0x12D01DFF
00:18:30.0640 1432  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19D9D735, BlocksNum 0x205E750C
00:18:30.0656 1432  ============================================================
00:18:31.0171 1432  C: <-> \Device\Harddisk0\DR0\Partition2
00:18:31.0234 1432  D: <-> \Device\Harddisk0\DR0\Partition1
00:18:31.0656 1432  E: <-> \Device\Harddisk0\DR0\Partition3
00:18:31.0656 1432  ============================================================
00:18:31.0656 1432  Initialize success
00:18:31.0656 1432  ============================================================
00:22:55.0046 1236  ============================================================
00:22:55.0109 1236  Scan started
00:22:55.0109 1236  Mode: Manual; SigCheck; TDLFS;
00:22:55.0109 1236  ============================================================
00:22:59.0343 1236  ================ Scan system memory ========================
00:22:59.0343 1236  System memory - ok
00:22:59.0343 1236  ================ Scan services =============================
00:22:59.0890 1236  Abiosdsk - ok
00:22:59.0921 1236  abp480n5 - ok
00:23:00.0031 1236  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:23:21.0187 1236  ACPI - ok
00:23:21.0328 1236  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
00:23:22.0062 1236  ACPIEC - ok
00:23:22.0078 1236  adpu160m - ok
00:23:22.0515 1236  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
00:23:23.0609 1236  aec - ok
00:23:24.0031 1236  [ 7618D5218F2A614672EC61A80D854A37 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
00:23:24.0468 1236  AFD - ok
00:23:24.0484 1236  Aha154x - ok
00:23:24.0515 1236  aic78u2 - ok
00:23:24.0531 1236  aic78xx - ok
00:23:24.0796 1236  [ 8B9CCDED592A52E9C27E862F11A29C4D ] AIRPLUS         C:\WINDOWS\system32\DRIVERS\airplus.sys
00:23:25.0218 1236  AIRPLUS - ok
00:23:25.0296 1236  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
00:23:25.0906 1236  Alerter - ok
00:23:26.0109 1236  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
00:23:26.0562 1236  ALG - ok
00:23:26.0578 1236  AliIde - ok
00:23:26.0656 1236  [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7           C:\WINDOWS\system32\DRIVERS\amdk7.sys
00:23:27.0468 1236  AmdK7 - ok
00:23:27.0484 1236  amsint - ok
00:23:30.0953 1236  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:23:31.0312 1236  Apple Mobile Device - ok
00:23:31.0859 1236  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
00:23:32.0453 1236  AppMgmt - ok
00:23:32.0468 1236  asc - ok
00:23:32.0531 1236  asc3350p - ok
00:23:32.0671 1236  asc3550 - ok
00:23:34.0890 1236  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:23:36.0031 1236  aspnet_state - ok
00:23:36.0093 1236  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:23:37.0093 1236  AsyncMac - ok
00:23:37.0453 1236  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
00:23:38.0609 1236  atapi - ok
00:23:38.0640 1236  Atdisk - ok
00:23:38.0734 1236  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:23:43.0328 1236  Atmarpc - ok
00:23:43.0703 1236  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
00:23:44.0531 1236  AudioSrv - ok
00:23:44.0578 1236  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
00:23:45.0468 1236  audstub - ok
00:23:47.0296 1236  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
00:23:48.0984 1236  AVGIDSAgent - ok
00:23:49.0062 1236  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
00:23:52.0265 1236  AVGIDSDriver - ok
00:23:52.0312 1236  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
00:23:52.0359 1236  AVGIDSHX - ok
00:23:52.0406 1236  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
00:23:52.0515 1236  AVGIDSShim - ok
00:23:52.0906 1236  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
00:23:52.0953 1236  Avgldx86 - ok
00:23:53.0000 1236  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
00:23:53.0046 1236  Avglogx - ok
00:23:53.0078 1236  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
00:23:53.0125 1236  Avgmfx86 - ok
00:23:53.0187 1236  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
00:23:53.0250 1236  Avgrkx86 - ok
00:23:53.0296 1236  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
00:23:53.0359 1236  Avgtdix - ok
00:23:53.0421 1236  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
00:23:53.0484 1236  avgwd - ok
00:23:53.0546 1236  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
00:23:55.0437 1236  Beep - ok
00:23:55.0640 1236  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
00:23:56.0343 1236  BITS - ok
00:23:56.0468 1236  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:23:56.0578 1236  Bonjour Service - ok
00:23:56.0625 1236  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
00:23:57.0140 1236  Browser - ok
00:23:57.0781 1236  catchme - ok
00:23:57.0812 1236  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
00:23:58.0515 1236  cbidf2k - ok
00:23:58.0531 1236  cd20xrnt - ok
00:23:58.0593 1236  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
00:23:59.0078 1236  Cdaudio - ok
00:23:59.0234 1236  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
00:23:59.0765 1236  Cdfs - ok
00:23:59.0828 1236  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:24:00.0390 1236  Cdrom - ok
00:24:00.0406 1236  Changer - ok
00:24:00.0468 1236  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
00:24:00.0968 1236  CiSvc - ok
00:24:01.0015 1236  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
00:24:01.0515 1236  ClipSrv - ok
00:24:01.0593 1236  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:24:01.0796 1236  clr_optimization_v2.0.50727_32 - ok
00:24:01.0828 1236  CmdIde - ok
00:24:01.0859 1236  COMSysApp - ok
00:24:01.0953 1236  Cpqarray - ok
00:24:02.0031 1236  [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
00:24:02.0109 1236  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
00:24:02.0125 1236  Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
00:24:02.0218 1236  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
00:24:02.0859 1236  CryptSvc - ok
00:24:02.0953 1236  [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k         C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
00:24:03.0265 1236  ctsfm2k - ok
00:24:03.0281 1236  dac2w2k - ok
00:24:03.0328 1236  dac960nt - ok
00:24:03.0390 1236  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
00:24:03.0593 1236  DcomLaunch - ok
00:24:03.0687 1236  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
00:24:04.0203 1236  Dhcp - ok
00:24:04.0265 1236  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
00:24:04.0796 1236  Disk - ok
00:24:04.0812 1236  dmadmin - ok
00:24:05.0093 1236  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
00:24:10.0015 1236  dmboot - ok
00:24:10.0046 1236  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
00:24:11.0359 1236  dmio - ok
00:24:11.0406 1236  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
00:24:12.0109 1236  dmload - ok
00:24:12.0171 1236  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
00:24:12.0953 1236  dmserver - ok
00:24:13.0031 1236  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
00:24:13.0640 1236  DMusic - ok
00:24:13.0734 1236  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
00:24:13.0875 1236  Dnscache - ok
00:24:13.0937 1236  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
00:24:14.0406 1236  Dot3svc - ok
00:24:14.0437 1236  dpti2o - ok
00:24:14.0500 1236  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
00:24:15.0031 1236  drmkaud - ok
00:24:15.0078 1236  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
00:24:15.0562 1236  EapHost - ok
00:24:15.0625 1236  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
00:24:16.0125 1236  ERSvc - ok
00:24:16.0171 1236  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
00:24:16.0265 1236  Eventlog - ok
00:24:16.0343 1236  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
00:24:16.0484 1236  EventSystem - ok
00:24:16.0562 1236  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
00:24:17.0000 1236  Fastfat - ok
00:24:17.0078 1236  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:24:17.0593 1236  FastUserSwitchingCompatibility - ok
00:24:17.0671 1236  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
00:24:18.0171 1236  Fdc - ok
00:24:18.0656 1236  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
00:24:19.0234 1236  Fips - ok
00:24:19.0296 1236  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:24:19.0765 1236  Flpydisk - ok
00:24:19.0812 1236  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:24:20.0281 1236  FltMgr - ok
00:24:20.0359 1236  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:24:20.0437 1236  FontCache3.0.0.0 - ok
00:24:20.0578 1236  [ E0087225B137E57239FF40F8AE82059B ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
00:24:20.0671 1236  fssfltr - ok
00:24:20.0906 1236  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:24:21.0250 1236  fsssvc - ok
00:24:21.0281 1236  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:24:21.0718 1236  Fs_Rec - ok
00:24:21.0765 1236  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:24:22.0218 1236  Ftdisk - ok
00:24:22.0281 1236  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:24:22.0468 1236  GEARAspiWDM - ok
00:24:22.0750 1236  Giraffic - ok
00:24:22.0781 1236  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:24:23.0328 1236  Gpc - ok
00:24:23.0453 1236  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca3a1338cbe39a C:\Program Files\Google\Update\GoogleUpdate.exe
00:24:23.0546 1236  gupdate1ca3a1338cbe39a - ok
00:24:23.0578 1236  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
00:24:23.0609 1236  gupdatem - ok
00:24:23.0687 1236  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:24:24.0187 1236  helpsvc - ok
00:24:24.0203 1236  HidServ - ok
00:24:24.0281 1236  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
00:24:24.0812 1236  hkmsvc - ok
00:24:24.0828 1236  hpn - ok
00:24:24.0984 1236  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
00:24:25.0109 1236  HTTP - ok
00:24:25.0171 1236  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
00:24:25.0796 1236  HTTPFilter - ok
00:24:25.0812 1236  i2omgmt - ok
00:24:25.0843 1236  i2omp - ok
00:24:26.0343 1236  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:24:27.0250 1236  i8042prt - ok
00:24:27.0531 1236  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:24:27.0781 1236  idsvc - ok
00:24:27.0812 1236  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
00:24:28.0265 1236  Imapi - ok
00:24:28.0312 1236  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
00:24:28.0703 1236  ImapiService - ok
00:24:28.0734 1236  ini910u - ok
00:24:28.0765 1236  IntelIde - ok
00:24:28.0812 1236  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:24:29.0218 1236  Ip6Fw - ok
00:24:29.0281 1236  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:24:29.0703 1236  IpFilterDriver - ok
00:24:29.0781 1236  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:24:30.0156 1236  IpInIp - ok
00:24:30.0187 1236  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:24:30.0609 1236  IpNat - ok
00:24:30.0765 1236  [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:24:30.0890 1236  iPod Service - ok
00:24:30.0921 1236  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:24:31.0421 1236  IPSec - ok
00:24:31.0468 1236  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
00:24:31.0625 1236  IRENUM - ok
00:24:31.0687 1236  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:24:32.0171 1236  isapnp - ok
00:24:32.0296 1236  [ 09417134F248DFCEEA15C72BCC87F592 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
00:24:32.0406 1236  JavaQuickStarterService - ok
00:24:32.0468 1236  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:24:32.0859 1236  Kbdclass - ok
00:24:32.0890 1236  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
00:24:33.0281 1236  kmixer - ok
00:24:33.0343 1236  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
00:24:33.0812 1236  KSecDD - ok
00:24:33.0890 1236  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
00:24:34.0109 1236  LanmanServer - ok
00:24:34.0171 1236  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:24:34.0281 1236  lanmanworkstation - ok
00:24:34.0296 1236  lbrtfdc - ok
00:24:34.0390 1236  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
00:24:34.0859 1236  LmHosts - ok
00:24:35.0000 1236  [ FA2ED4A054360F3F873C15420F1F19CC ] ltmodem5        C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
00:24:35.0406 1236  ltmodem5 - ok
00:24:35.0484 1236  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
00:24:35.0968 1236  Messenger - ok
00:24:36.0281 1236  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
00:24:36.0750 1236  mnmdd - ok
00:24:36.0781 1236  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
00:24:37.0312 1236  mnmsrvc - ok
00:24:37.0343 1236  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
00:24:37.0765 1236  Modem - ok
00:24:37.0812 1236  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:24:38.0234 1236  Mouclass - ok
00:24:38.0359 1236  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
00:24:38.0890 1236  MountMgr - ok
00:24:39.0437 1236  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:24:39.0609 1236  MozillaMaintenance - ok
00:24:39.0625 1236  mraid35x - ok
00:24:39.0781 1236  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:24:40.0328 1236  MRxDAV - ok
00:24:40.0500 1236  [ 0EA4D8ED179B75F8AFA7998BA22285CA ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:24:41.0015 1236  MRxSmb - ok
00:24:41.0140 1236  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
00:24:41.0687 1236  MSDTC - ok
00:24:41.0765 1236  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
00:24:42.0218 1236  Msfs - ok
00:24:42.0234 1236  MSIServer - ok
00:24:42.0296 1236  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:24:42.0828 1236  MSKSSRV - ok
00:24:42.0968 1236  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:24:43.0468 1236  MSPCLOCK - ok
00:24:43.0703 1236  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
00:24:44.0171 1236  MSPQM - ok
00:24:44.0250 1236  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:24:44.0656 1236  mssmbios - ok
00:24:44.0703 1236  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
00:24:45.0109 1236  Mup - ok
00:24:45.0250 1236  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
00:24:45.0750 1236  napagent - ok
00:24:45.0828 1236  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
00:24:46.0187 1236  NDIS - ok
00:24:46.0218 1236  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:24:46.0656 1236  NdisTapi - ok
00:24:46.0703 1236  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:24:47.0062 1236  Ndisuio - ok
00:24:47.0125 1236  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:24:47.0562 1236  NdisWan - ok
00:24:47.0640 1236  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
00:24:47.0812 1236  NDProxy - ok
00:24:47.0859 1236  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
00:24:48.0359 1236  NetBIOS - ok
00:24:48.0437 1236  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
00:24:48.0812 1236  NetBT - ok
00:24:48.0859 1236  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
00:24:49.0421 1236  NetDDE - ok
00:24:49.0453 1236  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
00:24:49.0765 1236  NetDDEdsdm - ok
00:24:49.0812 1236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
00:24:50.0156 1236  Netlogon - ok
00:24:50.0218 1236  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
00:24:50.0531 1236  Netman - ok
00:24:50.0609 1236  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:24:50.0718 1236  NetTcpPortSharing - ok
00:24:50.0843 1236  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
00:24:51.0156 1236  Nla - ok
00:24:51.0187 1236  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
00:24:51.0484 1236  Npfs - ok
00:24:51.0546 1236  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
00:24:51.0906 1236  Ntfs - ok
00:24:51.0968 1236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
00:24:52.0281 1236  NtLmSsp - ok
00:24:52.0328 1236  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
00:24:52.0656 1236  NtmsSvc - ok
00:24:52.0687 1236  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
00:24:53.0015 1236  Null - ok
00:24:53.0093 1236  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:24:53.0468 1236  NwlnkFlt - ok
00:24:53.0546 1236  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:24:53.0906 1236  NwlnkFwd - ok
00:24:53.0968 1236  [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv           C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
00:24:54.0140 1236  ossrv - ok
00:24:54.0281 1236  [ 1DB419CB76493F6292CCFBDC3466F5FF ] P17             C:\WINDOWS\system32\drivers\P17.sys
00:24:55.0234 1236  P17 - ok
00:24:55.0265 1236  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
00:24:55.0750 1236  Parport - ok
00:24:55.0781 1236  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
00:24:56.0140 1236  PartMgr - ok
00:24:56.0187 1236  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
00:24:56.0593 1236  ParVdm - ok
00:24:56.0625 1236  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
00:24:57.0000 1236  PCI - ok
00:24:57.0015 1236  PCIDump - ok
00:24:57.0046 1236  PCIIde - ok
00:24:57.0093 1236  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
00:24:57.0437 1236  Pcmcia - ok
00:24:57.0453 1236  PDCOMP - ok
00:24:57.0484 1236  PDFRAME - ok
00:24:57.0515 1236  PDRELI - ok
00:24:57.0546 1236  PDRFRAME - ok
00:24:57.0562 1236  perc2 - ok
00:24:57.0578 1236  perc2hib - ok
00:24:57.0671 1236  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
00:24:57.0812 1236  PlugPlay - ok
00:24:57.0843 1236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
00:24:58.0156 1236  PolicyAgent - ok
00:24:58.0187 1236  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:24:58.0515 1236  PptpMiniport - ok
00:24:58.0546 1236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:24:58.0890 1236  ProtectedStorage - ok
00:24:58.0921 1236  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
00:24:59.0265 1236  PSched - ok
00:24:59.0328 1236  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:24:59.0687 1236  Ptilink - ok
00:24:59.0765 1236  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:24:59.0906 1236  PxHelp20 - ok
00:24:59.0921 1236  ql1080 - ok
00:24:59.0953 1236  Ql10wnt - ok
00:24:59.0984 1236  ql12160 - ok
00:25:00.0000 1236  ql1240 - ok
00:25:00.0031 1236  ql1280 - ok
00:25:00.0078 1236  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:25:00.0406 1236  RasAcd - ok
00:25:00.0453 1236  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
00:25:00.0765 1236  RasAuto - ok
00:25:00.0812 1236  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:25:01.0171 1236  Rasl2tp - ok
00:25:01.0218 1236  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
00:25:01.0531 1236  RasMan - ok
00:25:01.0562 1236  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:25:01.0906 1236  RasPppoe - ok
00:25:01.0937 1236  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
00:25:02.0234 1236  Raspti - ok
00:25:02.0296 1236  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:25:02.0671 1236  Rdbss - ok
00:25:02.0796 1236  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:25:03.0125 1236  RDPCDD - ok
00:25:03.0406 1236  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:25:03.0781 1236  rdpdr - ok
00:25:03.0843 1236  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
00:25:04.0265 1236  RDPWD - ok
00:25:04.0375 1236  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
00:25:04.0734 1236  RDSessMgr - ok
00:25:04.0796 1236  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
00:25:05.0140 1236  redbook - ok
00:25:05.0515 1236  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
00:25:05.0859 1236  RemoteAccess - ok
00:25:05.0890 1236  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
00:25:06.0312 1236  RemoteRegistry - ok
00:25:06.0375 1236  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
00:25:06.0750 1236  RpcLocator - ok
00:25:06.0890 1236  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
00:25:07.0203 1236  RpcSs - ok
00:25:07.0671 1236  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
00:25:08.0125 1236  RSVP - ok
00:25:08.0234 1236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
00:25:08.0531 1236  SamSs - ok
00:25:08.0718 1236  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
