Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sbamsv.exe: Personalized phishing emails, refuse to shutdown, labored

Started by Bumblepuck , Nov 28 2012 02:16 PM

  • This topic is locked This topic is locked

#1
Bumblepuck
Posted 28 November 2012 - 02:16 PM

Bumblepuck

    New Member

  • Member
  • Pip
  • 8 posts
Hey Guys,

I want to start by thanking whoever works with me on this in advance! I really appreciate your time and I will respect your efforts; I will respond very quickly, politely, and thoroughly to instructions and questions.



Here is what I am working with. Suspicious process in resource manager SBAMSvc.exe. More on this later.
For the past little bit my computer has been working extra hard. There is more memory used than usual, more cpu usage than usual, and it lags like it has some other mysterious tasks going on when I am not doing anything on it. Streaming video now lags on the web and it has other performance lags where it just moves slowly and feels labored. The cooling fan is now always in overdrive when windows is running which is a new development and irritating.

The symptoms that I have been able to identify so far are the following:

First and most seriously are the emails that I have been getting. I use a web-based email client to get my mail everyday. Recently, emails have been showing up in my inbox, appearing to come from people in my family. When the email is opened however, the main body is just a link to a website and the from address is a jarbled mix. I never clicked on the link because these emails were obviously fake. The concerning thing is that the "from" is personalized to me. Even more recently, the from has been filled in with names of people that I don't exchange email with, or communicate with, but that I know. I got one the other day from someone that I am only facebook friends with. The from is always the name of someone I either exchange emails with or are facebook friends with. I have never had any sort of email communication or internet interaction with the person other than that we are friends on FB. Also, other people in my email contacts list have started to receive the same emails. But again, I am thinking I am the source of this malware because of the FB friend email.

Continuing:

There are several processes running in resource manager that I have would presume are unusual:
The first that is constantly sucking my cpu and memory is called SBAMSvc.exe.

Some basic googling tells me that this is supposed to be used by an anti-virus program called CounterSpy or Vipre by Sunbelt Security. I never installed anything from Sunbelt knowingly.


Also, my computer refuses to shut down all the way. I will select shutdown, it will exit windows and the screen will go black after a while, but you can here the computer still running and it will do this until forced to shutdown by holding the button.

While using chrome or any internet browser, the browser will also suck up massive amounts of memory. Currently Chrome is using 371 MB, I have six tabs open. It does seem fairly high no?

When running OTL, it would always freeze halfway through a scan, so I ran Malwarebytes and it found like six copies of the same file,
mplayer_Setup.exe
http://install.optim...layer-US-direct

Which it removed. Now I can run OTL.

Here are my logs:
OTL logfile created on: 11/28/2012 2:29:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chris\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 59.02% Memory free
7.59 Gb Paging File | 5.91 Gb Available in Paging File | 77.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 223.87 Gb Free Space | 75.13% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 01:40:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Downloads\OTL (1).exe
PRC - [2012/11/10 18:31:05 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/10 18:31:04 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/04/29 14:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2011/04/22 07:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2012/11/13 21:10:59 | 000,460,904 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppgooglenaclpluginchrome.dll
MOD - [2012/11/13 21:10:57 | 004,008,040 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
MOD - [2012/11/13 21:10:12 | 000,587,880 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\libglesv2.dll
MOD - [2012/11/13 21:10:11 | 000,124,520 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\libegl.dll
MOD - [2012/11/13 21:10:04 | 000,157,304 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\avutil-51.dll
MOD - [2012/11/13 21:10:03 | 000,275,576 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\avformat-54.dll
MOD - [2012/11/13 21:10:02 | 002,168,952 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll
MOD - [2012/11/10 18:31:09 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/10 18:31:06 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/10 18:31:05 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/11/03 01:05:22 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/29 14:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2011/03/21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/10 18:31:04 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/08 14:40:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/31 20:08:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/22 07:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/10 18:31:09 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/29 23:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/22 14:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/02 16:49:46 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010/08/30 03:17:36 | 000,289,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/25 11:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/02/26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/29 14:39:10 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/08/09 00:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.l...&u=___userid___
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 BD 3D 72 45 AA CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-02-21 00:14:52&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2010/02/07 03:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/13 12:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 18:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/31 20:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/31 20:08:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/02/10 07:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2012/10/25 14:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\ntqgi778.default\extensions
[2010/02/10 07:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/31 20:08:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/02/10 08:07:10 | 000,000,584 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/11/10 18:31:32 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Unpolitic.me = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnbjncmlfdfdpnnbloliloehpcmjglg\2.1_0\
CHR - Extension: AVG Safe Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Codec-V = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\crossrider
CHR - Extension: Codec-V = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\
CHR - Extension: Click to call with Skype = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: AVG Secure Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hbogo.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FC293E-35ED-42F1-BCF3-23B7E0747292}: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.5.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2abb987-9714-11e0-b029-1c4bd61113b2}\Shell - "" = AutoRun
O33 - MountPoints2\{d2abb987-9714-11e0-b029-1c4bd61113b2}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{fb0a9377-fe94-11e0-bce5-1c4bd61113b2}\Shell - "" = AutoRun
O33 - MountPoints2\{fb0a9377-fe94-11e0-bce5-1c4bd61113b2}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/26 17:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/26 17:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/26 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/26 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/11/26 17:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/26 17:10:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/21 15:13:29 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Adobe
[2012/11/21 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/21 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/11/21 15:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/20 16:54:58 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Innovations
[2012/11/20 16:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/20 16:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/11/20 16:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/11/20 16:05:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/11/20 16:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/11/20 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/11/20 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/11/20 16:01:31 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Microsoft Help
[2012/11/20 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/20 16:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/20 16:01:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/11/06 15:02:39 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012/11/06 15:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone
[2012/11/06 14:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Rosetta Stone
[2012/11/05 19:46:03 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/11/05 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/05 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2012/11/28 14:40:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/28 14:32:55 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 14:32:55 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 14:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/28 14:24:43 | 3054,874,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/28 11:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job
[2012/11/28 10:03:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job
[2012/11/28 09:59:19 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/28 09:59:19 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/28 09:59:19 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/28 08:29:05 | 101,523,139 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/11/28 07:02:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
[2012/11/28 02:36:24 | 000,002,743 | ---- | M] () -- C:\Users\chris\Documents\logs.rtf
[2012/11/28 02:30:55 | 000,007,595 | ---- | M] () -- C:\Users\chris\AppData\Local\Resmon.ResmonCfg
[2012/11/28 01:56:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 16:16:16 | 000,002,449 | ---- | M] () -- C:\Users\chris\Desktop\Google Chrome.lnk
[2012/11/27 16:09:50 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
[2012/11/26 17:51:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/21 15:20:22 | 000,171,571 | ---- | M] () -- C:\Users\chris\Documents\www.avalerehealth.net_about_employment_positions_application.pdf
[2012/11/21 15:10:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/20 16:39:34 | 000,435,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/11 19:17:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/11/10 18:31:09 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/07 17:00:51 | 000,424,365 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/06 15:02:20 | 000,002,215 | ---- | M] () -- C:\Users\chris\Desktop\The Rosetta Stone.lnk

========== Files Created - No Company Name ==========

[2012/11/28 02:36:23 | 000,002,743 | ---- | C] () -- C:\Users\chris\Documents\logs.rtf
[2012/11/26 17:51:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/21 15:20:21 | 000,171,571 | ---- | C] () -- C:\Users\chris\Documents\www.avalerehealth.net_about_employment_positions_application.pdf
[2012/11/21 15:10:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/21 15:09:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/20 16:01:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/20 15:39:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 19:17:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/11/06 15:02:20 | 000,002,215 | ---- | C] () -- C:\Users\chris\Desktop\The Rosetta Stone.lnk
[2012/10/27 00:07:01 | 000,007,595 | ---- | C] () -- C:\Users\chris\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/21 00:16:47 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\AVG2012
[2011/05/12 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Foxit Software
[2012/06/25 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MotioninJoy
[2011/11/12 08:25:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2012/09/02 00:08:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Origin
[2012/09/11 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\StreamTorrent

========== Purity Check ==========



< End of report >


Want to thank whoever works with me on this in advance! I really appreciate your time and I will respect your efforts; I will respond very quickly, politely, and thoroughly to instructions and questions.

Edited by Bumblepuck, 28 November 2012 - 02:19 PM.

  • 0

Advertisements

#2
Crag_Hack
Posted 29 November 2012 - 04:36 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

Step 1

The first step is to get a special OTL log by doing the following. Then we can begin disinfection. Please do the following:

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
WSHELPER.*
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

The next step is to run aswMBR.

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
OTL.txt
Extras.txt
aswMBR log
  • 0

#3
Bumblepuck
Posted 02 December 2012 - 12:00 AM

Bumblepuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Sorry it took so long to reply. I was out of town on a trip for longer than expected. Here are the requested logs.