00:25:09.0093 1236  SCardSvr - ok
00:25:09.0250 1236  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
00:25:09.0625 1236  Schedule - ok
00:25:10.0687 1236  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:25:10.0906 1236  SeaPort - ok
00:25:11.0250 1236  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:25:11.0468 1236  Secdrv - ok
00:25:11.0515 1236  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
00:25:11.0875 1236  seclogon - ok
00:25:11.0921 1236  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
00:25:12.0328 1236  SENS - ok
00:25:12.0359 1236  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
00:25:12.0750 1236  serenum - ok
00:25:12.0781 1236  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
00:25:13.0171 1236  Serial - ok
00:25:13.0250 1236  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
00:25:13.0593 1236  Sfloppy - ok
00:25:13.0656 1236  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
00:25:14.0062 1236  SharedAccess - ok
00:25:14.0125 1236  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:25:14.0265 1236  ShellHWDetection - ok
00:25:14.0281 1236  Simbad - ok
00:25:15.0671 1236  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:25:17.0421 1236  Skype C2C Service - ok
00:25:17.0453 1236  Sparrow - ok
00:25:17.0515 1236  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
00:25:17.0828 1236  splitter - ok
00:25:17.0875 1236  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
00:25:17.0984 1236  Spooler - ok
00:25:18.0031 1236  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
00:25:18.0218 1236  sr - ok
00:25:18.0312 1236  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
00:25:18.0468 1236  srservice - ok
00:25:18.0531 1236  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
00:25:18.0687 1236  Srv - ok
00:25:18.0718 1236  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
00:25:18.0937 1236  SSDPSRV - ok
00:25:19.0250 1236  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
00:25:19.0937 1236  stisvc - ok
00:25:20.0046 1236  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
00:25:23.0453 1236  swenum - ok
00:25:23.0484 1236  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
00:25:23.0812 1236  swmidi - ok
00:25:23.0828 1236  SwPrv - ok
00:25:23.0859 1236  symc810 - ok
00:25:23.0890 1236  symc8xx - ok
00:25:23.0906 1236  sym_hi - ok
00:25:23.0937 1236  sym_u3 - ok
00:25:24.0000 1236  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
00:25:24.0390 1236  sysaudio - ok
00:25:24.0437 1236  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
00:25:24.0796 1236  SysmonLog - ok
00:25:24.0859 1236  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
00:25:25.0171 1236  TapiSrv - ok
00:25:25.0234 1236  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:25:25.0437 1236  Tcpip - ok
00:25:25.0468 1236  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
00:25:25.0828 1236  TDPIPE - ok
00:25:25.0890 1236  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
00:25:26.0203 1236  TDTCP - ok
00:25:26.0265 1236  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
00:25:26.0578 1236  TermDD - ok
00:25:26.0718 1236  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
00:25:27.0046 1236  TermService - ok
00:25:27.0203 1236  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
00:25:27.0296 1236  Themes - ok
00:25:27.0343 1236  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
00:25:27.0484 1236  TlntSvr - ok
00:25:27.0531 1236  TosIde - ok
00:25:27.0578 1236  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
00:25:27.0859 1236  TrkWks - ok
00:25:27.0937 1236  [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
00:25:28.0265 1236  uagp35 - ok
00:25:28.0312 1236  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
00:25:28.0609 1236  Udfs - ok
00:25:28.0640 1236  ultra - ok
00:25:28.0796 1236  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
00:25:30.0781 1236  Update - ok
00:25:30.0937 1236  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
00:25:31.0140 1236  upnphost - ok
00:25:31.0171 1236  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
00:25:31.0515 1236  UPS - ok
00:25:31.0609 1236  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:25:31.0906 1236  usbehci - ok
00:25:31.0968 1236  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:25:32.0296 1236  usbhub - ok
00:25:32.0375 1236  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:25:32.0703 1236  usbprint - ok
00:25:32.0750 1236  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:25:33.0250 1236  usbscan - ok
00:25:33.0328 1236  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:25:33.0625 1236  USBSTOR - ok
00:25:33.0656 1236  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:25:33.0953 1236  usbuhci - ok
00:25:34.0015 1236  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
00:25:34.0265 1236  VgaSave - ok
00:25:34.0312 1236  [ 0CC705DB634A3BC355887E3D478DD386 ] viagfx          C:\WINDOWS\system32\DRIVERS\vtmini.sys
00:25:34.0437 1236  viagfx - ok
00:25:34.0484 1236  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
00:25:34.0812 1236  ViaIde - ok
00:25:34.0890 1236  [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32         C:\WINDOWS\system32\DRIVERS\videX32.sys
00:25:34.0984 1236  videX32 - ok
00:25:35.0140 1236  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
00:25:35.0421 1236  VolSnap - ok
00:25:35.0515 1236  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
00:25:35.0671 1236  VSS - ok
00:25:35.0765 1236  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
00:25:36.0078 1236  W32Time - ok
00:25:36.0109 1236  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:25:36.0453 1236  Wanarp - ok
00:25:36.0468 1236  WDICA - ok
00:25:36.0531 1236  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
00:25:36.0812 1236  wdmaud - ok
00:25:36.0843 1236  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
00:25:37.0156 1236  WebClient - ok
00:25:37.0281 1236  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
00:25:37.0703 1236  winmgmt - ok
00:25:37.0812 1236  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
00:25:37.0984 1236  WmdmPmSN - ok
00:25:38.0078 1236  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
00:25:38.0484 1236  Wmi - ok
00:25:38.0546 1236  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:25:38.0828 1236  WmiApSrv - ok
00:25:39.0156 1236  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
00:25:39.0593 1236  WMPNetworkSvc - ok
00:25:39.0671 1236  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:25:40.0500 1236  WS2IFSL - ok
00:25:40.0562 1236  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
00:25:40.0890 1236  wscsvc - ok
00:25:41.0000 1236  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
00:25:41.0390 1236  wuauserv - ok
00:25:41.0421 1236  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:25:41.0500 1236  WudfPf - ok
00:25:41.0515 1236  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:25:41.0578 1236  WudfRd - ok
00:25:41.0625 1236  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
00:25:41.0687 1236  WudfSvc - ok
00:25:41.0843 1236  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
00:25:42.0421 1236  WZCSVC - ok
00:25:42.0562 1236  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
00:25:42.0859 1236  xmlprov - ok
00:25:43.0000 1236  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:25:43.0187 1236  YahooAUService - ok
00:25:43.0218 1236  ================ Scan global ===============================
00:25:43.0296 1236  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:25:43.0484 1236  [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
00:25:43.0531 1236  [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
00:25:43.0578 1236  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:25:43.0593 1236  [Global] - ok
00:25:43.0593 1236  ================ Scan MBR ==================================
00:25:43.0625 1236  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:25:43.0640 1236  Suspicious mbr (Forged): \Device\Harddisk0\DR0
00:25:43.0718 1236  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
00:25:43.0718 1236  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
00:25:43.0906 1236  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:25:43.0906 1236  \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:25:43.0921 1236  ================ Scan VBR ==================================
00:25:43.0921 1236  [ 3DC062A238E58D1B57F2017FE48CD2D3 ] \Device\Harddisk0\DR0\Partition1
00:25:43.0937 1236  \Device\Harddisk0\DR0\Partition1 - ok
00:25:43.0968 1236  [ 5AA44583E2CDE75FC7A95DA5EA63C5A7 ] \Device\Harddisk0\DR0\Partition2
00:25:43.0984 1236  \Device\Harddisk0\DR0\Partition2 - ok
00:25:44.0031 1236  [ 332AE90E8CC28ED325D35356B154608F ] \Device\Harddisk0\DR0\Partition3
00:25:44.0031 1236  \Device\Harddisk0\DR0\Partition3 - ok
00:25:44.0046 1236  ================ Scan active images ========================
00:25:44.0062 1236  [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] C:\WINDOWS\system32\drivers\amdk7.sys
00:25:44.0062 1236  C:\WINDOWS\system32\drivers\amdk7.sys - ok
00:25:44.0078 1236  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
00:25:44.0078 1236  C:\WINDOWS\system32\drivers\videoprt.sys - ok
00:25:44.0109 1236  [ 0CC705DB634A3BC355887E3D478DD386 ] C:\WINDOWS\system32\drivers\vtmini.sys
00:25:44.0109 1236  C:\WINDOWS\system32\drivers\vtmini.sys - ok
00:25:44.0125 1236  [ FA2ED4A054360F3F873C15420F1F19CC ] C:\WINDOWS\system32\drivers\ltmdmnt.sys
00:25:44.0125 1236  C:\WINDOWS\system32\drivers\ltmdmnt.sys - ok
00:25:44.0140 1236  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
00:25:44.0140 1236  C:\WINDOWS\system32\drivers\modem.sys - ok
00:25:44.0171 1236  [ 8B9CCDED592A52E9C27E862F11A29C4D ] C:\WINDOWS\system32\drivers\AIRPLUS.sys
00:25:44.0171 1236  C:\WINDOWS\system32\drivers\AIRPLUS.sys - ok
00:25:44.0187 1236  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
00:25:44.0187 1236  C:\WINDOWS\system32\drivers\ks.sys - ok
00:25:44.0218 1236  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
00:25:44.0218 1236  C:\WINDOWS\system32\drivers\drmk.sys - ok
00:25:44.0234 1236  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
00:25:44.0234 1236  C:\WINDOWS\system32\drivers\portcls.sys - ok
00:25:44.0250 1236  [ 1DB419CB76493F6292CCFBDC3466F5FF ] C:\WINDOWS\system32\drivers\P17.sys
00:25:44.0250 1236  C:\WINDOWS\system32\drivers\P17.sys - ok
00:25:44.0281 1236  [ 103A9B117A7D9903111955CDAFE65AC6 ] C:\WINDOWS\system32\drivers\ctoss2k.sys
00:25:44.0281 1236  C:\WINDOWS\system32\drivers\ctoss2k.sys - ok
00:25:44.0296 1236  [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] C:\WINDOWS\system32\drivers\ctsfm2k.sys
00:25:44.0296 1236  C:\WINDOWS\system32\drivers\ctsfm2k.sys - ok
00:25:44.0312 1236  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
00:25:44.0312 1236  C:\WINDOWS\system32\drivers\imapi.sys - ok
00:25:44.0343 1236  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
00:25:44.0343 1236  C:\WINDOWS\system32\drivers\cdrom.sys - ok
00:25:44.0359 1236  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
00:25:44.0359 1236  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
00:25:44.0390 1236  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
00:25:44.0390 1236  C:\WINDOWS\system32\drivers\redbook.sys - ok
00:25:44.0406 1236  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
00:25:44.0406 1236  C:\WINDOWS\system32\drivers\usbport.sys - ok
00:25:44.0437 1236  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
00:25:44.0437 1236  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
00:25:44.0453 1236  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
00:25:44.0453 1236  C:\WINDOWS\system32\drivers\fdc.sys - ok
00:25:44.0468 1236  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
00:25:44.0484 1236  C:\WINDOWS\system32\drivers\usbehci.sys - ok
00:25:44.0500 1236  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
00:25:44.0500 1236  C:\WINDOWS\system32\drivers\serial.sys - ok
00:25:44.0515 1236  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
00:25:44.0515 1236  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
00:25:44.0546 1236  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
00:25:44.0546 1236  C:\WINDOWS\system32\drivers\mouclass.sys - ok
00:25:44.0562 1236  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
00:25:44.0562 1236  C:\WINDOWS\system32\drivers\parport.sys - ok
00:25:44.0578 1236  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
00:25:44.0578 1236  C:\WINDOWS\system32\drivers\serenum.sys - ok
00:25:44.0609 1236  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
00:25:44.0609 1236  C:\WINDOWS\system32\drivers\audstub.sys - ok
00:25:44.0625 1236  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
00:25:44.0625 1236  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
00:25:44.0656 1236  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] C:\WINDOWS\system32\drivers\ndistapi.sys
00:25:44.0656 1236  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
00:25:44.0671 1236  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
00:25:44.0671 1236  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
00:25:44.0703 1236  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
00:25:44.0703 1236  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
00:25:44.0718 1236  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
00:25:44.0718 1236  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
00:25:44.0750 1236  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
00:25:44.0750 1236  C:\WINDOWS\system32\drivers\tdi.sys - ok
00:25:44.0765 1236  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
00:25:44.0765 1236  C:\WINDOWS\system32\drivers\psched.sys - ok
00:25:44.0796 1236  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
00:25:44.0796 1236  C:\WINDOWS\system32\drivers\raspptp.sys - ok
00:25:44.0796 1236  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
00:25:44.0796 1236  C:\WINDOWS\system32\drivers\msgpc.sys - ok
00:25:44.0828 1236  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
00:25:44.0828 1236  C:\WINDOWS\system32\drivers\ptilink.sys - ok
00:25:44.0843 1236  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
00:25:44.0843 1236  C:\WINDOWS\system32\drivers\raspti.sys - ok
00:25:44.0859 1236  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
00:25:44.0859 1236  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
00:25:44.0890 1236  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
00:25:44.0890 1236  C:\WINDOWS\system32\drivers\swenum.sys - ok
00:25:44.0906 1236  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
00:25:44.0906 1236  C:\WINDOWS\system32\drivers\termdd.sys - ok
00:25:44.0921 1236  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
00:25:44.0921 1236  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
00:25:44.0953 1236  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
00:25:44.0953 1236  C:\WINDOWS\system32\drivers\update.sys - ok
00:25:44.0968 1236  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
00:25:44.0984 1236  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
00:25:45.0000 1236  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
00:25:45.0000 1236  C:\WINDOWS\system32\drivers\usbd.sys - ok
00:25:45.0015 1236  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
00:25:45.0015 1236  C:\WINDOWS\system32\drivers\usbhub.sys - ok
00:25:45.0046 1236  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
00:25:45.0046 1236  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
00:25:45.0046 1236  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
00:25:45.0046 1236  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
00:25:45.0078 1236  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
00:25:45.0078 1236  C:\WINDOWS\system32\drivers\beep.sys - ok
00:25:45.0093 1236  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
00:25:45.0093 1236  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
00:25:45.0125 1236  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
00:25:45.0125 1236  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
00:25:45.0156 1236  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
00:25:45.0156 1236  C:\WINDOWS\system32\drivers\null.sys - ok
00:25:45.0234 1236  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
00:25:45.0234 1236  C:\WINDOWS\system32\drivers\vga.sys - ok
00:25:45.0281 1236  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
00:25:45.0281 1236  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
00:25:45.0296 1236  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
00:25:45.0296 1236  C:\WINDOWS\system32\drivers\msfs.sys - ok
00:25:45.0312 1236  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
00:25:45.0312 1236  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
00:25:45.0328 1236  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
00:25:45.0328 1236  C:\WINDOWS\system32\drivers\ipsec.sys - ok
00:25:45.0343 1236  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
00:25:45.0343 1236  C:\WINDOWS\system32\drivers\npfs.sys - ok
00:25:45.0375 1236  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
00:25:45.0375 1236  C:\WINDOWS\system32\drivers\rasacd.sys - ok
00:25:45.0390 1236  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
00:25:45.0390 1236  C:\WINDOWS\system32\drivers\tcpip.sys - ok
00:25:45.0421 1236  [ BA73B38E9033FC6018DB736B635706AE ] C:\WINDOWS\system32\drivers\avgtdix.sys
00:25:45.0421 1236  C:\WINDOWS\system32\drivers\avgtdix.sys - ok
00:25:45.0437 1236  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
00:25:45.0437 1236  C:\WINDOWS\system32\drivers\netbt.sys - ok
00:25:45.0468 1236  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
00:25:45.0468 1236  C:\WINDOWS\system32\drivers\wanarp.sys - ok
00:25:45.0484 1236  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
00:25:45.0484 1236  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
00:25:45.0515 1236  [ 7618D5218F2A614672EC61A80D854A37 ] C:\WINDOWS\system32\drivers\afd.sys
00:25:45.0515 1236  C:\WINDOWS\system32\drivers\afd.sys - ok
00:25:45.0531 1236  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
00:25:45.0531 1236  C:\WINDOWS\system32\drivers\netbios.sys - ok
00:25:45.0546 1236  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
00:25:45.0546 1236  C:\WINDOWS\system32\drivers\rdbss.sys - ok
00:25:45.0562 1236  [ 0EA4D8ED179B75F8AFA7998BA22285CA ] C:\WINDOWS\system32\drivers\mrxsmb.sys
00:25:45.0562 1236  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
00:25:45.0593 1236  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
00:25:45.0593 1236  C:\WINDOWS\system32\drivers\fips.sys - ok
00:25:45.0609 1236  [ D53D35031365A0ECCB1DC1BC1B15B18E ] C:\WINDOWS\system32\drivers\avgldx86.sys
00:25:45.0609 1236  C:\WINDOWS\system32\drivers\avgldx86.sys - ok
00:25:45.0640 1236  [ A8DE230CC8536790CA07D37FBCD87A74 ] C:\WINDOWS\system32\drivers\avgidsshimx.sys
00:25:45.0640 1236  C:\WINDOWS\system32\drivers\avgidsshimx.sys - ok
00:25:45.0656 1236  [ 7BB2C605094DBCA536D127B434214862 ] C:\WINDOWS\system32\drivers\avgidsdriverx.sys
00:25:45.0656 1236  C:\WINDOWS\system32\drivers\avgidsdriverx.sys - ok
00:25:45.0687 1236  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
00:25:45.0687 1236  C:\WINDOWS\system32\smss.exe - ok
00:25:45.0703 1236  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
00:25:45.0703 1236  C:\WINDOWS\system32\ntdll.dll - ok
00:25:45.0734 1236  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
00:25:45.0734 1236  C:\WINDOWS\system32\autochk.exe - ok
00:25:45.0750 1236  [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
00:25:45.0750 1236  C:\WINDOWS\system32\drivers\fastfat.sys - ok
00:25:45.0781 1236  [ 544D486301588C8199187C9AB5778B4B ] C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
00:25:45.0781 1236  C:\PROGRA~1\AVG\AVG2013\avgrsx.exe - ok
00:25:45.0796 1236  [ 484987420BC8DED2CB26C6F4EC9BA7F2 ] C:\Program Files\AVG\AVG2013\avgsysx.dll
00:25:45.0796 1236  C:\Program Files\AVG\AVG2013\avgsysx.dll - ok
00:25:45.0812 1236  [ 42836D10270B1940F9A2FF77AE679537 ] C:\Program Files\AVG\AVG2013\avgntopensslx.dll
00:25:45.0812 1236  C:\Program Files\AVG\AVG2013\avgntopensslx.dll - ok
00:25:45.0843 1236  [ 1C2E1FC9F8ED794CC191E92F27D1391C ] C:\Program Files\AVG\AVG2013\avglogx.dll
00:25:45.0843 1236  C:\Program Files\AVG\AVG2013\avglogx.dll - ok
00:25:45.0859 1236  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
00:25:45.0859 1236  C:\WINDOWS\system32\drivers\cdfs.sys - ok
00:25:45.0890 1236  [ 69639F0386BEA281CEA009BC66910F12 ] C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
00:25:45.0890 1236  C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - ok
00:25:45.0906 1236  [ D7A487C554F937C794C13730BFBB778F ] C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
00:25:45.0906 1236  C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe - ok
00:25:45.0921 1236  [ E799CCF484D2CC3F7DA31D5822F5417B ] C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
00:25:45.0921 1236  C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe - ok
00:25:45.0953 1236  [ 64C1ADF6DF629F340C5A439FE0EF8ED1 ] C:\WINDOWS\system32\ntoskrnl.exe
00:25:45.0953 1236  C:\WINDOWS\system32\ntoskrnl.exe - ok
00:25:45.0984 1236  [ 76FFA2433FEB42E78FB5421A50C8FBE3 ] C:\Program Files\AVG\AVG2013\avgclitx.dll
00:25:45.0984 1236  C:\Program Files\AVG\AVG2013\avgclitx.dll - ok
00:25:46.0000 1236  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
00:25:46.0000 1236  C:\WINDOWS\system32\msls31.dll - ok
00:25:46.0031 1236  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
00:25:46.0031 1236  C:\WINDOWS\system32\normaliz.dll - ok
00:25:46.0046 1236  [ 91617515AA185259694A1C4882080B99 ] C:\WINDOWS\system32\url.dll
00:25:46.0046 1236  C:\WINDOWS\system32\url.dll - ok
00:25:46.0062 1236  [ D97B5EAE263304486002000F90FA3EA0 ] C:\Program Files\AVG\AVG2013\avgcorex.dll
00:25:46.0062 1236  C:\Program Files\AVG\AVG2013\avgcorex.dll - ok
00:25:46.0078 1236  [ 9DADF1A809ECEC86F04BDE35190D59FE ] C:\Program Files\AVG\AVG2013\avgui.exe
00:25:46.0078 1236  C:\Program Files\AVG\AVG2013\avgui.exe - ok
00:25:46.0109 1236  [ EB74C861075ECFA1B51B396615387657 ] C:\Program Files\AVG\AVG2013\avguires.dll
00:25:46.0109 1236  C:\Program Files\AVG\AVG2013\avguires.dll - ok
00:25:46.0140 1236  [ E6748A0ADC22F0595E31448CAC746D3F ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
00:25:46.0140 1236  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
00:25:46.0156 1236  [ C09116C3F2F168DAB019C047AFDD5285 ] C:\Program Files\Skype\Phone\Skype.exe
00:25:46.0156 1236  C:\Program Files\Skype\Phone\Skype.exe - ok
00:25:46.0171 1236  [ 06DE1310E3F1EA208B3C3B3C3ADE6B55 ] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
00:25:46.0171 1236  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe - ok
00:25:46.0203 1236  [ 0AEE5668EB59912F32FF245BFA72465F ] C:\Program Files\QuickTime\QTTask.exe
00:25:46.0203 1236  C:\Program Files\QuickTime\QTTask.exe - ok
00:25:46.0218 1236  [ 4E65C3C5ACCC24D0BC49A0954E5F4885 ] C:\WINDOWS\system32\VTTimer.exe
00:25:46.0218 1236  C:\WINDOWS\system32\VTTimer.exe - ok
00:25:46.0250 1236  [ CCEAA8D97341E1335AFC353C03456288 ] C:\Program Files\Windows Live\Messenger\msnmsgr.exe
00:25:46.0250 1236  C:\Program Files\Windows Live\Messenger\msnmsgr.exe - ok
00:25:46.0265 1236  [ 6A670B6E55AE63F7A376514FF89921DC ] C:\Program Files\Windows Live\Messenger\uccapi.dll
00:25:46.0265 1236  C:\Program Files\Windows Live\Messenger\uccapi.dll - ok
00:25:46.0296 1236  [ 1AAD42336E6DB80F992F5F7B527CFD65 ] C:\WINDOWS\system32\P17.dll
00:25:46.0296 1236  C:\WINDOWS\system32\P17.dll - ok
00:25:46.0312 1236  [ AE03154242CF7382C4101732F5EA5B37 ] C:\Program Files\Windows Live\Messenger\vvpltfrm.dll
00:25:46.0312 1236  C:\Program Files\Windows Live\Messenger\vvpltfrm.dll - ok
00:25:46.0328 1236  [ 0DF04473539D50ACB66F45D7A052A31B ] C:\Program Files\Yahoo!\Search Protection\fdLoad.dll
00:25:46.0328 1236  C:\Program Files\Yahoo!\Search Protection\fdLoad.dll - ok
00:25:46.0359 1236  [ 55520AF0F65D5BD7A337DCEDDE886125 ] C:\Program Files\iTunes\iTunesHelper.dll
00:25:46.0359 1236  C:\Program Files\iTunes\iTunesHelper.dll - ok
00:25:46.0375 1236  [ 84D68C45074DDA46181382DCE9C35F4E ] C:\Program Files\AWS\WeatherBug\Weather.exe
00:25:46.0375 1236  C:\Program Files\AWS\WeatherBug\Weather.exe - ok
00:25:46.0406 1236  [ EEB43B761B01F7668A466A1439E4D675 ] C:\Program Files\Creative\Shared Files\CTTheme.dll
00:25:46.0406 1236  C:\Program Files\Creative\Shared Files\CTTheme.dll - ok
00:25:46.0437 1236  [ A0609BDC6F6FB484897C9D93EDB72F2B ] C:\Program Files\Yahoo!\Messenger\YImage.dll
00:25:46.0437 1236  C:\Program Files\Yahoo!\Messenger\YImage.dll - ok
00:25:46.0453 1236  [ EC046688C85011435DC8071EBA02F833 ] C:\Program Files\Creative\Shared Files\CtrlSrc.dll
00:25:46.0453 1236  C:\Program Files\Creative\Shared Files\CtrlSrc.dll - ok
00:25:46.0484 1236  [ A2BF3B669D0A20546C0DF46BDB4B7688 ] C:\Program Files\Windows Live\Messenger\uxcore.dll
00:25:46.0484 1236  C:\Program Files\Windows Live\Messenger\uxcore.dll - ok
00:25:46.0500 1236  [ D138A597416BDE252E8448C4EE50FAC6 ] C:\Program Files\AWS\WeatherBug\LTDIS10N.dll
00:25:46.0500 1236  C:\Program Files\AWS\WeatherBug\LTDIS10N.dll - ok
00:25:46.0531 1236  [ 0CBAACD3FD4FE522B3AD59995A327950 ] C:\Program Files\AWS\WeatherBug\ltkrn10N.dll
00:25:46.0531 1236  C:\Program Files\AWS\WeatherBug\ltkrn10N.dll - ok
00:25:46.0546 1236  [ 466A1BEC8297860F119FC0F7F6BEB575 ] C:\Program Files\Windows Live\Messenger\wldcore.dll
00:25:46.0546 1236  C:\Program Files\Windows Live\Messenger\wldcore.dll - ok
00:25:46.0562 1236  [ 85069DAFA12C767A30FDE535A3B7CCEF ] C:\Program Files\AWS\WeatherBug\wxdist.dll
00:25:46.0562 1236  C:\Program Files\AWS\WeatherBug\wxdist.dll - ok
00:25:46.0578 1236  [ 8084668D40E5EB157839C5519E533541 ] C:\Program Files\Creative\Shared Files\CTIniF.dll
00:25:46.0578 1236  C:\Program Files\Creative\Shared Files\CTIniF.dll - ok
00:25:46.0609 1236  [ B82A8501EC8D157C538AD39ABC2F232B ] C:\Program Files\Yahoo!\Messenger\nspr4.dll
00:25:46.0609 1236  C:\Program Files\Yahoo!\Messenger\nspr4.dll - ok
00:25:46.0625 1236  [ 6949065BFABB99C2D94DF49EF94AF199 ] C:\Program Files\Windows Live\Messenger\msidcrl40.dll
00:25:46.0625 1236  C:\Program Files\Windows Live\Messenger\msidcrl40.dll - ok
00:25:46.0656 1236  [ C320CF9B101D9A020AFA8782FE89177B ] C:\Program Files\Windows Live\Messenger\uxcontacts.dll
00:25:46.0656 1236  C:\Program Files\Windows Live\Messenger\uxcontacts.dll - ok
00:25:46.0671 1236  [ 7ABA9B951A13F0C9D64EF3F92C0E1089 ] C:\Program Files\Windows Live\Messenger\wldlog.dll
00:25:46.0671 1236  C:\Program Files\Windows Live\Messenger\wldlog.dll - ok
00:25:46.0703 1236  [ 850909AF581A65F770681090CE60AD99 ] C:\Program Files\Yahoo!\Messenger\ylog.dll
00:25:46.0703 1236  C:\Program Files\Yahoo!\Messenger\ylog.dll - ok
00:25:46.0718 1236  [ EBF1D65EDFFCAC735D60278E64D07852 ] C:\Program Files\Windows Live\Messenger\uxcalendar.dll
00:25:46.0718 1236  C:\Program Files\Windows Live\Messenger\uxcalendar.dll - ok
00:25:46.0734 1236  [ 2A8A3A5BC541B60BA8AC32A8304F3803 ] C:\Program Files\Windows Live\Messenger\liveNatTrav.dll
00:25:46.0734 1236  C:\Program Files\Windows Live\Messenger\liveNatTrav.dll - ok
00:25:46.0765 1236  [ 2F52BF7B6FFF676909726AB18D7EAE11 ] C:\Program Files\Windows Live\Messenger\livetransport.dll
00:25:46.0765 1236  C:\Program Files\Windows Live\Messenger\livetransport.dll - ok
00:25:46.0781 1236  [ F783400E2FE67363BCAF43872CCF03A0 ] C:\Program Files\Yahoo!\Messenger\ymsglite.dll
00:25:46.0781 1236  C:\Program Files\Yahoo!\Messenger\ymsglite.dll - ok
00:25:46.0796 1236  [ 89486A691E3BDB2DC9BA068D0BFDC2D9 ] C:\Program Files\Windows Live\Messenger\PresenceIM.dll
00:25:46.0796 1236  C:\Program Files\Windows Live\Messenger\PresenceIM.dll - ok
00:25:46.0828 1236  [ 14C0CEED8B287EC6427719872669F159 ] C:\Program Files\Yahoo!\Messenger\YHTTP.dll
00:25:46.0828 1236  C:\Program Files\Yahoo!\Messenger\YHTTP.dll - ok
00:25:46.0843 1236  [ 4DD881B1918D195682EA7E696000D342 ] C:\Program Files\Creative\Shared Files\MxLib.dll
00:25:46.0843 1236  C:\Program Files\Creative\Shared Files\MxLib.dll - ok
00:25:46.0859 1236  [ B1F58927E8ECFDF07CCF58CD65C652DE ] C:\Program Files\Yahoo!\Messenger\RGX.dll
00:25:46.0859 1236  C:\Program Files\Yahoo!\Messenger\RGX.dll - ok
00:25:46.0890 1236  [ 3155F44E152978608BA1B781282A304B ] C:\Program Files\Yahoo!\Messenger\YCPSSL.dll
00:25:46.0890 1236  C:\Program Files\Yahoo!\Messenger\YCPSSL.dll - ok
00:25:46.0906 1236  [ 1977DFE0E12C3E086359D02E8697FF13 ] C:\Program Files\AWS\WeatherBug\lfbmp10N.dll
00:25:46.0906 1236  C:\Program Files\AWS\WeatherBug\lfbmp10N.dll - ok
00:25:46.0937 1236  [ FDD11A41FB0BC7B03058B88ED7423172 ] C:\Program Files\AWS\WeatherBug\Lfcmp10n.dll
00:25:46.0937 1236  C:\Program Files\AWS\WeatherBug\Lfcmp10n.dll - ok
00:25:46.0968 1236  [ F4A1034E2D175FC975ABA620889E086F ] C:\Program Files\AWS\WeatherBug\lfimg10N.dll
00:25:46.0968 1236  C:\Program Files\AWS\WeatherBug\lfimg10N.dll - ok
00:25:46.0984 1236  [ EF8270980DEC886BEB3E84FD28D90058 ] C:\Program Files\Windows Live\Messenger\msgslang.14.0.8117.0416.dll
00:25:46.0984 1236  C:\Program Files\Windows Live\Messenger\msgslang.14.0.8117.0416.dll - ok
00:25:47.0000 1236  [ 1358D51456CCBE5719FA0A9D996E74A2 ] C:\Program Files\Windows Live\Messenger\msgsres.dll
00:25:47.0000 1236  C:\Program Files\Windows Live\Messenger\msgsres.dll - ok
00:25:47.0031 1236  [ A6880FAFF2A42209524732B9DBFD6F46 ] C:\Documents and Settings\All Users\Application Data\GameXN\ezGameXN.dll
00:25:47.0031 1236  C:\Documents and Settings\All Users\Application Data\GameXN\ezGameXN.dll - ok
00:25:47.0046 1236  [ 3F0363B40376047EFF6A9B97D633B750 ] C:\Program Files\Windows Live\Messenger\sqmapi.dll
00:25:47.0046 1236  C:\Program Files\Windows Live\Messenger\sqmapi.dll - ok
00:25:47.0062 1236  [ 29444BAF7A41DA3FF5A826A19E355455 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
00:25:47.0062 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll - ok
00:25:47.0093 1236  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
00:25:47.0093 1236  C:\WINDOWS\system32\mscoree.dll - ok
00:25:47.0109 1236  [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
00:25:47.0109 1236  C:\WINDOWS\system32\kernel32.dll - ok
00:25:47.0140 1236  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
00:25:47.0140 1236  C:\WINDOWS\system32\msvcp100.dll - ok
00:25:47.0156 1236  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
00:25:47.0156 1236  C:\WINDOWS\system32\msvcr100.dll - ok
00:25:47.0187 1236  [ A6251155B7017D4B4A77A3531A8DA6D8 ] C:\Program Files\AVG\AVG2013\avgcommx.dll
00:25:47.0187 1236  C:\Program Files\AVG\AVG2013\avgcommx.dll - ok
00:25:47.0203 1236  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] C:\Program Files\AVG\AVG2013\avgidsagent.exe
00:25:47.0203 1236  C:\Program Files\AVG\AVG2013\avgidsagent.exe - ok
00:25:47.0234 1236  [ 751EEDB874FD17A6F26B9E2CC5E19170 ] C:\Program Files\AVG\AVG2013\avglngx.dll
00:25:47.0234 1236  C:\Program Files\AVG\AVG2013\avglngx.dll - ok
00:25:47.0250 1236  [ 6CE32F7778061CCC5814D5E0F282D369 ] C:\WINDOWS\system32\wininet.dll
00:25:47.0250 1236  C:\WINDOWS\system32\wininet.dll - ok
00:25:47.0281 1236  [ 95EFDCB44DD093EDAD447F1D21C8A3F7 ] C:\Program Files\AVG\AVG2013\avgcertx.dll
00:25:47.0281 1236  C:\Program Files\AVG\AVG2013\avgcertx.dll - ok
00:25:47.0296 1236  [ B40F5DCD59ED2A46EED8AE340CC167FB ] C:\Program Files\AVG\AVG2013\avgcfgx.dll
00:25:47.0296 1236  C:\Program Files\AVG\AVG2013\avgcfgx.dll - ok
00:25:47.0312 1236  [ DE35D659575C700BA4E8E912671EA4BA ] C:\Program Files\AVG\AVG2013\avgdiagex.exe
00:25:47.0312 1236  C:\Program Files\AVG\AVG2013\avgdiagex.exe - ok
00:25:47.0328 1236  [ F7E915FA38C119101873AE5E0E7C8B66 ] C:\Program Files\AVG\AVG2013\avgapps.dll
00:25:47.0328 1236  C:\Program Files\AVG\AVG2013\avgapps.dll - ok
00:25:47.0359 1236  [ 7FACB452456EF5C053AF3EE4B228FE0D ] C:\WINDOWS\system32\xpob2res.dll
00:25:47.0359 1236  C:\WINDOWS\system32\xpob2res.dll - ok
00:25:47.0375 1236  [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
00:25:47.0390 1236  C:\WINDOWS\system32\d3d9.dll - ok
00:25:47.0406 1236  [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
00:25:47.0406 1236  C:\WINDOWS\system32\lz32.dll - ok
00:25:47.0421 1236  [ 86440EDFF27095E03741AEDC5752AA51 ] C:\WINDOWS\system32\olecnv32.dll
00:25:47.0421 1236  C:\WINDOWS\system32\olecnv32.dll - ok
00:25:47.0453 1236  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
00:25:47.0453 1236  C:\WINDOWS\system32\version.dll - ok
00:25:47.0468 1236  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
00:25:47.0468 1236  C:\WINDOWS\system32\csrss.exe - ok
00:25:47.0500 1236  [ D8361BEAB7109AB8B069F7F5028E37B1 ] C:\WINDOWS\system32\olesvr32.dll
00:25:47.0500 1236  C:\WINDOWS\system32\olesvr32.dll - ok
00:25:47.0515 1236  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
00:25:47.0515 1236  C:\WINDOWS\system32\user32.dll - ok
00:25:47.0546 1236  [ E86423AA9AA8C382AF02B94A058DC2AA ] C:\WINDOWS\system32\shell32.dll
00:25:47.0546 1236  C:\WINDOWS\system32\shell32.dll - ok
00:25:47.0546 1236  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
00:25:47.0546 1236  C:\WINDOWS\system32\browseui.dll - ok
00:25:47.0578 1236  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
00:25:47.0578 1236  C:\WINDOWS\system32\apphelp.dll - ok
00:25:47.0593 1236  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
00:25:47.0593 1236  C:\WINDOWS\system32\shlwapi.dll - ok
00:25:47.0625 1236  [ 7A6A7900B5E322763430BA6FD9A31224 ] C:\WINDOWS\system32\ole32.dll
00:25:47.0625 1236  C:\WINDOWS\system32\ole32.dll - ok
00:25:47.0640 1236  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
00:25:47.0640 1236  C:\WINDOWS\system32\comctl32.dll - ok
00:25:47.0671 1236  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
00:25:47.0671 1236  C:\WINDOWS\system32\sfcfiles.dll - ok
00:25:47.0687 1236  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
00:25:47.0687 1236  C:\WINDOWS\system32\advapi32.dll - ok
00:25:47.0718 1236  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
00:25:47.0718 1236  C:\WINDOWS\system32\comdlg32.dll - ok
00:25:47.0734 1236  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
00:25:47.0734 1236  C:\WINDOWS\system32\gdi32.dll - ok
00:25:47.0750 1236  [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
00:25:47.0750 1236  C:\WINDOWS\system32\imagehlp.dll - ok
00:25:47.0781 1236  [ 387006CF9983000BAB76DD250D424045 ] C:\WINDOWS\system32\oleaut32.dll
00:25:47.0781 1236  C:\WINDOWS\system32\oleaut32.dll - ok
00:25:47.0796 1236  [ 6100D350770A5595FBF4C96F3510BADC ] C:\WINDOWS\system32\csrsrv.dll
00:25:47.0796 1236  C:\WINDOWS\system32\csrsrv.dll - ok
00:25:47.0812 1236  [ FA1B9CAE64B23C950DA3D96ABBF23BD0 ] C:\WINDOWS\system32\olecli32.dll
00:25:47.0812 1236  C:\WINDOWS\system32\olecli32.dll - ok
00:25:47.0828 1236  [ AE9543F20FCC1E7BCAA13051CC076147 ] C:\WINDOWS\system32\olethk32.dll
00:25:47.0828 1236  C:\WINDOWS\system32\olethk32.dll - ok
00:25:47.0859 1236  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
00:25:47.0859 1236  C:\WINDOWS\system32\rpcrt4.dll - ok
00:25:47.0890 1236  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
00:25:47.0890 1236  C:\WINDOWS\system32\msvcrt.dll - ok
00:25:47.0906 1236  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
00:25:47.0906 1236  C:\WINDOWS\system32\wldap32.dll - ok
00:25:47.0937 1236  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
00:25:47.0937 1236  C:\WINDOWS\system32\mpr.dll - ok
00:25:47.0953 1236  [ 681B807E53BDADA337735C28C0E48A1B ] C:\WINDOWS\system32\ntvdm.exe
00:25:47.0953 1236  C:\WINDOWS\system32\ntvdm.exe - ok
00:25:47.0984 1236  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
00:25:47.0984 1236  C:\WINDOWS\system32\secur32.dll - ok
00:25:48.0000 1236  [ 045DF7AE14CAAED71338916D6FB66812 ] C:\WINDOWS\system32\wow32.dll
00:25:48.0000 1236  C:\WINDOWS\system32\wow32.dll - ok
00:25:48.0031 1236  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
00:25:48.0031 1236  C:\WINDOWS\system32\userenv.dll - ok
00:25:48.0046 1236  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:25:48.0046 1236  C:\WINDOWS\system32\basesrv.dll - ok
00:25:48.0062 1236  [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
00:25:48.0062 1236  C:\WINDOWS\system32\atmfd.dll - ok
00:25:48.0078 1236  [ 42B5427FAC23BF6F1F31E466B7FEB084 ] C:\WINDOWS\system32\winsrv.dll
00:25:48.0078 1236  C:\WINDOWS\system32\winsrv.dll - ok
00:25:48.0109 1236  [ D10D468711F50AA786BBEA021398D4A9 ] C:\WINDOWS\system32\vtdisp.dll
00:25:48.0109 1236  C:\WINDOWS\system32\vtdisp.dll - ok
00:25:48.0125 1236  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
00:25:48.0125 1236  C:\WINDOWS\system32\vga.dll - ok
00:25:48.0156 1236  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
00:25:48.0156 1236  C:\WINDOWS\system32\winlogon.exe - ok
00:25:48.0171 1236  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
00:25:48.0171 1236  C:\WINDOWS\system32\authz.dll - ok
00:25:48.0203 1236  [ BDAAF79DD63F194434D31A74B9BB8B77 ] C:\WINDOWS\system32\crypt32.dll
00:25:48.0203 1236  C:\WINDOWS\system32\crypt32.dll - ok
00:25:48.0218 1236  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
00:25:48.0218 1236  C:\WINDOWS\system32\msasn1.dll - ok
00:25:48.0250 1236  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
00:25:48.0250 1236  C:\WINDOWS\system32\nddeapi.dll - ok
00:25:48.0265 1236  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
00:25:48.0265 1236  C:\WINDOWS\system32\profmap.dll - ok
00:25:48.0296 1236  [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
00:25:48.0296 1236  C:\WINDOWS\system32\netapi32.dll - ok
00:25:48.0312 1236  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
00:25:48.0312 1236  C:\WINDOWS\system32\psapi.dll - ok
00:25:48.0328 1236  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
00:25:48.0328 1236  C:\WINDOWS\system32\regapi.dll - ok
00:25:48.0343 1236  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
00:25:48.0343 1236  C:\WINDOWS\system32\setupapi.dll - ok
00:25:48.0375 1236  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
00:25:48.0375 1236  C:\WINDOWS\system32\winsta.dll - ok
00:25:48.0390 1236  [ AEADC4FE32D6D60F36D9B9ACE5C642A2 ] C:\WINDOWS\system32\wintrust.dll
00:25:48.0390 1236  C:\WINDOWS\system32\wintrust.dll - ok
00:25:48.0421 1236  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
00:25:48.0421 1236  C:\WINDOWS\system32\ws2_32.dll - ok
00:25:48.0453 1236  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
00:25:48.0453 1236  C:\WINDOWS\system32\imm32.dll - ok
00:25:48.0468 1236  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
00:25:48.0468 1236  C:\WINDOWS\system32\ws2help.dll - ok
00:25:48.0500 1236  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
00:25:48.0500 1236  C:\WINDOWS\system32\sxs.dll - ok
00:25:48.0515 1236  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
00:25:48.0515 1236  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
00:25:48.0546 1236  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
00:25:48.0546 1236  C:\WINDOWS\system32\atl.dll - ok
00:25:48.0562 1236  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
00:25:48.0562 1236  C:\WINDOWS\system32\kbdus.dll - ok
00:25:48.0578 1236  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
00:25:48.0578 1236  C:\WINDOWS\system32\msgina.dll - ok
00:25:48.0609 1236  [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
00:25:48.0609 1236  C:\WINDOWS\system32\winmm.dll - ok
00:25:48.0625 1236  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
00:25:48.0625 1236  C:\WINDOWS\system32\odbc32.dll - ok
00:25:48.0640 1236  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
00:25:48.0640 1236  C:\WINDOWS\system32\odbcint.dll - ok
00:25:48.0671 1236  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
00:25:48.0671 1236  C:\WINDOWS\system32\sfc.dll - ok
00:25:48.0687 1236  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
00:25:48.0687 1236  C:\WINDOWS\system32\shsvcs.dll - ok
00:25:48.0718 1236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
00:25:48.0718 1236  C:\WINDOWS\system32\lsass.exe - ok
00:25:48.0734 1236  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
00:25:48.0734 1236  C:\WINDOWS\system32\ncobjapi.dll - ok
00:25:48.0765 1236  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:25:48.0765 1236  C:\WINDOWS\system32\services.exe - ok
00:25:48.0781 1236  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
00:25:48.0781 1236  C:\WINDOWS\system32\sfc_os.dll - ok
00:25:48.0796 1236  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
00:25:48.0796 1236  C:\WINDOWS\system32\lsasrv.dll - ok
00:25:48.0828 1236  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
00:25:48.0828 1236  C:\WINDOWS\system32\rasadhlp.dll - ok
00:25:48.0843 1236  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
00:25:48.0843 1236  C:\WINDOWS\system32\msvcp60.dll - ok
00:25:48.0875 1236  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