OTL logfile created on: 12/1/2012 4:02:29 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chris\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 52.15% Memory free
7.59 Gb Paging File | 5.71 Gb Available in Paging File | 75.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 223.02 Gb Free Space | 74.84% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/01 16:01:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Downloads\OTL (2).exe
PRC - [2012/11/10 18:31:05 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/10 18:31:04 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/04/29 14:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2011/04/22 07:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2012/11/13 21:10:59 | 000,460,904 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppgooglenaclpluginchrome.dll
MOD - [2012/11/13 21:10:57 | 004,008,040 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
MOD - [2012/11/13 21:10:12 | 000,587,880 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\libglesv2.dll
MOD - [2012/11/13 21:10:11 | 000,124,520 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\libegl.dll
MOD - [2012/11/13 21:10:04 | 000,157,304 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\avutil-51.dll
MOD - [2012/11/13 21:10:03 | 000,275,576 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\avformat-54.dll
MOD - [2012/11/13 21:10:02 | 002,168,952 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll
MOD - [2012/11/10 18:31:09 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/10 18:31:06 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/10 18:31:05 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/11/03 01:05:22 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/29 14:00:14 | 000,477,736 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2011/03/21 13:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 13:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/10 18:31:04 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/08 14:40:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/31 20:08:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/22 07:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/10 18:31:09 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/29 23:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/22 14:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/04/22 08:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/02 16:49:46 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010/08/30 03:17:36 | 000,289,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/25 11:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/02/26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/29 14:39:10 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/08/09 00:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.l...&u=___userid___
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 BD 3D 72 45 AA CA 01 [binary data]
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-02-21 00:14:52&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA DC 46 6C 2B 9F CC 01 [binary data]
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2010/02/07 03:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/13 12:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/10 18:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/31 20:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/31 20:08:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/02/10 07:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2012/10/25 14:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\ntqgi778.default\extensions
[2010/02/10 07:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/31 20:08:48 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/02/10 08:07:10 | 000,000,584 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/11/10 18:31:32 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: Unpolitic.me = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnbjncmlfdfdpnnbloliloehpcmjglg\2.1_0\
CHR - Extension: AVG Safe Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: Codec-V = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\crossrider
CHR - Extension: Codec-V = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\
CHR - Extension: Click to call with Skype = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: AVG Secure Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002..\Run: [Facebook Update] C:\Users\chris\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2235293297-2697005369-2118757151-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2235293297-2697005369-2118757151-1000\..Trusted Domains: hbogo.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FC293E-35ED-42F1-BCF3-23B7E0747292}: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.5.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2abb987-9714-11e0-b029-1c4bd61113b2}\Shell - "" = AutoRun
O33 - MountPoints2\{d2abb987-9714-11e0-b029-1c4bd61113b2}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{fb0a9377-fe94-11e0-bce5-1c4bd61113b2}\Shell - "" = AutoRun
O33 - MountPoints2\{fb0a9377-fe94-11e0-bce5-1c4bd61113b2}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/26 17:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/26 17:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/26 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/26 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/11/26 17:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/21 15:13:29 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Adobe
[2012/11/21 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/21 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/11/21 15:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/20 16:54:58 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Innovations
[2012/11/20 16:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/20 16:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/11/20 16:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/11/20 16:05:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/11/20 16:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/11/20 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/11/20 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/11/20 16:01:31 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Microsoft Help
[2012/11/20 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/20 16:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/20 16:01:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/11/06 15:02:39 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012/11/06 15:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone
[2012/11/06 14:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Rosetta Stone
[2012/11/05 19:46:03 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/11/05 19:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/05 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2012/12/01 16:12:46 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job
[2012/12/01 16:12:45 | 000,002,449 | ---- | M] () -- C:\Users\chris\Desktop\Google Chrome.lnk
[2012/12/01 16:08:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
[2012/12/01 16:06:10 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 16:06:10 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 16:03:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job
[2012/12/01 16:02:27 | 101,727,659 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/12/01 15:58:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 15:58:04 | 3054,874,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/29 16:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/29 01:30:14 | 000,007,596 | ---- | M] () -- C:\Users\chris\AppData\Local\Resmon.ResmonCfg
[2012/11/28 15:10:40 | 000,000,162 | -H-- | M] () -- C:\Users\chris\Documents\~$logs.rtf
[2012/11/28 09:59:19 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/28 09:59:19 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/28 09:59:19 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/28 07:02:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
[2012/11/28 02:36:24 | 000,002,743 | ---- | M] () -- C:\Users\chris\Documents\logs.rtf
[2012/11/28 01:56:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 17:51:23 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/21 15:20:22 | 000,171,571 | ---- | M] () -- C:\Users\chris\Documents\www.avalerehealth.net_about_employment_positions_application.pdf
[2012/11/21 15:10:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/20 16:39:34 | 000,435,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/11 19:17:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/11/10 18:31:09 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/07 17:00:51 | 000,424,365 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/06 15:02:20 | 000,002,215 | ---- | M] () -- C:\Users\chris\Desktop\The Rosetta Stone.lnk