00:25:48.0875 1236  C:\WINDOWS\system32\dnsapi.dll - ok
00:25:48.0890 1236  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
00:25:48.0890 1236  C:\WINDOWS\system32\ntdsapi.dll - ok
00:25:48.0921 1236  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
00:25:48.0921 1236  C:\WINDOWS\system32\scesrv.dll - ok
00:25:48.0937 1236  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
00:25:48.0937 1236  C:\WINDOWS\system32\umpnpmgr.dll - ok
00:25:48.0968 1236  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
00:25:48.0968 1236  C:\WINDOWS\system32\samlib.dll - ok
00:25:48.0984 1236  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
00:25:48.0984 1236  C:\WINDOWS\system32\samsrv.dll - ok
00:25:49.0000 1236  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
00:25:49.0000 1236  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
00:25:49.0031 1236  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
00:25:49.0031 1236  C:\WINDOWS\AppPatch\AcGenral.dll - ok
00:25:49.0046 1236  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
00:25:49.0046 1236  C:\WINDOWS\system32\cryptdll.dll - ok
00:25:49.0062 1236  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
00:25:49.0062 1236  C:\WINDOWS\system32\shimeng.dll - ok
00:25:49.0093 1236  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
00:25:49.0093 1236  C:\WINDOWS\system32\msacm32.dll - ok
00:25:49.0109 1236  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
00:25:49.0109 1236  C:\WINDOWS\system32\msapsspc.dll - ok
00:25:49.0140 1236  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
00:25:49.0140 1236  C:\WINDOWS\system32\uxtheme.dll - ok
00:25:49.0156 1236  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
00:25:49.0156 1236  C:\WINDOWS\system32\digest.dll - ok
00:25:49.0187 1236  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
00:25:49.0187 1236  C:\WINDOWS\system32\msnsspc.dll - ok
00:25:49.0218 1236  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
00:25:49.0218 1236  C:\WINDOWS\system32\msvcrt40.dll - ok
00:25:49.0234 1236  [ 30ACE70B3C0242F0D1AC3B4FA708710F ] C:\WINDOWS\system32\schannel.dll
00:25:49.0234 1236  C:\WINDOWS\system32\schannel.dll - ok
00:25:49.0265 1236  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
00:25:49.0265 1236  C:\WINDOWS\system32\msprivs.dll - ok
00:25:49.0281 1236  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
00:25:49.0281 1236  C:\WINDOWS\system32\kerberos.dll - ok
00:25:49.0296 1236  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
00:25:49.0296 1236  C:\WINDOWS\system32\msv1_0.dll - ok
00:25:49.0328 1236  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
00:25:49.0328 1236  C:\WINDOWS\system32\MSCTF.dll - ok
00:25:49.0343 1236  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
00:25:49.0343 1236  C:\WINDOWS\system32\iphlpapi.dll - ok
00:25:49.0375 1236  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
00:25:49.0375 1236  C:\WINDOWS\system32\netlogon.dll - ok
00:25:49.0390 1236  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
00:25:49.0390 1236  C:\WINDOWS\system32\w32time.dll - ok
00:25:49.0421 1236  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
00:25:49.0421 1236  C:\WINDOWS\system32\rsaenh.dll - ok
00:25:49.0437 1236  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
00:25:49.0437 1236  C:\WINDOWS\system32\wdigest.dll - ok
00:25:49.0453 1236  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
00:25:49.0453 1236  C:\WINDOWS\system32\scecli.dll - ok
00:25:49.0484 1236  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
00:25:49.0484 1236  C:\WINDOWS\system32\svchost.exe - ok
00:25:49.0500 1236  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
00:25:49.0500 1236  C:\WINDOWS\system32\winscard.dll - ok
00:25:49.0531 1236  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
00:25:49.0531 1236  C:\WINDOWS\system32\wtsapi32.dll - ok
00:25:49.0546 1236  [ 84FF488E249DBD2050EB39EA81C6F5C2 ] C:\WINDOWS\system32\ntkrnlpa.exe
00:25:49.0546 1236  C:\WINDOWS\system32\ntkrnlpa.exe - ok
00:25:49.0562 1236  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
00:25:49.0562 1236  C:\WINDOWS\system32\ntmarta.dll - ok
00:25:49.0593 1236  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
00:25:49.0593 1236  C:\WINDOWS\system32\rpcss.dll - ok
00:25:49.0609 1236  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
00:25:49.0625 1236  C:\WINDOWS\system32\xpsp2res.dll - ok
00:25:49.0640 1236  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
00:25:49.0640 1236  C:\WINDOWS\system32\eventlog.dll - ok
00:25:49.0656 1236  [ DA45AD502B4F2B7FC4ADEBA2E309F384 ] C:\WINDOWS\system32\netevent.dll
00:25:49.0656 1236  C:\WINDOWS\system32\netevent.dll - ok
00:25:49.0687 1236  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
00:25:49.0687 1236  C:\WINDOWS\system32\logonui.exe - ok
00:25:49.0703 1236  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
00:25:49.0703 1236  C:\WINDOWS\system32\duser.dll - ok
00:25:49.0734 1236  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
00:25:49.0734 1236  C:\WINDOWS\system32\msimg32.dll - ok
00:25:49.0750 1236  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
00:25:49.0750 1236  C:\WINDOWS\system32\mswsock.dll - ok
00:25:49.0781 1236  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
00:25:49.0781 1236  C:\WINDOWS\system32\winrnr.dll - ok
00:25:49.0796 1236  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
00:25:49.0796 1236  C:\WINDOWS\system32\wshtcpip.dll - ok
00:25:49.0812 1236  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
00:25:49.0812 1236  C:\WINDOWS\system32\hnetcfg.dll - ok
00:25:49.0843 1236  [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
00:25:49.0843 1236  C:\WINDOWS\system32\oleacc.dll - ok
00:25:49.0859 1236  [ C69DBFA61FE3DEA653A9B83C3A2B052B ] C:\Program Files\Bonjour\mdnsNSP.dll
00:25:49.0859 1236  C:\Program Files\Bonjour\mdnsNSP.dll - ok
00:25:49.0875 1236  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
00:25:49.0875 1236  C:\WINDOWS\system32\dimsntfy.dll - ok
00:25:49.0906 1236  [ 6654698F76CF6E46D5D321C53721947C ] C:\WINDOWS\system32\oleaccrc.dll
00:25:49.0906 1236  C:\WINDOWS\system32\oleaccrc.dll - ok
00:25:49.0921 1236  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
00:25:49.0921 1236  C:\WINDOWS\system32\clbcatq.dll - ok
00:25:49.0953 1236  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
00:25:49.0953 1236  C:\WINDOWS\system32\comres.dll - ok
00:25:49.0968 1236  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
00:25:49.0968 1236  C:\WINDOWS\system32\wmi.dll - ok
00:25:50.0000 1236  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
00:25:50.0000 1236  C:\WINDOWS\system32\cscdll.dll - ok
00:25:50.0015 1236  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
00:25:50.0015 1236  C:\WINDOWS\system32\shgina.dll - ok
00:25:50.0046 1236  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
00:25:50.0046 1236  C:\WINDOWS\system32\wlnotify.dll - ok
00:25:50.0062 1236  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
00:25:50.0062 1236  C:\WINDOWS\system32\dhcpcsvc.dll - ok
00:25:50.0078 1236  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
00:25:50.0078 1236  C:\WINDOWS\system32\dnsrslvr.dll - ok
00:25:50.0109 1236  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
00:25:50.0109 1236  C:\WINDOWS\system32\dsound.dll - ok
00:25:50.0125 1236  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
00:25:50.0125 1236  C:\WINDOWS\system32\lmhsvc.dll - ok
00:25:50.0140 1236  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
00:25:50.0140 1236  C:\WINDOWS\system32\wzcsvc.dll - ok
00:25:50.0171 1236  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
00:25:50.0171 1236  C:\WINDOWS\system32\rtutils.dll - ok
00:25:50.0187 1236  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
00:25:50.0187 1236  C:\WINDOWS\system32\dot3api.dll - ok
00:25:50.0218 1236  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
00:25:50.0218 1236  C:\WINDOWS\system32\eapolqec.dll - ok
00:25:50.0234 1236  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
00:25:50.0234 1236  C:\WINDOWS\system32\esent.dll - ok
00:25:50.0250 1236  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
00:25:50.0250 1236  C:\WINDOWS\system32\qutil.dll - ok
00:25:50.0281 1236  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
00:25:50.0281 1236  C:\WINDOWS\system32\cscui.dll - ok
00:25:50.0296 1236  [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
00:25:50.0296 1236  C:\WINDOWS\system32\dpcdll.dll - ok
00:25:50.0312 1236  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
00:25:50.0312 1236  C:\WINDOWS\system32\powrprof.dll - ok
00:25:50.0328 1236  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
00:25:50.0328 1236  C:\WINDOWS\system32\mlang.dll - ok
00:25:50.0359 1236  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
00:25:50.0359 1236  C:\WINDOWS\system32\rastls.dll - ok
00:25:50.0375 1236  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
00:25:50.0375 1236  C:\WINDOWS\system32\cryptui.dll - ok
00:25:50.0406 1236  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
00:25:50.0406 1236  C:\WINDOWS\system32\activeds.dll - ok
00:25:50.0421 1236  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
00:25:50.0421 1236  C:\WINDOWS\system32\mprapi.dll - ok
00:25:50.0453 1236  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
00:25:50.0453 1236  C:\WINDOWS\system32\userinit.exe - ok
00:25:50.0468 1236  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
00:25:50.0468 1236  C:\WINDOWS\system32\adsldpc.dll - ok
00:25:50.0500 1236  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
00:25:50.0500 1236  C:\WINDOWS\system32\rasapi32.dll - ok
00:25:50.0515 1236  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
00:25:50.0515 1236  C:\WINDOWS\explorer.exe - ok
00:25:50.0546 1236  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
00:25:50.0546 1236  C:\WINDOWS\system32\rasman.dll - ok
00:25:50.0546 1236  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
00:25:50.0546 1236  C:\WINDOWS\system32\riched20.dll - ok
00:25:50.0578 1236  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
00:25:50.0578 1236  C:\WINDOWS\system32\tapi32.dll - ok
00:25:50.0593 1236  [ 566382CA5F2C41FEAEEEFAC908F1EB92 ] C:\WINDOWS\system32\xmlprovi.dll
00:25:50.0593 1236  C:\WINDOWS\system32\xmlprovi.dll - ok
00:25:50.0625 1236  [ 056EF846CBFD487A5F56F27DB400BDEE ] C:\WINDOWS\system32\shdocvw.dll
00:25:50.0625 1236  C:\WINDOWS\system32\shdocvw.dll - ok
00:25:50.0640 1236  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
00:25:50.0640 1236  C:\WINDOWS\system32\netman.dll - ok
00:25:50.0671 1236  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
00:25:50.0671 1236  C:\WINDOWS\system32\raschap.dll - ok
00:25:50.0687 1236  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
00:25:50.0687 1236  C:\WINDOWS\system32\wzcsapi.dll - ok
00:25:50.0718 1236  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
00:25:50.0718 1236  C:\WINDOWS\system32\netshell.dll - ok
00:25:50.0734 1236  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
00:25:50.0734 1236  C:\WINDOWS\system32\credui.dll - ok
00:25:50.0765 1236  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
00:25:50.0765 1236  C:\WINDOWS\system32\dot3dlg.dll - ok
00:25:50.0781 1236  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
00:25:50.0781 1236  C:\WINDOWS\system32\onex.dll - ok
00:25:50.0796 1236  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
00:25:50.0796 1236  C:\WINDOWS\system32\themeui.dll - ok
00:25:50.0812 1236  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
00:25:50.0812 1236  C:\WINDOWS\system32\eappcfg.dll - ok
00:25:50.0843 1236  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
00:25:50.0843 1236  C:\WINDOWS\system32\eappprxy.dll - ok
00:25:50.0859 1236  [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\MSIMTF.dll
00:25:50.0859 1236  C:\WINDOWS\system32\MSIMTF.dll - ok
00:25:50.0890 1236  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
00:25:50.0890 1236  C:\WINDOWS\system32\audiosrv.dll - ok
00:25:50.0906 1236  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
00:25:50.0906 1236  C:\WINDOWS\system32\msidle.dll - ok
00:25:50.0937 1236  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
00:25:50.0937 1236  C:\WINDOWS\system32\schedsvc.dll - ok
00:25:50.0953 1236  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
00:25:50.0953 1236  C:\WINDOWS\system32\spoolsv.exe - ok
00:25:50.0984 1236  [ 626A24ED1228580B9518C01930936DF9 ] C:\Program Files\Google\Update\GoogleUpdate.exe
00:25:50.0984 1236  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
00:25:51.0000 1236  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
00:25:51.0000 1236  C:\WINDOWS\system32\actxprxy.dll - ok
00:25:51.0031 1236  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
00:25:51.0031 1236  C:\WINDOWS\system32\wkssvc.dll - ok
00:25:51.0046 1236  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
00:25:51.0046 1236  C:\WINDOWS\system32\linkinfo.dll - ok
00:25:51.0062 1236  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
00:25:51.0062 1236  C:\WINDOWS\system32\midimap.dll - ok
00:25:51.0093 1236  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
00:25:51.0093 1236  C:\WINDOWS\system32\ntshrui.dll - ok
00:25:51.0109 1236  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files\Google\Update\1.3.21.145\goopdate.dll
00:25:51.0109 1236  C:\Program Files\Google\Update\1.3.21.145\goopdate.dll - ok
00:25:51.0140 1236  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
00:25:51.0140 1236  C:\WINDOWS\system32\msi.dll - ok
00:25:51.0171 1236  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
00:25:51.0171 1236  C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
00:25:51.0187 1236  [ AFC858E7152F99575C54D6C6418A44AB ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
00:25:51.0187 1236  C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
00:25:51.0203 1236  [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
00:25:51.0203 1236  C:\WINDOWS\system32\msisip.dll - ok
00:25:51.0234 1236  [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
00:25:51.0234 1236  C:\WINDOWS\system32\wshext.dll - ok
00:25:51.0250 1236  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
00:25:51.0250 1236  C:\WINDOWS\system32\wsock32.dll - ok
00:25:51.0281 1236  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
00:25:51.0281 1236  C:\WINDOWS\system32\mstask.dll - ok
00:25:51.0296 1236  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
00:25:51.0296 1236  C:\WINDOWS\system32\stobject.dll - ok
00:25:51.0312 1236  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
00:25:51.0312 1236  C:\WINDOWS\system32\batmeter.dll - ok
00:25:51.0343 1236  [ 8C77ECF3C7DCBB926312B7ECED6ECA75 ] C:\WINDOWS\system32\winhttp.dll
00:25:51.0343 1236  C:\WINDOWS\system32\winhttp.dll - ok
00:25:51.0359 1236  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
00:25:51.0359 1236  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
00:25:51.0390 1236  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
00:25:51.0390 1236  C:\WINDOWS\system32\mydocs.dll - ok
00:25:51.0406 1236  [ 1EEAE496A51F017D04DD41322935D2B9 ] C:\Program Files\Outlook Express\msimn.exe
00:25:51.0406 1236  C:\Program Files\Outlook Express\msimn.exe - ok
00:25:51.0421 1236  [ 29A9A30CA99EA2C28E1153FFB1AF2B57 ] C:\Program Files\Outlook Express\wab.exe
00:25:51.0421 1236  C:\Program Files\Outlook Express\wab.exe - ok
00:25:51.0453 1236  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
00:25:51.0453 1236  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
00:25:51.0484 1236  [ FC1F164B1DF33802CC7DC15203C043F4 ] C:\WINDOWS\system32\rcimlby.exe
00:25:51.0484 1236  C:\WINDOWS\system32\rcimlby.exe - ok
00:25:51.0500 1236  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
00:25:51.0500 1236  C:\WINDOWS\system32\cmd.exe - ok
00:25:51.0531 1236  [ 5E28284F9B5F9097640D58A73D38AD4C ] C:\WINDOWS\system32\notepad.exe
00:25:51.0531 1236  C:\WINDOWS\system32\notepad.exe - ok
00:25:51.0546 1236  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
00:25:51.0546 1236  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
00:25:51.0562 1236  [ 809CFE39672E833E806E00560DDD7568 ] C:\WINDOWS\system32\compatUI.dll
00:25:51.0562 1236  C:\WINDOWS\system32\compatUI.dll - ok
00:25:51.0578 1236  [ 95786E866A54C7782E60855D2BAE5410 ] C:\WINDOWS\system32\mobsync.exe
00:25:51.0578 1236  C:\WINDOWS\system32\mobsync.exe - ok
00:25:51.0609 1236  [ A52DD5B6566B092143AE42877F2EDD62 ] C:\WINDOWS\system32\tourstart.exe
00:25:51.0609 1236  C:\WINDOWS\system32\tourstart.exe - ok
00:25:51.0640 1236  [ 435C7907F33DED3DA09E63F9C8A2B17A ] C:\WINDOWS\system32\magnify.exe
00:25:51.0640 1236  C:\WINDOWS\system32\magnify.exe - ok
00:25:51.0656 1236  [ 21F839F2281473642AC2060F30E19DC7 ] C:\WINDOWS\system32\narrator.exe
00:25:51.0656 1236  C:\WINDOWS\system32\narrator.exe - ok
00:25:51.0671 1236  [ 02972E153C4633BE999D8F5890BEA71E ] C:\WINDOWS\system32\osk.exe
00:25:51.0671 1236  C:\WINDOWS\system32\osk.exe - ok
00:25:51.0703 1236  [ 0845E936C85AD45B452CBC86A316CF2A ] C:\WINDOWS\system32\utilman.exe
00:25:51.0703 1236  C:\WINDOWS\system32\utilman.exe - ok
00:25:51.0718 1236  [ 1191D84C20F70BB4D84AE689E3E57F07 ] C:\Program Files\WinRAR\WinRAR.exe
00:25:51.0718 1236  C:\Program Files\WinRAR\WinRAR.exe - ok
00:25:51.0750 1236  [ 3E930C641079443D4DE036167A69CAA2 ] C:\Program Files\Messenger\msmsgs.exe
00:25:51.0750 1236  C:\Program Files\Messenger\msmsgs.exe - ok
00:25:51.0765 1236  [ 6BA0A833DCABF3E28622143689E2C92E ] C:\WINDOWS\hh.exe
00:25:51.0765 1236  C:\WINDOWS\hh.exe - ok
00:25:51.0781 1236  [ 6E50CF2D310320DCD190FA33FC2D2F96 ] C:\WINDOWS\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
00:25:51.0781 1236  C:\WINDOWS\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe - ok
00:25:51.0796 1236  [ C634AD19D294976358870F8ED75BF24A ] C:\Program Files\7-Zip\7zFM.exe
00:25:51.0796 1236  C:\Program Files\7-Zip\7zFM.exe - ok
00:25:51.0828 1236  [ 829E4805B0E12B383EE09ABDC9E2DC3C ] C:\WINDOWS\system32\calc.exe
00:25:51.0828 1236  C:\WINDOWS\system32\calc.exe - ok
00:25:51.0843 1236  [ A68DA24239C7BA6C424E1AEAE7AA3E7A ] C:\WINDOWS\system32\mspaint.exe
00:25:51.0843 1236  C:\WINDOWS\system32\mspaint.exe - ok
00:25:51.0875 1236  [ 33D679D5CC80CCC8E784CC588DA12465 ] C:\WINDOWS\system32\mstsc.exe
00:25:51.0875 1236  C:\WINDOWS\system32\mstsc.exe - ok
00:25:51.0890 1236  [ 485FE82CA36117F5E1599831EDD6FB14 ] C:\WINDOWS\system32\wiaacmgr.exe
00:25:51.0890 1236  C:\WINDOWS\system32\wiaacmgr.exe - ok
00:25:51.0921 1236  [ 0B0526CE79C2082400E661A0ABE52A14 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
00:25:51.0921 1236  C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
00:25:51.0937 1236  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
00:25:51.0937 1236  C:\WINDOWS\system32\rasmans.dll - ok
00:25:51.0968 1236  [ D4B13D675DEC600C5A0ED2BB0EB301E6 ] C:\WINDOWS\system32\accwiz.exe
00:25:51.0968 1236  C:\WINDOWS\system32\accwiz.exe - ok
00:25:51.0984 1236  [ 9DBB82FB602AA42B131C55C5D136DC9C ] C:\Program Files\Windows NT\hypertrm.exe
00:25:51.0984 1236  C:\Program Files\Windows NT\hypertrm.exe - ok
00:25:52.0015 1236  [ 706D2B737E8673D365B6E8FDA3D0478F ] C:\WINDOWS\system32\hnetwiz.dll
00:25:52.0015 1236  C:\WINDOWS\system32\hnetwiz.dll - ok
00:25:52.0031 1236  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
00:25:52.0031 1236  C:\WINDOWS\system32\sens.dll - ok
00:25:52.0046 1236  [ B22332758A8293C14DB318748A928CC4 ] C:\WINDOWS\system32\sndrec32.exe
00:25:52.0046 1236  C:\WINDOWS\system32\sndrec32.exe - ok
00:25:52.0078 1236  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
00:25:52.0078 1236  C:\WINDOWS\system32\winipsec.dll - ok
00:25:52.0093 1236  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
00:25:52.0093 1236  C:\WINDOWS\system32\netcfgx.dll - ok
00:25:52.0125 1236  [ 7DF33946B5911E75320CCA9AC1A3492B ] C:\WINDOWS\system32\sndvol32.exe
00:25:52.0125 1236  C:\WINDOWS\system32\sndvol32.exe - ok
00:25:52.0140 1236  [ 060D8088F95A3A4BEA0F0E11A65F853D ] C:\WINDOWS\system32\ntbackup.exe
00:25:52.0140 1236  C:\WINDOWS\system32\ntbackup.exe - ok
00:25:52.0171 1236  [ AC9FA2BA34225342A8897930503AE12F ] C:\WINDOWS\system32\charmap.exe
00:25:52.0171 1236  C:\WINDOWS\system32\charmap.exe - ok
00:25:52.0187 1236  [ 2C4E4027E418EB4F0ED1E3793A4834DF ] C:\WINDOWS\system32\cleanmgr.exe
00:25:52.0187 1236  C:\WINDOWS\system32\cleanmgr.exe - ok
00:25:52.0218 1236  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
00:25:52.0218 1236  C:\WINDOWS\system32\clusapi.dll - ok
00:25:52.0234 1236  [ 090D5891041E35E18C77F664581C0BD6 ] C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
00:25:52.0234 1236  C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe - ok
00:25:52.0265 1236  [ 7DAC4089BCA671C305BB61242CDE29F8 ] C:\WINDOWS\system32\dfrgres.dll
00:25:52.0265 1236  C:\WINDOWS\system32\dfrgres.dll - ok
00:25:52.0281 1236  [ BD6C1488F63D64DEA8EE514802FC2CDD ] C:\WINDOWS\system32\Restore\rstrui.exe
00:25:52.0281 1236  C:\WINDOWS\system32\Restore\rstrui.exe - ok
00:25:52.0296 1236  [ F69576955AD53CC33A17BA1E4709AA34 ] C:\WINDOWS\system32\usmt\migwiz.exe
00:25:52.0296 1236  C:\WINDOWS\system32\usmt\migwiz.exe - ok
00:25:52.0328 1236  [ F48AB90A886200BCDA169AD7F06037D6 ] C:\WINDOWS\system32\els.dll
00:25:52.0328 1236  C:\WINDOWS\system32\els.dll - ok
00:25:52.0343 1236  [ A1226C81B5DC433CC6A6CA28D84AC303 ] C:\WINDOWS\system32\mycomput.dll
00:25:52.0343 1236  C:\WINDOWS\system32\mycomput.dll - ok
00:25:52.0375 1236  [ 2B6B61FE79E9706BE306856F7A795133 ] C:\WINDOWS\system32\odbcad32.exe
00:25:52.0375 1236  C:\WINDOWS\system32\odbcad32.exe - ok
00:25:52.0390 1236  [ 8B6EEB735F2A7430D44B032568405AE4 ] C:\WINDOWS\system32\wsecedit.dll
00:25:52.0390 1236  C:\WINDOWS\system32\wsecedit.dll - ok
00:25:52.0421 1236  [ 4DC59B4223E833652135B2454F7ECAD2 ] C:\WINDOWS\system32\filemgmt.dll
00:25:52.0421 1236  C:\WINDOWS\system32\filemgmt.dll - ok
00:25:52.0437 1236  [ 3EFAD2D82166889704610A5C8FB49984 ] C:\Program Files\Aneesoft\Aneesoft Free Apple TV Video Converter\unins000.exe
00:25:52.0437 1236  C:\Program Files\Aneesoft\Aneesoft Free Apple TV Video Converter\unins000.exe - ok
00:25:52.0453 1236  [ D0D981537934A37AE4DF3BAC48ECD370 ] C:\Program Files\Crazy Browser\unins001.exe
00:25:52.0453 1236  C:\Program Files\Crazy Browser\unins001.exe - ok
00:25:52.0484 1236  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
00:25:52.0484 1236  C:\WINDOWS\system32\webclnt.dll - ok
00:25:52.0500 1236  [ F78FEA74CC22F5549CD2D1683988FD9F ] C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
00:25:52.0500 1236  C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe - ok
00:25:52.0531 1236  [ A0D519C57DCC1A603871E57D8EC1D09A ] C:\Program Files\Creative\Support\System Information\CTSI.exe
00:25:52.0531 1236  C:\Program Files\Creative\Support\System Information\CTSI.exe - ok
00:25:52.0546 1236  [ 20F6F19FE9E753F2780DC2FA083AD597 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:25:52.0546 1236  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
00:25:52.0562 1236  [ A20480AD0EAA2A19C6BE02172A889F19 ] C:\Program Files\Creative\SBAudigy\WaveStudio 7\CTWave.exe
00:25:52.0578 1236  C:\Program Files\Creative\SBAudigy\WaveStudio 7\CTWave.exe - ok
00:25:52.0593 1236  [ 8D25A3BF9D0005D264F105414AE2CDE6 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
00:25:52.0593 1236  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll - ok
00:25:52.0609 1236  [ CEB7E32A3910B96CA2CF037159CA2AD3 ] C:\Program Files\Creative\Product Registration\English\InetReg.exe
00:25:52.0609 1236  C:\Program Files\Creative\Product Registration\English\InetReg.exe - ok
00:25:52.0640 1236  [ 0EF2917EFD6D96E4C9CF121738CF5409 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
00:25:52.0640 1236  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll - ok
00:25:52.0656 1236  [ 96B36DF8E5D0ED0F46D5A4E16B48CE0E ] C:\Program Files\Creative\MediaSource5\AudCvtu.exe
00:25:52.0656 1236  C:\Program Files\Creative\MediaSource5\AudCvtu.exe - ok
00:25:52.0687 1236  [ E0EF9423AFE49A7969F36208CB81FB40 ] C:\Program Files\Creative\MediaSource5\CTCMSu.exe
00:25:52.0687 1236  C:\Program Files\Creative\MediaSource5\CTCMSu.exe - ok
00:25:52.0703 1236  [ 1A6AEAFAD95D1B21B0F2D58A2F5E775D ] C:\Program Files\Creative\SBAudigy\Diagnostics\diagnos3.exe
00:25:52.0703 1236  C:\Program Files\Creative\SBAudigy\Diagnostics\diagnos3.exe - ok
00:25:52.0734 1236  [ 6EDC9CA4E797E31D7756AE2D2CDE8A2E ] C:\Program Files\Creative\SBAudigy\EAXSet\EAXSet.exe
00:25:52.0734 1236  C:\Program Files\Creative\SBAudigy\EAXSet\EAXSet.exe - ok
00:25:52.0750 1236  [ 041A54A526F7B0BC54E832853CA4BCEC ] C:\Program Files\Creative\SBAudigy\Equalizer\CTEQ.exe
00:25:52.0750 1236  C:\Program Files\Creative\SBAudigy\Equalizer\CTEQ.exe - ok
00:25:52.0781 1236  [ 653116AA9E67AB2DFE333F18ABB116E5 ] C:\Program Files\Creative\SBAudigy\Program\Restore.exe
00:25:52.0781 1236  C:\Program Files\Creative\SBAudigy\Program\Restore.exe - ok
00:25:52.0796 1236  [ 48E8A3FD423AC43CA2FF0276CAB80F44 ] C:\Program Files\Creative\SBAudigy\Smart Recorder\SmartRec.exe
00:25:52.0796 1236  C:\Program Files\Creative\SBAudigy\Smart Recorder\SmartRec.exe - ok
00:25:52.0812 1236  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
00:25:52.0812 1236  C:\WINDOWS\system32\es.dll - ok
00:25:52.0843 1236  [ C7C44B7DFB56C353A50CA704B7115A94 ] C:\Program Files\Creative\SBAudigy\Speaker Settings\SpkSet.exe
00:25:52.0843 1236  C:\Program Files\Creative\SBAudigy\Speaker Settings\SpkSet.exe - ok
00:25:52.0859 1236  [ CB8BBE40A1FB6E2DE179A9926377D583 ] C:\Program Files\Creative\SBAudigy\Surround Mixer\SurMixer.exe
00:25:52.0859 1236  C:\Program Files\Creative\SBAudigy\Surround Mixer\SurMixer.exe - ok
00:25:52.0890 1236  [ DDDD1D04D5F4360371BC99C7C476F70D ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
00:25:52.0890 1236  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
00:25:52.0906 1236  [ BC867C5B4B5ADDBAA6AC29701D7D318D ] C:\Program Files\Creative\SBAudigy\SFBM\sfbm.exe
00:25:52.0906 1236  C:\Program Files\Creative\SBAudigy\SFBM\sfbm.exe - ok
00:25:52.0937 1236  [ 43AE42D3091552C9B766900FC6D2F110 ] C:\Program Files\Common Files\DivX Shared\dpuGUI11.dll
00:25:52.0937 1236  C:\Program Files\Common Files\DivX Shared\dpuGUI11.dll - ok
00:25:52.0968 1236  [ DC70310B3D079D667B67F0C7067209F3 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
00:25:52.0968 1236  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
00:25:52.0984 1236  [ EAF0F77E2C1ADAA5CF2E609BBE9BE676 ] C:\Program Files\DivX\DivXBundleUninstall.exe
00:25:52.0984 1236  C:\Program Files\DivX\DivXBundleUninstall.exe - ok
00:25:53.0015 1236  [ 749CF03BADC40453F61FD7025E2BA2F5 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
00:25:53.0015 1236  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
00:25:53.0031 1236  [ 8C04DFEC2438CF43D575B2B03F23E24A ] C:\Program Files\DivX\DivX Codec\config.exe
00:25:53.0031 1236  C:\Program Files\DivX\DivX Codec\config.exe - ok
00:25:53.0046 1236  [ EAF0F77E2C1ADAA5CF2E609BBE9BE676 ] C:\Program Files\DivX\DivXCodecUninstall.exe
00:25:53.0046 1236  C:\Program Files\DivX\DivXCodecUninstall.exe - ok
00:25:53.0062 1236  [ 0EEE814627F4384291687671F76419F6 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
00:25:53.0062 1236  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
00:25:53.0093 1236  [ EAF0F77E2C1ADAA5CF2E609BBE9BE676 ] C:\Program Files\DivX\DivXConverterUninstall.exe
00:25:53.0093 1236  C:\Program Files\DivX\DivXConverterUninstall.exe - ok
00:25:53.0109 1236  [ 258D35F5F5F5F3F6045488ECDC14FAAB ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
00:25:53.0109 1236  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
00:25:53.0140 1236  [ EAF0F77E2C1ADAA5CF2E609BBE9BE676 ] C:\Program Files\DivX\DivXPlayerUninstall.exe
00:25:53.0140 1236  C:\Program Files\DivX\DivXPlayerUninstall.exe - ok
00:25:53.0156 1236  [ 7EF0C8A9A1A57756F4868E3693173C08 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
00:25:53.0156 1236  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
00:25:53.0187 1236  [ C7B2C357F485A3046DA50DA779068648 ] C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
00:25:53.0187 1236  C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll - ok
00:25:53.0203 1236  [ EAF0F77E2C1ADAA5CF2E609BBE9BE676 ] C:\Program Files\DivX\DivXDSFiltersUninstall.exe
00:25:53.0203 1236  C:\Program Files\DivX\DivXDSFiltersUninstall.exe - ok
00:25:53.0234 1236  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
00:25:53.0234 1236  C:\WINDOWS\system32\rundll32.exe - ok
00:25:53.0250 1236  [ 0EF9D6C6C04CAB0B87C57330910D20A6 ] C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
00:25:53.0250 1236  C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll - ok
00:25:53.0281 1236  [ 809833E01A8C9DDF11287069D537E733 ] C:\Program Files\Common Files\DVDVideoSoft\bin\DVSSysReport.exe
00:25:53.0281 1236  C:\Program Files\Common Files\DVDVideoSoft\bin\DVSSysReport.exe - ok
00:25:53.0296 1236  [ 1AEB989E361AF85F5099DE3DA25457F4 ] C:\Program Files\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe
00:25:53.0296 1236  C:\Program Files\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe - ok
00:25:53.0312 1236  [ 90E11D62F692F5A0B7DFC548F776BAAF ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
00:25:53.0312 1236  C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll - ok
00:25:53.0343 1236  [ 930270EC019A03CA2F0DF97C660AF7FD ] C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
00:25:53.0343 1236  C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe - ok
00:25:53.0359 1236  [ 73B8B5915E8EDB68AAFBADCEDB012F86 ] C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
00:25:53.0359 1236  C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe - ok
00:25:53.0390 1236  [ F0B652C670BA295C8A25E28A04A4C979 ] C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
00:25:53.0390 1236  C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe - ok
00:25:53.0406 1236  [ 8053FEB9502EE2261F192EEB57DA2E4A ] C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
00:25:53.0406 1236  C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe - ok
00:25:53.0421 1236  [ 8D1492DBE9A856EE306EDC5A103E0BF2 ] C:\WINDOWS\system32\spider.exe
00:25:53.0421 1236  C:\WINDOWS\system32\spider.exe - ok
00:25:53.0468 1236  [ 9C45D38B74634C9DED60BEC640C5C3CA ] C:\WINDOWS\system32\winmine.exe
00:25:53.0468 1236  C:\WINDOWS\system32\winmine.exe - ok
00:25:53.0484 1236  [ AA897735D5AB916297A6823A9B2D61B1 ] C:\WINDOWS\system32\localspl.dll
00:25:53.0484 1236  C:\WINDOWS\system32\localspl.dll - ok
00:25:53.0515 1236  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
00:25:53.0515 1236  C:\WINDOWS\system32\spoolss.dll - ok
00:25:53.0531 1236  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
00:25:53.0531 1236  C:\WINDOWS\system32\cnbjmon.dll - ok
00:25:53.0546 1236  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
00:25:53.0546 1236  C:\WINDOWS\system32\pjlmon.dll - ok
00:25:53.0578 1236  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
00:25:53.0578 1236  C:\WINDOWS\system32\shfolder.dll - ok
00:25:53.0593 1236  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
00:25:53.0593 1236  C:\WINDOWS\system32\netrap.dll - ok
00:25:53.0625 1236  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
00:25:53.0625 1236  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
00:25:53.0640 1236  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
00:25:53.0640 1236  C:\WINDOWS\system32\tcpmon.dll - ok
00:25:53.0671 1236  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
00:25:53.0671 1236  C:\WINDOWS\system32\usbmon.dll - ok
00:25:53.0687 1236  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
00:25:53.0687 1236  C:\WINDOWS\system32\win32spl.dll - ok
00:25:53.0718 1236  [ EAF0F77E2C1ADAA5CF2E609BBE9BE676 ] C:\Program Files\DivX\DivXWebPlayerUninstall.exe
00:25:53.0718 1236  C:\Program Files\DivX\DivXWebPlayerUninstall.exe - ok
00:25:53.0734 1236  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
00:25:53.0734 1236  C:\WINDOWS\system32\inetpp.dll - ok
00:25:53.0765 1236  [ D765B775A4A1354F44B3ADCA267AF67F ] C:\Program Files\Common Files\DVDVideoSoft\bin\RocketSubscription\SubscriptionOffer.exe
00:25:53.0765 1236  C:\Program Files\Common Files\DVDVideoSoft\bin\RocketSubscription\SubscriptionOffer.exe - ok
00:25:53.0781 1236  [ 6F5386A655598F71BAAB2D6B63A69D6A ] C:\Program Files\Mozilla Firefox\firefox.exe
00:25:53.0781 1236  C:\Program Files\Mozilla Firefox\firefox.exe - ok
00:25:53.0796 1236  [ F27E269B3B894F3FE06A75455F0FB18F ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe
00:25:53.0796 1236  C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe - ok
00:25:53.0812 1236  [ 33D9B7BB7BA323BAFE489DF033DAC824 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
00:25:53.0812 1236  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll - ok
00:25:53.0843 1236  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
00:25:53.0843 1236  C:\WINDOWS\system32\pdh.dll - ok
00:25:53.0859 1236  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
00:25:53.0859 1236  C:\WINDOWS\system32\sensapi.dll - ok
00:25:53.0890 1236  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
00:25:53.0890 1236  C:\WINDOWS\system32\dssenh.dll - ok
00:25:53.0906 1236  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
00:25:53.0906 1236  C:\WINDOWS\system32\odbcbcp.dll - ok
00:25:53.0937 1236  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
00:25:53.0937 1236  C:\WINDOWS\system32\perfos.dll - ok
00:25:53.0953 1236  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
00:25:53.0953 1236  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
00:25:53.0984 1236  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
00:25:53.0984 1236  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
00:25:54.0000 1236  [ 30F13CC50B40AC23A25861BDB8FDEDE9 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
00:25:54.0000 1236  C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
00:25:54.0031 1236  [ 9FAB315A6F54DDAFF67C45C6B0E8180A ] C:\Program Files\Mozilla Firefox\plds4.dll
00:25:54.0031 1236  C:\Program Files\Mozilla Firefox\plds4.dll - ok
00:25:54.0046 1236  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
00:25:54.0046 1236  C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
00:25:54.0062 1236  [ 6B030923B2ED4341FA0FC2439EBA6937 ] C:\Program Files\Mozilla Firefox\smime3.dll
00:25:54.0062 1236  C:\Program Files\Mozilla Firefox\smime3.dll - ok
00:25:54.0093 1236  [ 572334E13E0D4C8A2986CCA2A736DCE5 ] C:\WINDOWS\system32\msxml3r.dll
00:25:54.0093 1236  C:\WINDOWS\system32\msxml3r.dll - ok
00:25:54.0125 1236  [ E0FD85DADD7EF3E892ECBB0DC4D68E0A ] C:\Program Files\Mozilla Firefox\mozglue.dll
00:25:54.0125 1236  C:\Program Files\Mozilla Firefox\mozglue.dll - ok
00:25:54.0156 1236  [ 4F94DC9D7156DF622FB1AEFEC85B0F85 ] C:\Program Files\Mozilla Firefox\nspr4.dll
00:25:54.0156 1236  C:\Program Files\Mozilla Firefox\nspr4.dll - ok
00:25:54.0171 1236  [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
00:25:54.0171 1236  C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
00:25:54.0203 1236  [ 5957AA52E13272E041E009F9176CF702 ] C:\Program Files\Mozilla Firefox\mozjs.dll
00:25:54.0203 1236  C:\Program Files\Mozilla Firefox\mozjs.dll - ok
00:25:54.0218 1236  [ 37CF212AE1AE34852C08950868C99451 ] C:\Program Files\Mozilla Firefox\nss3.dll
00:25:54.0218 1236  C:\Program Files\Mozilla Firefox\nss3.dll - ok
00:25:54.0250 1236  [ E64EF4732DC96115AFD6902739FEDEA9 ] C:\Program Files\Mozilla Firefox\nssutil3.dll
00:25:54.0250 1236  C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
00:25:54.0281 1236  [ 71CD356DD1CB8D414906797912093AB7 ] C:\Program Files\Mozilla Firefox\ssl3.dll
00:25:54.0281 1236  C:\Program Files\Mozilla Firefox\ssl3.dll - ok
00:25:54.0296 1236  [ EB03052F8D4343CFA74BDAA0FC9781B1 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
00:25:54.0296 1236  C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
00:25:54.0312 1236  [ 03C0475B64A49A531A1FCA445EFAF714 ] C:\Program Files\Mozilla Firefox\gkmedias.dll
00:25:54.0312 1236  C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
00:25:54.0328 1236  [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
00:25:54.0328 1236  C:\WINDOWS\system32\d3d8thk.dll - ok
00:25:54.0359 1236  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
00:25:54.0359 1236  C:\WINDOWS\system32\dciman32.dll - ok
00:25:54.0375 1236  [ 0AD792A78419867BF5D750853D80FA11 ] C:\WINDOWS\system32\msxml3.dll
00:25:54.0375 1236  C:\WINDOWS\system32\msxml3.dll - ok
00:25:54.0406 1236  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
00:25:54.0406 1236  C:\WINDOWS\system32\cryptnet.dll - ok
00:25:54.0421 1236  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
00:25:54.0421 1236  C:\WINDOWS\system32\ddraw.dll - ok
00:25:54.0468 1236  [ ED24A2D1D94A90E188FFCA4A21453E39 ] C:\Program Files\Mozilla Firefox\xul.dll
00:25:54.0468 1236  C:\Program Files\Mozilla Firefox\xul.dll - ok
00:25:54.0484 1236  [ 48FA23E7D82441EB16C243F5D8F6AAB8 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
00:25:54.0484 1236  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
00:25:54.0515 1236  [ A9FAA1EC16F981BBAA771BA906AF118B ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
00:25:54.0515 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll - ok
00:25:54.0531 1236  [ DB3E31C59BEB2CF782E9C31588BB15A6 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
00:25:54.0531 1236  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
00:25:54.0546 1236  [ DC579E8CBCD53BD97077205F99AAC529 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
00:25:54.0546 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll - ok
00:25:54.0578 1236  [ 23FE89CE9C16FE9F83D864B73F1199B1 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
00:25:54.0578 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll - ok
00:25:54.0609 1236  [ 922BBDC5DD0857A74D407FEAB32EA931 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
00:25:54.0609 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll - ok
00:25:54.0625 1236  [ 4BBB50EE0660AD59380E27EA00F318C9 ] C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
00:25:54.0625 1236  C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
00:25:54.0656 1236  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
00:25:54.0656 1236  C:\WINDOWS\ime\SPTIP.dll - ok
00:25:54.0671 1236  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
00:25:54.0671 1236  C:\WINDOWS\system32\ctfmon.exe - ok
00:25:54.0703 1236  [ DDDBD3D825E9846B6ADB78578AA7A699 ] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
00:25:54.0703 1236  C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll - ok
00:25:54.0718 1236  [ 103976A97E25724E0A3ED50E48921CD2 ] C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
00:25:54.0718 1236  C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll - ok
00:25:54.0750 1236  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
00:25:54.0750 1236  C:\WINDOWS\system32\olepro32.dll - ok
00:25:54.0765 1236  [ 10A3BE228F8C14BE1E4FD716336E4889 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
00:25:54.0765 1236  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
00:25:54.0796 1236  [ 85D2A186AFD93A318935791421EFC605 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
00:25:54.0796 1236  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
00:25:54.0812 1236  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
00:25:54.0812 1236  C:\WINDOWS\system32\webcheck.dll - ok
00:25:54.0828 1236  [ 729DA5D23A9AD20A6AA353156A126420 ] C:\WINDOWS\system32\ieframe.dll
00:25:54.0828 1236  C:\WINDOWS\system32\ieframe.dll - ok
00:25:54.0859 1236  [ 58BD4689E1DCD40A903721D7EF45F2EC ] C:\WINDOWS\system32\iertutil.dll
00:25:54.0859 1236  C:\WINDOWS\system32\iertutil.dll - ok
00:25:54.0875 1236  [ B60DDDD2D63CE41CB8C487FCFBB6419E ] C:\Program Files\Internet Explorer\iexplore.exe
00:25:54.0875 1236  C:\Program Files\Internet Explorer\iexplore.exe - ok
00:25:54.0906 1236  [ 05642AE6A7BDAA7541A7451F5A4C6512 ] C:\WINDOWS\system32\urlmon.dll
00:25:54.0906 1236  C:\WINDOWS\system32\urlmon.dll - ok
00:25:54.0921 1236  [ D469A0EBA2EF5C6BEE8065B7E3196E5E ] C:\WINDOWS\system32\mshtml.dll
00:25:54.0921 1236  C:\WINDOWS\system32\mshtml.dll - ok
00:25:54.0953 1236  [ 7AFB7C14057050AE57F225587A1CA8A8 ] C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe
00:25:54.0953 1236  C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe - ok
00:25:54.0968 1236  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
00:25:54.0968 1236  C:\WINDOWS\system32\drprov.dll - ok
00:25:55.0000 1236  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
00:25:55.0000 1236  C:\WINDOWS\system32\msutb.dll - ok
00:25:55.0015 1236  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
00:25:55.0015 1236  C:\WINDOWS\system32\netui0.dll - ok
00:25:55.0046 1236  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
00:25:55.0046 1236  C:\WINDOWS\system32\ntlanman.dll - ok
00:25:55.0062 1236  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
00:25:55.0062 1236  C:\WINDOWS\system32\davclnt.dll - ok
00:25:55.0078 1236  [ 8E16BF5600797E678EA97051CF93E6BF ] C:\WINDOWS\system32\dumprep.exe
00:25:55.0078 1236  C:\WINDOWS\system32\dumprep.exe - ok
00:25:55.0109 1236  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
00:25:55.0109 1236  C:\WINDOWS\system32\netui1.dll - ok
00:25:55.0125 1236  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
00:25:55.0125 1236  C:\WINDOWS\system32\dbghelp.dll - ok
00:25:55.0156 1236  [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
00:25:55.0156 1236  C:\WINDOWS\system32\faultrep.dll - ok
00:25:55.0171 1236  [ 0485AB01B862FB91C21D39BD60BDF2AC ] C:\WINDOWS\system32\msoert2.dll
00:25:55.0171 1236  C:\WINDOWS\system32\msoert2.dll - ok
00:25:55.0203 1236  [ E106233B925ADBE99CB26D548FC98DEF ] C:\WINDOWS\system32\inetcomm.dll
00:25:55.0203 1236  C:\WINDOWS\system32\inetcomm.dll - ok
00:25:55.0234 1236  [ A6F6923B46802785B9A47A03AE3CD8BF ] C:\WINDOWS\system32\inetres.dll
00:25:55.0234 1236  C:\WINDOWS\system32\inetres.dll - ok
00:25:55.0250 1236  [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\system32\mapi32.dll
00:25:55.0250 1236  C:\WINDOWS\system32\mapi32.dll - ok
00:25:55.0281 1236  [ 605C6370240FC79CADBCD34960A741D2 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
00:25:55.0281 1236  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
00:25:55.0296 1236  [ 35A936C7C029A5B705D3FFD40518D660 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
00:25:55.0296 1236  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
00:25:55.0312 1236  [ F32077DF74EFD435A1DCDF415E189DF1 ] C:\WINDOWS\system32\mfc100u.dll
00:25:55.0312 1236  C:\WINDOWS\system32\mfc100u.dll - ok
00:25:55.0328 1236  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
00:25:55.0328 1236  C:\WINDOWS\system32\mscms.dll - ok
00:25:55.0359 1236  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
00:25:55.0359 1236  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
00:25:55.0375 1236  [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
00:25:55.0375 1236  C:\WINDOWS\system32\usp10.dll - ok
00:25:55.0406 1236  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
00:25:55.0406 1236  C:\WINDOWS\system32\oledlg.dll - ok
00:25:55.0437 1236  [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
00:25:55.0437 1236  C:\WINDOWS\system32\mfc42.dll - ok
00:25:55.0453 1236  [ AFDAE59FE562A7CDB44F9D4ABEDAC316 ] C:\Program Files\QuickTime\QTSystem\QTCF.dll
00:25:55.0453 1236  C:\Program Files\QuickTime\QTSystem\QTCF.dll - ok
00:25:55.0484 1236  [ 85305594B545D97D0D6E28B6E7B8786A ] C:\Program Files\Yahoo!\Messenger\yui.dll
00:25:55.0484 1236  C:\Program Files\Yahoo!\Messenger\yui.dll - ok
00:25:55.0500 1236  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
00:25:55.0500 1236  C:\WINDOWS\system32\perfdisk.dll - ok
00:25:55.0531 1236  [ 47EE953ABA2F4BB6B2F48C20C7BB5BD7 ] C:\Program Files\Yahoo!\Messenger\clientmanager.dll
00:25:55.0531 1236  C:\Program Files\Yahoo!\Messenger\clientmanager.dll - ok
00:25:55.0546 1236  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
00:25:55.0546 1236  C:\WINDOWS\system32\wlanapi.dll - ok
00:25:55.0562 1236  [ 5C8389F7FC759216E81B86B1E36266E0 ] C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe
00:25:55.0562 1236  C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe - ok
00:25:55.0593 1236  [ 0F097E6EA2B20448AEE452A285A93EEC ] C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
00:25:55.0593 1236  C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe - ok
00:25:55.0609 1236  [ 4D9B5E540158BF8E9B1BCAC1AEDD8C60 ] C:\WINDOWS\system32\freecell.exe
00:25:55.0609 1236  C:\WINDOWS\system32\freecell.exe - ok
00:25:55.0640 1236  [ BE1B85306352E0AC901EC08506792B6B ] C:\WINDOWS\system32\mshearts.exe
00:25:55.0640 1236  C:\WINDOWS\system32\mshearts.exe - ok
00:25:55.0656 1236  [ 373E7A863A1A345C60EDB9E20EC32311 ] C:\WINDOWS\system32\sol.exe
00:25:55.0656 1236  C:\WINDOWS\system32\sol.exe - ok
00:25:55.0687 1236  [ 8C04DFEC2438CF43D575B2B03F23E24A ] C:\WINDOWS\system32\C2MP\DivXConfig.exe
00:25:55.0687 1236  C:\WINDOWS\system32\C2MP\DivXConfig.exe - ok
00:25:55.0703 1236  [ D10BF98020CD51F022931AF89DFCEA16 ] C:\WINDOWS\system32\dpuGUI11.dll
00:25:55.0703 1236  C:\WINDOWS\system32\dpuGUI11.dll - ok
00:25:55.0718 1236  [ 2D7C1F659699D6DA65E1F9B70B84C2C4 ] C:\WINDOWS\system32\C2MP\GSpot.exe
00:25:55.0718 1236  C:\WINDOWS\system32\C2MP\GSpot.exe - ok
00:25:55.0750 1236  [ 95CAEF9DA6E9AEE1ECD627527CFA0F38 ] C:\WINDOWS\system32\C2MP\OGMCalc.exe
00:25:55.0750 1236  C:\WINDOWS\system32\C2MP\OGMCalc.exe - ok
00:25:55.0765 1236  [ 487AF46145B81C5BC54873E764F93636 ] C:\WINDOWS\system32\C2MP\StatsReader.exe
00:25:55.0765 1236  C:\WINDOWS\system32\C2MP\StatsReader.exe - ok
00:25:55.0796 1236  [ 058148D0921E948A97AF4EF11F2D1259 ] C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
00:25:55.0796 1236  C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe - ok
00:25:55.0812 1236  [ 814374E4AB90E30C64EEFAACF1DA140B ] C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
00:25:55.0812 1236  C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll - ok
00:25:55.0828 1236  [ B66621D7360044D3645C0AC059CF60B2 ] C:\Program Files\Movie Maker\moviemk.exe
00:25:55.0828 1236  C:\Program Files\Movie Maker\moviemk.exe - ok
00:25:55.0843 1236  [ AC1782CDBAF09F3AE2845BCAE25863C0 ] C:\Program Files\Mozilla Firefox\plc4.dll
00:25:55.0843 1236  C:\Program Files\Mozilla Firefox\plc4.dll - ok
00:25:55.0875 1236  [ 2CD1C3506A85B38E2D17E61ADED175C4 ] C:\WINDOWS\system32\taskmgr.exe
00:25:55.0875 1236  C:\WINDOWS\system32\taskmgr.exe - ok
00:25:55.0906 1236  [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
00:25:55.0906 1236  C:\WINDOWS\system32\vdmdbg.dll - ok
00:25:55.0921 1236  [ F3D83EDE7612C6FD5D2454AD3A4D5CA5 ] C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe
00:25:55.0921 1236  C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe - ok
00:25:55.0953 1236  [ 2D6EAEBE95C1B825CB9730B3275B7922 ] C:\WINDOWS\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\EMARPPRODUCTICON.exe
00:25:55.0953 1236  C:\WINDOWS\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\EMARPPRODUCTICON.exe - ok
00:25:55.0968 1236  [ 51713ADB72E6ABEFF904E13B12BB19B5 ] C:\WINDOWS\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
00:25:55.0968 1236  C:\WINDOWS\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe - ok
00:25:56.0000 1236  [ 4E7363778DFD6FADBAB561ADAC1A707E ] C:\WINDOWS\system32\C2MP\Uninst.exe
00:25:56.0000 1236  C:\WINDOWS\system32\C2MP\Uninst.exe - ok
00:25:56.0015 1236  [ 06895377FB9FFEF94C3B4D995597E760 ] C:\WINDOWS\system32\VSFilter.dll
00:25:56.0015 1236  C:\WINDOWS\system32\VSFilter.dll - ok
00:25:56.0046 1236  [ C39AD6299E0E1F7AA3F5B51AC9B5CD0E ] C:\WINDOWS\system32\C2MP\AviC.exe
00:25:56.0046 1236  C:\WINDOWS\system32\C2MP\AviC.exe - ok
00:25:56.0062 1236  [ 7CE40A557359849EA374E0E4DDE52E26 ] C:\WINDOWS\system32\C2MP\MiniCalc.exe
00:25:56.0062 1236  C:\WINDOWS\system32\C2MP\MiniCalc.exe - ok
00:25:56.0078 1236  [ E453A22255E2E812B0D5BF73B80B1573 ] C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
00:25:56.0078 1236  C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe - ok
00:25:56.0109 1236  [ F927ADA4ADB1C52A8EEEE2CF97C16E02 ] C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
00:25:56.0109 1236  C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe - ok
00:25:56.0125 1236  [ AF75374FDE5B18B67F99B6E0D70030A6 ] C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
00:25:56.0125 1236  C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe - ok
00:25:56.0156 1236  [ C13CEBA7ADCA10D800972622A9719F72 ] C:\Program Files\SuperAVConverter\unins000.exe
00:25:56.0156 1236  C:\Program Files\SuperAVConverter\unins000.exe - ok
00:25:56.0187 1236  [ 4714E4171A50C6E42254D4CCD140F2AC ] C:\Program Files\HooTech\WAVMP3\unins000.exe
00:25:56.0187 1236  C:\Program Files\HooTech\WAVMP3\unins000.exe - ok
00:25:56.0203 1236  [ 62C9E781ACA2CB6273A57D9D6561C3D0 ] C:\WINDOWS\Installer\{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}\Icon2243C6DC.exe
00:25:56.0203 1236  C:\WINDOWS\Installer\{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}\Icon2243C6DC.exe - ok
00:25:56.0234 1236  [ 7043E3A3E87E7B48D56A13B089E56D92 ] C:\WINDOWS\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
00:25:56.0234 1236  C:\WINDOWS\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe - ok
00:25:56.0250 1236  [ 5879D691E842574A20FE63817CB76DF9 ] C:\WINDOWS\system32\msiexec.exe
00:25:56.0250 1236  C:\WINDOWS\system32\msiexec.exe - ok
00:25:56.0281 1236  [ 42676F2459D0FEF19095444723FBF88C ] C:\WINDOWS\Installer\{EE39FFBD-544E-49E4-A999-6819828EAE91}\WLXPhotoGalleryIcon.exe
00:25:56.0281 1236  C:\WINDOWS\Installer\{EE39FFBD-544E-49E4-A999-6819828EAE91}\WLXPhotoGalleryIcon.exe - ok
00:25:56.0296 1236  [ CD18E303B47E126EAACDEFAD26B006B2 ] C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
00:25:56.0296 1236  C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe - ok
00:25:56.0312 1236  [ DB57437554169643CB7E83E2331090CE ] C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
00:25:56.0312 1236  C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll - ok
00:25:56.0343 1236  [ 0E297F71CBFAA611F830407D1054DC70 ] C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll
00:25:56.0343 1236  C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll - ok
00:25:56.0359 1236  [ 76FFA2433FEB42E78FB5421A50C8FBE3 ] C:\PROGRA~1\AVG\AVG2013\avgclitx.dll
00:25:56.0359 1236  C:\PROGRA~1\AVG\AVG2013\avgclitx.dll - ok
00:25:56.0390 1236  [ CCF775179F42797A3EE8BA5678543621 ] C:\PROGRA~1\AVG\AVG2013\avgcclix.dll
00:25:56.0390 1236  C:\PROGRA~1\AVG\AVG2013\avgcclix.dll - ok
00:25:56.0406 1236  [ 99997FA9056ACB38AA388BDA134CEF6E ] C:\Program Files\AVG\AVG2013\avgcsrvx.exe
00:25:56.0406 1236  C:\Program Files\AVG\AVG2013\avgcsrvx.exe - ok
00:25:56.0421 1236  [ 6F19639188F792BBB234B2A3FCB0C8C9 ] C:\Program Files\AVG\AVG2013\avgchclx.dll
00:25:56.0421 1236  C:\Program Files\AVG\AVG2013\avgchclx.dll - ok
00:25:56.0453 1236  [ F820B93E4ABCCABD698A175FD5FC83FE ] C:\Program Files\AVG\AVG2013\avgntsqlitex.dll
00:25:56.0453 1236  C:\Program Files\AVG\AVG2013\avgntsqlitex.dll - ok
00:25:56.0468 1236  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
00:25:56.0468 1236  C:\WINDOWS\system32\drivers\atapi.sys - ok
00:25:56.0500 1236  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
00:25:56.0500 1236  C:\WINDOWS\system32\drivers\wmilib.sys - ok
00:25:56.0515 1236  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
00:25:56.0515 1236  C:\WINDOWS\system32\drivers\dxapi.sys - ok
00:25:56.0546 1236  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
00:25:56.0546 1236  C:\WINDOWS\system32\watchdog.sys - ok
00:25:56.0562 1236  [ 4F97E6BAAA847EA90EBBCD90A3FFA8E5 ] C:\WINDOWS\system32\win32k.sys
00:25:56.0562 1236  C:\WINDOWS\system32\win32k.sys - ok
00:25:56.0593 1236  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
00:25:56.0593 1236  C:\WINDOWS\system32\drivers\dxg.sys - ok
00:25:56.0609 1236  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
00:25:56.0609 1236  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
00:25:56.0640 1236  [ 3F790874A85819E94574F3E7AF9C5806 ] C:\WINDOWS\system32\msctfime.ime
00:25:56.0640 1236  C:\WINDOWS\system32\msctfime.ime - ok
00:25:56.0656 1236  [ E0087225B137E57239FF40F8AE82059B ] C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
00:25:56.0656 1236  C:\WINDOWS\system32\drivers\fssfltr_tdi.sys - ok
00:25:56.0671 1236  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
00:25:56.0671 1236  C:\WINDOWS\system32\winspool.drv - ok
00:25:56.0703 1236  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
00:25:56.0703 1236  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
00:25:56.0734 1236  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
00:25:56.0734 1236  C:\WINDOWS\system32\wdmaud.drv - ok
00:25:56.0750 1236  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
00:25:56.0750 1236  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
00:25:56.0781 1236  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
00:25:56.0781 1236  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
00:25:56.0796 1236  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
00:25:56.0796 1236  C:\WINDOWS\system32\drivers\splitter.sys - ok
00:25:56.0812 1236  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
00:25:56.0812 1236  C:\WINDOWS\system32\drivers\aec.sys - ok
00:25:56.0828 1236  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
00:25:56.0828 1236  C:\WINDOWS\system32\desk.cpl - ok
00:25:56.0859 1236  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
00:25:56.0859 1236  C:\WINDOWS\system32\drivers\swmidi.sys - ok
00:25:56.0890 1236  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
00:25:56.0890 1236  C:\WINDOWS\system32\drivers\DMusic.sys - ok
00:25:56.0906 1236  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
00:25:56.0906 1236  C:\WINDOWS\system32\drivers\kmixer.sys - ok
00:25:56.0937 1236  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
00:25:56.0937 1236  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
00:25:56.0953 1236  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
00:25:56.0953 1236  C:\WINDOWS\system32\msacm32.drv - ok
00:25:56.0984 1236  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\75C49073-664E-41E3-AEBB-BB29A1743EBB.exe
00:25:56.0984 1236  C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\75C49073-664E-41E3-AEBB-BB29A1743EBB.exe - ok
00:25:57.0000 1236  [ C419DF63E0121D72411285780C2FC6CC ] C:\WINDOWS\Updreg.EXE
00:25:57.0000 1236  C:\WINDOWS\Updreg.EXE - ok
00:25:57.0031 1236  [ 70189D91A5347F5E34039D06C7E58419 ] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
00:25:57.0031 1236  C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe - ok
00:25:57.0046 1236  [ 0CFBE2D135A73CA98381FC8CC8BC5A03 ] C:\Program Files\iTunes\iTunesHelper.exe
00:25:57.0046 1236  C:\Program Files\iTunes\iTunesHelper.exe - ok
00:25:57.0062 1236  [ B2A71BBFFB31A196DE001CF94EB8D3B4 ] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
00:25:57.0062 1236  C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe - ok
00:25:57.0093 1236  [ 12882686C2571793F582150E0F8CE50A ] C:\Program Files\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe
00:25:57.0093 1236  C:\Program Files\YoutubeDownloader.org\YouTubeDownloader\YouTube Mini.exe - ok
00:25:57.0109 1236  [ F908FE45F8FE9E0D4CBE65F9FF5DF6DA ] C:\WINDOWS\system32\mfc100enu.dll
00:25:57.0109 1236  C:\WINDOWS\system32\mfc100enu.dll - ok
00:25:57.0140 1236  [ 731EA87CC4C5B411FAD0304DDD7C77E8 ] C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL
00:25:57.0140 1236  C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL - ok
00:25:57.0171 1236  [ F0454E1B95D989FA32D74F2847EA2ABD ] C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
00:25:57.0171 1236  C:\Program Files\D-Link AirPlus\AIRPLUS.EXE - ok
00:25:57.0187 1236  [ 5BC65464354A9FD3BEAA28E18839734A ] C:\Program Files\Microsoft Office\Office10\OSA.EXE
00:25:57.0187 1236  C:\Program Files\Microsoft Office\Office10\OSA.EXE - ok
00:25:57.0218 1236  [ 9554D50CF54ED70BD3F0FB8494216D1E ] C:\Program Files\AWS\WeatherBug\ltfil10N.DLL
00:25:57.0218 1236  C:\Program Files\AWS\WeatherBug\ltfil10N.DLL - ok
00:25:57.0234 1236  [ A9C88D729B2AFD9E80BDA22400D7DA49 ] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.crl
00:25:57.0234 1236  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.crl - ok
00:25:57.0265 1236  [ E9296800685ED622132C0E1FA9241F92 ] C:\Program Files\AVG\AVG2013\avgkrnlapix.dll
00:25:57.0265 1236  C:\Program Files\AVG\AVG2013\avgkrnlapix.dll - ok
00:25:57.0281 1236  [ EBF4C4557FBFEA9CCF642ABD5A239471 ] C:\Program Files\Creative\Shared Files\GDICtrl.skc
00:25:57.0281 1236  C:\Program Files\Creative\Shared Files\GDICtrl.skc - ok
00:25:57.0296 1236  [ 452710DA09AA3770286AD4B0D607B8FF ] C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
00:25:57.0296 1236  C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL - ok
00:25:57.0328 1236  [ 36854F9057F22EE937E0820F872B0F52 ] C:\Program Files\Creative\Shared Files\GDICtrl2.skc
00:25:57.0328 1236  C:\Program Files\Creative\Shared Files\GDICtrl2.skc - ok
00:25:57.0343 1236  [ 1602EECC8B71BDA0947134871A5A1478 ] C:\Program Files\Creative\Shared Files\GDICtrl3.skc
00:25:57.0343 1236  C:\Program Files\Creative\Shared Files\GDICtrl3.skc - ok
00:25:57.0375 1236  [ 4F9F52BE3E01B724CFD15268D95D8CDF ] C:\Program Files\Creative\Shared Files\RtxCtrl.skc
00:25:57.0375 1236  C:\Program Files\Creative\Shared Files\RtxCtrl.skc - ok
00:25:57.0484 1236  [ 22BBED8DE9C7104E82AE4AB031C8BBBA ] C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll
00:25:57.0484 1236  C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll - ok
00:25:57.0562 1236  [ 4F99047D255B77FDA6E51EA97721E3D8 ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
00:25:57.0562 1236  C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
00:25:57.0625 1236  [ 795AEA2511A1C5082FA690D6BD8D202E ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
00:25:57.0625 1236  C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
00:25:57.0718 1236  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\11958592.sys
00:25:57.0718 1236  C:\WINDOWS\system32\drivers\11958592.sys - ok
00:25:57.0781 1236  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
00:25:57.0781 1236  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
00:25:57.0843 1236  [ 1D856E6E7490447FCFAA46E09A2BF9C9 ] C:\Program Files\QuickTime\QTSystem\QuickTime.qts
00:25:57.0843 1236  C:\Program Files\QuickTime\QTSystem\QuickTime.qts - ok
00:25:57.0906 1236  [ D855B0E63ECAFE9EBD086AF6691E0016 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
00:25:57.0906 1236  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
00:25:57.0968 1236  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
00:25:57.0968 1236  C:\WINDOWS\system32\drivers\parvdm.sys - ok
00:25:58.0031 1236  [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll
00:25:58.0031 1236  C:\WINDOWS\system32\perfproc.dll - ok
00:25:58.0093 1236  [ 254CA8F8B2A387CD59E659991E3E3DBD ] C:\WINDOWS\system32\iepeers.dll
00:25:58.0093 1236  C:\WINDOWS\system32\iepeers.dll - ok
00:25:58.0125 1236  [ 9BF1A8AF22AADC7727F4E395C5C09B1B ] C:\WINDOWS\system32\mmfinfo.dll
00:25:58.0125 1236  C:\WINDOWS\system32\mmfinfo.dll - ok
00:25:58.0187 1236  [ 4A93524B0DFEEA362DE46B441C7667DC ] C:\WINDOWS\system32\mkunicode.dll
00:25:58.0187 1236  C:\WINDOWS\system32\mkunicode.dll - ok
00:25:58.0218 1236  [ 38FFEC2CD31441A6B57D7A0B490D7299 ] C:\WINDOWS\system32\jscript.dll
00:25:58.0218 1236  C:\WINDOWS\system32\jscript.dll - ok
00:25:58.0234 1236  [ 57E51C6347165622C69D456B96B1EB46 ] C:\WINDOWS\system32\dxdiagn.dll
00:25:58.0234 1236  C:\WINDOWS\system32\dxdiagn.dll - ok
00:25:58.0265 1236  [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
00:25:58.0265 1236  C:\WINDOWS\system32\imgutil.dll - ok
00:25:58.0328 1236  [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
00:25:58.0328 1236  C:\WINDOWS\system32\pngfilt.dll - ok
00:25:58.0375 1236  [ F036DB9CF05B3C21405403FF074A78D9 ] C:\Program Files\AVG\AVG2013\avgopensslx.dll
00:25:58.0375 1236  C:\Program Files\AVG\AVG2013\avgopensslx.dll - ok
00:25:58.0390 1236  [ 72A0DF237F9118F18AD136E99266E816 ] C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL
00:25:58.0390 1236  C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL - ok
00:25:58.0406 1236  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] C:\Program Files\AVG\AVG2013\avgwdsvc.exe
00:25:58.0406 1236  C:\Program Files\AVG\AVG2013\avgwdsvc.exe - ok
00:25:58.0437 1236  [ 2CE8F1C52F490875592166316C512B6F ] C:\Program Files\Skype\Plugin Manager\skypePM.exe
00:25:58.0437 1236  C:\Program Files\Skype\Plugin Manager\skypePM.exe - ok
00:25:58.0453 1236  [ F832F1505AD8B83474BD9A5B1B985E01 ] C:\Program Files\Bonjour\mDNSResponder.exe
00:25:58.0453 1236  C:\Program Files\Bonjour\mDNSResponder.exe - ok
00:25:58.0468 1236  [ 5014D9C982E360176066F30D633D6600 ] C:\Program Files\AVG\AVG2013\avgwd.dll
00:25:58.0468 1236  C:\Program Files\AVG\AVG2013\avgwd.dll - ok
00:25:58.0484 1236  [ 8B83E1A09D377FDF1B2DCC3024540418 ] C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll
00:25:58.0500 1236  C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll - ok
00:25:58.0515 1236  [ 9E30B21B14FB24C383AC255BDFA47E0E ] C:\Program Files\AVG\AVG2013\avgsecapix.dll
00:25:58.0515 1236  C:\Program Files\AVG\AVG2013\avgsecapix.dll - ok
00:25:58.0531 1236  [ 3C8B6609712F4FF78E521F6DCFC4032B ] C:\WINDOWS\system32\CTSVCCDA.EXE
00:25:58.0531 1236  C:\WINDOWS\system32\CTSVCCDA.EXE - ok
00:25:58.0546 1236  [ 491918E4C46ED4CEB6E7A90F7B73924D ] C:\Program Files\AVG\AVG2013\avgxpl.dll
00:25:58.0546 1236  C:\Program Files\AVG\AVG2013\avgxpl.dll - ok
00:25:58.0578 1236  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
00:25:58.0578 1236  C:\WINDOWS\system32\cryptsvc.dll - ok
00:25:58.0593 1236  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
00:25:58.0593 1236  C:\WINDOWS\system32\certcli.dll - ok
00:25:58.0609 1236  [ 1B9100ACCFC9FD8B1D991F4BB80EC401 ] C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
00:25:58.0609 1236  C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe - ok
00:25:58.0625 1236  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
00:25:58.0625 1236  C:\WINDOWS\system32\ersvc.dll - ok
00:25:58.0640 1236  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
00:25:58.0640 1236  C:\WINDOWS\system32\dmserver.dll - ok
00:25:58.0671 1236  [ BF45D1E087B701D5215EBE57E2EDCA47 ] C:\Program Files\Giraffic\Veoh_Giraffic.exe
00:25:58.0671 1236  C:\Program Files\Giraffic\Veoh_Giraffic.exe - ok
00:25:58.0687 1236  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
00:25:58.0687 1236  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
00:25:58.0703 1236  [ 09417134F248DFCEEA15C72BCC87F592 ] C:\Program Files\Java\jre6\bin\jqs.exe
00:25:58.0703 1236  C:\Program Files\Java\jre6\bin\jqs.exe - ok
00:25:58.0718 1236  [ F67480EE1AC3CB32C63AF86B0AE57AC9 ] C:\Program Files\AVG\AVG2013\avgwdwsc.dll
00:25:58.0718 1236  C:\Program Files\AVG\AVG2013\avgwdwsc.dll - ok
00:25:58.0750 1236  [ 1CA7C04957F8419E426E334B5FF2D0FA ] C:\Program Files\AVG\AVG2013\avgnsx.exe
00:25:58.0750 1236  C:\Program Files\AVG\AVG2013\avgnsx.exe - ok
00:25:58.0765 1236  [ A4932026499FFE9A493E3E9BBFDAA682 ] C:\Program Files\AVG\AVG2013\avgemcx.exe
00:25:58.0765 1236  C:\Program Files\AVG\AVG2013\avgemcx.exe - ok
00:25:58.0796 1236  [ 8622AE563E2AC2F8BF9FAFEE726FC7B8 ] C:\Program Files\AVG\AVG2013\avgsched.dll
00:25:58.0796 1236  C:\Program Files\AVG\AVG2013\avgsched.dll - ok
00:25:58.0828 1236  [ FF9AFBD2864BBEA6A9E7F90F8C94F6B7 ] C:\Program Files\AVG\AVG2013\avgidpsdkx.dll
00:25:58.0828 1236  C:\Program Files\AVG\AVG2013\avgidpsdkx.dll - ok
00:25:58.0859 1236  [ A407550DD1C4FDCB3E31E9033EA9B972 ] C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\53F537B72987463CB06D78F5541A3239\skGamesUpdate.dll
00:25:58.0859 1236  C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\53F537B72987463CB06D78F5541A3239\skGamesUpdate.dll - ok
00:25:58.0875 1236  [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
00:25:58.0875 1236  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
00:25:58.0890 1236  [ 5E1A0476E009A1930A524DFF4CA13982 ] C:\WINDOWS\system32\dxtrans.dll
00:25:58.0890 1236  C:\WINDOWS\system32\dxtrans.dll - ok
00:25:58.0906 1236  [ A47F6A13202AA54541CA46D6CED79F5F ] C:\WINDOWS\system32\ddrawex.dll
00:25:58.0906 1236  C:\WINDOWS\system32\ddrawex.dll - ok
00:25:58.0937 1236  [ 057D53F1490598D41D9D4DEE9A92B0B1 ] C:\WINDOWS\system32\dxtmsft.dll
00:25:58.0937 1236  C:\WINDOWS\system32\dxtmsft.dll - ok
00:25:58.0968 1236  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
00:25:58.0968 1236  C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
00:25:59.0000 1236  [ 81D2A27C916C7830743E4AFA454099F7 ] C:\WINDOWS\system32\WpdShext.dll
00:25:59.0000 1236  C:\WINDOWS\system32\WpdShext.dll - ok
00:25:59.0015 1236  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
00:25:59.0015 1236  C:\WINDOWS\system32\ipsecsvc.dll - ok
00:25:59.0031 1236  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
00:25:59.0031 1236  C:\WINDOWS\system32\srvsvc.dll - ok
00:25:59.0062 1236  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
00:25:59.0062 1236  C:\WINDOWS\system32\netmsg.dll - ok
00:25:59.0078 1236  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
00:25:59.0078 1236  C:\WINDOWS\system32\oakley.dll - ok
00:25:59.0093 1236  [ 4C48F1B30A82583CAEE0DA02DD7259EE ] C:\WINDOWS\system32\audiodev.dll
00:25:59.0093 1236  C:\WINDOWS\system32\audiodev.dll - ok
00:25:59.0125 1236  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
00:25:59.0125 1236  C:\WINDOWS\system32\regsvc.dll - ok
00:25:59.0140 1236  [ DFFEC6479C5E00A103A44AC33A1058AA ] C:\WINDOWS\system32\WMVCore.dll
00:25:59.0140 1236  C:\WINDOWS\system32\WMVCore.dll - ok
00:25:59.0171 1236  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
00:25:59.0171 1236  C:\WINDOWS\system32\drivers\srv.sys - ok
00:25:59.0203 1236  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:25:59.0203 1236  C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
00:25:59.0218 1236  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
00:25:59.0218 1236  C:\WINDOWS\system32\pstorsvc.dll - ok
00:25:59.0250 1236  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
00:25:59.0250 1236  C:\WINDOWS\system32\psbase.dll - ok
00:25:59.0265 1236  [ 7365B5CA9747C84178D42CCA72486277 ] C:\WINDOWS\system32\wmasf.dll
00:25:59.0265 1236  C:\WINDOWS\system32\wmasf.dll - ok
00:25:59.0296 1236  [ BF67AC2C1F41BE892B98E9B8E91C0CB8 ] C:\WINDOWS\system32\wiashext.dll
00:25:59.0296 1236  C:\WINDOWS\system32\wiashext.dll - ok
00:25:59.0312 1236  [ C6D6DA6037324F4CBC34F40CCEB7DE7F ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
00:25:59.0312 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll - ok
00:25:59.0328 1236  [ 2FA8B03CB4C0BE92BF43C5EDE8B17846 ] C:\WINDOWS\system32\msxml6.dll
00:25:59.0328 1236  C:\WINDOWS\system32\msxml6.dll - ok
00:25:59.0343 1236  [ 1EED60D669DBB34C0689E0A7EFFC7D18 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
00:25:59.0359 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll - ok
00:25:59.0375 1236  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
00:25:59.0375 1236  C:\WINDOWS\system32\seclogon.dll - ok
00:25:59.0375 1236  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:25:59.0390 1236  C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe - ok
00:25:59.0406 1236  [ 285F90290DF483A642400881EC2A66F6 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
00:25:59.0406 1236  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll - ok
00:25:59.0421 1236  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
00:25:59.0421 1236  C:\WINDOWS\system32\srsvc.dll - ok
00:25:59.0437 1236  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
00:25:59.0437 1236  C:\WINDOWS\system32\trkwks.dll - ok
00:25:59.0468 1236  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
00:25:59.0468 1236  C:\WINDOWS\system32\wiaservc.dll - ok
00:25:59.0500 1236  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
00:25:59.0500 1236  C:\WINDOWS\system32\wuauserv.dll - ok
00:25:59.0515 1236  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:25:59.0515 1236  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - ok
00:25:59.0531 1236  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
00:25:59.0531 1236  C:\WINDOWS\system32\cfgmgr32.dll - ok
00:25:59.0562 1236  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
00:25:59.0562 1236  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
00:25:59.0593 1236  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
00:25:59.0593 1236  C:\WINDOWS\system32\vssapi.dll - ok
00:25:59.0625 1236  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
00:25:59.0625 1236  C:\WINDOWS\system32\wuaueng.dll - ok
00:25:59.0640 1236  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
00:25:59.0640 1236  C:\WINDOWS\system32\cabinet.dll - ok
00:25:59.0656 1236  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
00:25:59.0656 1236  C:\WINDOWS\system32\mspatcha.dll - ok
00:25:59.0687 1236  [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
00:25:59.0687 1236  C:\WINDOWS\system32\browser.dll - ok
00:25:59.0718 1236  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
00:25:59.0718 1236  C:\WINDOWS\system32\wscsvc.dll - ok
00:25:59.0734 1236  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
00:25:59.0734 1236  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
00:25:59.0750 1236  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
00:25:59.0750 1236  C:\WINDOWS\system32\wbem\esscli.dll - ok
00:25:59.0812 1236  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
00:25:59.0812 1236  C:\WINDOWS\system32\wbem\fastprox.dll - ok
00:25:59.0843 1236  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
00:25:59.0843 1236  C:\WINDOWS\system32\comsvcs.dll - ok
00:25:59.0859 1236  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
00:25:59.0859 1236  C:\WINDOWS\system32\colbact.dll - ok
00:25:59.0890 1236  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
00:25:59.0890 1236  C:\WINDOWS\system32\mtxclu.dll - ok
00:25:59.0906 1236  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
00:25:59.0906 1236  C:\WINDOWS\system32\resutils.dll - ok
00:25:59.0921 1236  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
00:25:59.0921 1236  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
00:25:59.0953 1236  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
00:25:59.0953 1236  C:\WINDOWS\system32\wups.dll - ok
00:26:00.0000 1236  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
00:26:00.0000 1236  C:\WINDOWS\system32\wups2.dll - ok
00:26:00.0046 1236  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
00:26:00.0046 1236  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
00:26:00.0062 1236  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
00:26:00.0062 1236  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
00:26:00.0093 1236  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
00:26:00.0093 1236  C:\WINDOWS\system32\wuauclt.exe - ok
00:26:00.0109 1236  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
00:26:00.0109 1236  C:\WINDOWS\system32\wbem\wbemess.dll - ok
00:26:00.0140 1236  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
00:26:00.0140 1236  C:\WINDOWS\system32\wuapi.dll - ok
00:26:00.0156 1236  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
00:26:00.0156 1236  C:\WINDOWS\system32\wbem\ncprov.dll - ok
00:26:00.0171 1236  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
00:26:00.0171 1236  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
00:26:00.0218 1236  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
00:26:00.0218 1236  C:\WINDOWS\system32\termsrv.dll - ok
00:26:00.0265 1236  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
00:26:00.0265 1236  C:\WINDOWS\system32\icaapi.dll - ok
00:26:00.0281 1236  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
00:26:00.0281 1236  C:\WINDOWS\system32\mstlsapi.dll - ok
00:26:00.0312 1236  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
00:26:00.0312 1236  C:\WINDOWS\system32\imapi.exe - ok
00:26:00.0328 1236  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
00:26:00.0328 1236  C:\WINDOWS\system32\tapisrv.dll - ok
00:26:00.0375 1236  [ 9033D67B7112D23EDED6789BACDED128 ] C:\Program Files\iPod\bin\iPodService.exe
00:26:00.0375 1236  C:\Program Files\iPod\bin\iPodService.exe - ok
00:26:00.0390 1236  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
00:26:00.0390 1236  C:\WINDOWS\system32\upnp.dll - ok
00:26:00.0421 1236  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
00:26:00.0421 1236  C:\WINDOWS\system32\ssdpapi.dll - ok
00:26:00.0437 1236  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
00:26:00.0437 1236  C:\WINDOWS\system32\rastapi.dll - ok
00:26:00.0453 1236  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
00:26:00.0453 1236  C:\WINDOWS\system32\unimdm.tsp - ok
00:26:00.0484 1236  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
00:26:00.0484 1236  C:\WINDOWS\system32\uniplat.dll - ok
00:26:00.0500 1236  [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
00:26:00.0500 1236  C:\WINDOWS\system32\unimdmat.dll - ok
00:26:00.0515 1236  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
00:26:00.0515 1236  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
00:26:00.0546 1236  [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
00:26:00.0546 1236  C:\WINDOWS\system32\modemui.dll - ok
00:26:00.0578 1236  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
00:26:00.0578 1236  C:\WINDOWS\system32\kmddsp.tsp - ok
00:26:00.0609 1236  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
00:26:00.0609 1236  C:\WINDOWS\system32\ndptsp.tsp - ok
00:26:00.0656 1236  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
00:26:00.0656 1236  C:\WINDOWS\system32\ipconf.tsp - ok
00:26:00.0687 1236  [ 8A902EAE00A28C96C375DD4E7B38A6F5 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
00:26:00.0687 1236  C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
00:26:00.0750 1236  [ 3CCC253C106CA03EB9B1842C682A2A0D ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
00:26:00.0750 1236  C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
00:26:00.0781 1236  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
00:26:00.0781 1236  C:\WINDOWS\system32\h323.tsp - ok
00:26:00.0843 1236  [ 3CAEAE7608F1BD7BA873A3B02895B106 ] C:\WINDOWS\system32\sti.dll
00:26:00.0843 1236  C:\WINDOWS\system32\sti.dll - ok
00:26:00.0906 1236  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
00:26:00.0906 1236  C:\WINDOWS\system32\hidphone.tsp - ok
00:26:00.0921 1236  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
00:26:00.0921 1236  C:\WINDOWS\system32\hid.dll - ok
00:26:00.0937 1236  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
00:26:00.0937 1236  C:\WINDOWS\system32\rasppp.dll - ok
00:26:00.0984 1236  [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
00:26:00.0984 1236  C:\WINDOWS\system32\qmgr.dll - ok
00:26:01.0000 1236  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
00:26:01.0000 1236  C:\WINDOWS\system32\ntlsapi.dll - ok
00:26:01.0015 1236  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
00:26:01.0015 1236  C:\WINDOWS\system32\drivers\http.sys - ok
00:26:01.0046 1236  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
00:26:01.0046 1236  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
00:26:01.0062 1236  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
00:26:01.0062 1236  C:\WINDOWS\system32\ssdpsrv.dll - ok
00:26:01.0093 1236  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
00:26:01.0093 1236  C:\WINDOWS\system32\rasqec.dll - ok
00:26:01.0109 1236  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
00:26:01.0109 1236  C:\WINDOWS\system32\rasdlg.dll - ok
00:26:01.0125 1236  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
00:26:01.0125 1236  C:\WINDOWS\system32\wbem\framedyn.dll - ok
00:26:01.0156 1236  [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
00:26:01.0156 1236  C:\WINDOWS\system32\qmgrprxy.dll - ok
00:26:01.0171 1236  [ AE03154242CF7382C4101732F5EA5B37 ] C:\PROGRA~1\WINDOW~4\MESSEN~1\vvpltfrm.dll
00:26:01.0171 1236  C:\PROGRA~1\WINDOW~4\MESSEN~1\vvpltfrm.dll - ok
00:26:01.0203 1236  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
00:26:01.0203 1236  C:\WINDOWS\system32\security.dll - ok
00:26:01.0218 1236  [ 355FE68A41EC27C2A3D1A6E86A582820 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
00:26:01.0218 1236  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll - ok
00:26:01.0234 1236  [ E0B432F20FA54FA689949AC6DBC4C4AB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
00:26:01.0234 1236  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll - ok
00:26:01.0265 1236  [ 3AA2EC0B41F20CB4F0D226C49392612F ] C:\Program Files\Yahoo!\Messenger\res_msgr.dll
00:26:01.0265 1236  C:\Program Files\Yahoo!\Messenger\res_msgr.dll - ok
00:26:01.0281 1236  [ 96E438518E93420307AC20729DE24C73 ] C:\Program Files\Windows Live\Messenger\rtmpltfm.dll
00:26:01.0281 1236  C:\Program Files\Windows Live\Messenger\rtmpltfm.dll - ok
00:26:01.0312 1236  [ 8AFC17155ED5AB60B7C52D7F553D579C ] C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
00:26:01.0312 1236  C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx - ok
00:26:01.0328 1236  [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
00:26:01.0328 1236  C:\WINDOWS\system32\devenum.dll - ok
00:26:01.0343 1236  [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
00:26:01.0343 1236  C:\WINDOWS\system32\msdmo.dll - ok
00:26:01.0375 1236  [ 01CFA88F8DEE91EC9F8E0988F49D106E ] C:\WINDOWS\system32\avicap32.dll
00:26:01.0375 1236  C:\WINDOWS\system32\avicap32.dll - ok
00:26:01.0390 1236  [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
00:26:01.0390 1236  C:\WINDOWS\system32\msvfw32.dll - ok
00:26:01.0406 1236  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
00:26:01.0406 1236  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
00:26:01.0421 1236  [ 49804C9E6B0B709A0B607DB7E9462AA3 ] C:\WINDOWS\system32\quartz.dll
00:26:01.0421 1236  C:\WINDOWS\system32\quartz.dll - ok
00:26:01.0453 1236  [ 56ADB11F7D4D0816C0BE1E701C1B5E52 ] C:\WINDOWS\system32\d3dim700.dll
00:26:01.0453 1236  C:\WINDOWS\system32\d3dim700.dll - ok
00:26:01.0468 1236  [ CE00206F0A6068C4068367FA7731F544 ] C:\Program Files\Yahoo!\Messenger\ft60.dll
00:26:01.0468 1236  C:\Program Files\Yahoo!\Messenger\ft60.dll - ok
00:26:01.0484 1236  [ 79967F82C0D346666D1EC5E6F27EC1E4 ] C:\Program Files\Windows Live\Messenger\msgswcam.dll
00:26:01.0484 1236  C:\Program Files\Windows Live\Messenger\msgswcam.dll - ok
00:26:01.0515 1236  [ D79524DFBC24FA484DF5C277447D2F7F ] C:\WINDOWS\system32\sirenacm.dll
00:26:01.0515 1236  C:\WINDOWS\system32\sirenacm.dll - ok
00:26:01.0531 1236  [ C24C13919AF28C900C39186A30131592 ] C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll
00:26:01.0531 1236  C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll - ok
00:26:01.0546 1236  [ 8406A0B60F9E9F533E474F7927068EEB ] C:\Program Files\Yahoo!\Messenger\Yml.dll
00:26:01.0546 1236  C:\Program Files\Yahoo!\Messenger\Yml.dll - ok
00:26:01.0578 1236  [ 6DD92849982F1CA114566B4603023110 ] C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
00:26:01.0578 1236  C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe - ok
00:26:01.0593 1236  [ 902BF143000F12FC55AF8B89EFEE187D ] C:\Program Files\Java\jre6\bin\awt.dll
00:26:01.0593 1236  C:\Program Files\Java\jre6\bin\awt.dll - ok
00:26:01.0625 1236  [ 9019AEBD2F7212170F739E162D09471B ] C:\Program Files\Java\jre6\bin\client\jvm.dll
00:26:01.0625 1236  C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
00:26:01.0640 1236  [ F0835990C1731A48901A229A63C6ADA1 ] C:\Program Files\Java\jre6\bin\dcpr.dll
00:26:01.0640 1236  C:\Program Files\Java\jre6\bin\dcpr.dll - ok
00:26:01.0656 1236  ============================================================
00:26:01.0656 1236  Scan finished
00:26:01.0656 1236  ============================================================
00:26:01.0890 1820  Detected object count: 3
00:26:01.0890 1820  Actual detected object count: 3
00:26:25.0750 1820  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
00:26:25.0750 1820  Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:26:32.0781 1820  \Device\Harddisk0\DR0\# - copied to quarantine
00:26:32.0812 1820  \Device\Harddisk0\DR0 - copied to quarantine
00:26:32.0859 1820  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:26:32.0921 1820  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:26:32.0937 1820  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:26:32.0968 1820  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:26:33.0015 1820  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:26:33.0015 1820  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:26:33.0078 1820  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:26:33.0078 1820  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:26:33.0093 1820  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:26:33.0109 1820  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:26:33.0125 1820  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:26:33.0140 1820  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:26:33.0203 1820  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:26:33.0203 1820  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
00:26:33.0296 1820  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
00:26:33.0312 1820  \Device\Harddisk0\DR0 - ok
00:26:34.0468 1820  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
00:26:34.0468 1820  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:26:34.0468 1820  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:26:58.0859 0448  Deinitialize success
 

I'm a bit confused, do you want both log files or just the one that poped up after I hit "Report" (On the RougeKiller bit). Nither of them are the KRreport [2].txt your asking for.


Edited by Houka, 04 July 2013 - 01:00 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 04 July 2013 - 01:02 AM


Hello

Go ahead and send both - they changed the naming scheme on me

I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 04 July 2013 - 01:12 AM

Here the firts one-

 

RogueKiller V8.6.2 [Jul  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew Teifke [Admin rights]
Mode : Scan -- Date : 07/04/2013 00:42:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : 1964emu_099 (RUNDLL32.EXE "C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\1964emu_099\tlwfmpsl.dll",D3DXQuaternionInverse [x][x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Documents and Settings\Andrew Teifke\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3d5ae48843d047d688c7d1c98e54ce01-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID ROC_APR2013_AV [x][x][x][x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1659004503-1284227242-1606980848-1003\[...]\Run : 1964emu_099 (RUNDLL32.EXE "C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\1964emu_099\tlwfmpsl.dll",D3DXQuaternionInverse [x][x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1659004503-1284227242-1606980848-1003\[...]\Run : ROC_ROC_APR2013_AV (C:\Documents and Settings\Andrew Teifke\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3d5ae48843d047d688c7d1c98e54ce01-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID ROC_APR2013_AV [x][x][x][x][x]) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[All Users][SUSP PATH] StrongVaultApp.exe.lnk : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk @C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\StrongVault\StrongVaultApp.exe [-][x][x] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500630A +++++
--- User ---
[MBR] f9f2cbf6e3da7f07a59bd429c8c29468
[BSP] 0b2f80f7aee31427cbcd0ceb76f82e28 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 57655 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 118077750 | Size: 154115 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 433706805 | Size: 265166 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07042013_004246.txt >>
 

And the secend-

 

RogueKiller V8.6.2 [Jul  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Andrew Teifke [Admin rights]
Mode : Remove -- Date : 07/04/2013 00:42:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : 1964emu_099 (RUNDLL32.EXE "C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\1964emu_099\tlwfmpsl.dll",D3DXQuaternionInverse [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Documents and Settings\Andrew Teifke\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3d5ae48843d047d688c7d1c98e54ce01-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID ROC_APR2013_AV [x][x][x][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1659004503-1284227242-1606980848-1003\[...]\Run : 1964emu_099 (RUNDLL32.EXE "C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\1964emu_099\tlwfmpsl.dll",D3DXQuaternionInverse [x][x][x]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-1659004503-1284227242-1606980848-1003\[...]\Run : ROC_ROC_APR2013_AV (C:\Documents and Settings\Andrew Teifke\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3d5ae48843d047d688c7d1c98e54ce01-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID ROC_APR2013_AV [x][x][x][x][x]) -> [0x2] The system cannot find the file specified.
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[All Users][SUSP PATH] StrongVaultApp.exe.lnk : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk @C:\Documents and Settings\Andrew Teifke\Local Settings\Application Data\StrongVault\StrongVaultApp.exe [-][x][x] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500630A +++++
--- User ---
[MBR] f9f2cbf6e3da7f07a59bd429c8c29468
[BSP] 0b2f80f7aee31427cbcd0ceb76f82e28 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 57655 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 118077750 | Size: 154115 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 433706805 | Size: 265166 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07042013_004256.txt >>
RKreport[0]_S_07042013_004246.txt

Also I;ve done with teh other thing. So that is deleted.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 04 July 2013 - 02:02 AM

Go ahead and try to run combofix again - things should be getting better at this time



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 04 July 2013 - 02:17 PM

Still seem to sit around doing nothing still. Also evenything on my PC crashes after I let it go so far so I'm force to restated to get everything going again.

 

However, my PC is much more responsive then before, both online and with folders and stuff. It has been 3 hours and no voulme issue at all.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:23 AM

Posted 05 July 2013 - 12:31 AM


Hello Houka

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Houka

Houka
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:01:23 AM

Posted 05 July 2013 - 03:13 PM

It just does teh saem thing:

I let it go for a hour,

just sitting there scaning,

the mouse and clicking things are slugish,

 

So either it will take a long time to scan or it crashes at some point of the scaning process.

 

In other news my music and other (Oringal issues I had) seem to be gone now. Still kinda worry about Combfix doesn't seem to be working unless I'm doing something wrong. I'm leaving it alone or am I suppose to minimize it or something.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users