========== Files Created - No Company Name ==========

[2012/11/28 15:10:40 | 000,000,162 | -H-- | C] () -- C:\Users\chris\Documents\~$logs.rtf
[2012/11/28 02:36:23 | 000,002,743 | ---- | C] () -- C:\Users\chris\Documents\logs.rtf
[2012/11/26 17:51:23 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/21 15:20:21 | 000,171,571 | ---- | C] () -- C:\Users\chris\Documents\www.avalerehealth.net_about_employment_positions_application.pdf
[2012/11/21 15:10:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/21 15:09:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/20 16:01:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/20 15:39:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 19:17:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/11/06 15:02:20 | 000,002,215 | ---- | C] () -- C:\Users\chris\Desktop\The Rosetta Stone.lnk
[2012/10/27 00:07:01 | 000,007,596 | ---- | C] () -- C:\Users\chris\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/21 00:16:47 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\AVG2012
[2011/05/12 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Foxit Software
[2012/06/25 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MotioninJoy
[2011/11/12 08:25:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2012/09/02 00:08:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Origin
[2012/09/11 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\StreamTorrent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 17:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 17:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2009/07/13 21:07:50 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\SysWOW64\en-US\wshelper.dll.mui
[2009/07/13 21:07:50 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_adb3c1d9fa188607\wshelper.dll.mui
[2009/07/13 21:28:32 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\Windows\SysNative\en-US\wshelper.dll.mui
[2009/07/13 21:28:32 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09d25d5db275f73d\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/10 07:17:20 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2011/07/03 14:50:05 | 000,000,856 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
[2011/07/03 14:50:06 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job
[2011/10/04 19:54:32 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
[2011/10/04 19:54:33 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: CHRIS-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 297 GB Healthy Boot

< End of report >






OTL Extras logfile created on: 11/27/2012 9:48:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chris\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.07% Memory free
7.59 Gb Paging File | 5.24 Gb Available in Paging File | 69.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 224.20 Gb Free Space | 75.24% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{32C29897-9927-4020-BF0A-F0B31BEE7F53}" = lport=9946 | protocol=6 | dir=in | name=fifa |
"{99423287-058A-42DB-9966-C59F8DD6A7E8}" = lport=9565 | protocol=17 | dir=in | name=fiafa122 |
"{D1AE8A38-AC45-4CCB-8164-E50AF6F0F678}" = rport=9946 | protocol=6 | dir=out | name=fqdaf |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F02A4D-C9F2-4ADD-AB51-9CE8E94DB039}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1295B5E7-B7C0-4C48-A1D7-356DC661C9A1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{15DD690F-BC11-4033-A838-41068CEB922C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{20A82F40-97D4-4099-A50A-CA3168CCBA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{23D8BC5B-C441-4E5D-9B07-3D9DBB60D34A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2687CF26-CFED-40D9-82A8-FC803ACC09E8}" = protocol=17 | dir=out | name=fifffa |
"{2CA0DF6D-8576-40F3-8848-EE5457B61CFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47FCD2D8-462C-45A4-993E-3762D44916A0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{52DCDD03-B599-4224-BD54-87346034E3F9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{53CF1B1C-C17F-4811-8DA0-23683EE4D870}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6BAABEEF-B2E0-489B-9409-7DA5E96BE713}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{81C8F59C-2558-4E7D-999C-4B3BC9018C9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{871D762F-2CE5-482B-BD38-AE4CB45E328F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{8DF6FE04-53A0-4C30-8961-44DCA4542A01}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{AFC90834-91F9-4248-9C05-B62F28F8FEB4}" = dir=in | app=c:\users\chris\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{AFE38E8B-54B2-4D2B-B327-DA0ABEB6ED49}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B59AE13C-D45E-49B0-B452-7BEFF7BF18DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BAE34630-64EB-477E-A0C2-EC4BB58FDD02}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{C8D43EB4-C6A2-45B8-A8C8-362B353A5EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{D727A63B-F9C4-4244-9105-4F67C50F10F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{E07A11AC-E50F-441F-9F57-9E06AACA3691}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EF2589EC-BF82-4214-A00D-CC2F3DB87970}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FD4BAE99-E141-478D-8350-E2BB56F7E93D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{267CA3AF-EFCA-4750-AFDF-9355E1170FD0}C:\users\chris\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{318A4DA0-E618-457F-B746-6ADF051BC52C}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{412D85A9-95F5-4290-A9CE-69A5F4ED86A7}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{91304E26-68D6-4FE9-BDC3-7C09911115B2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{CACB7347-D2D8-40A0-934F-DEE99AE6D0FD}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{FE7AED62-B7AA-41E2-86E9-21FEEE47346A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{2D62A555-B695-45FB-BEC9-445FAE14A6B3}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{3EA9E978-275F-4DB9-9BDF-9ED87FFB0C1B}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5BE079B9-C761-4746-BE0E-875CBEC935B7}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{612BBEA6-CBF1-4AB4-8727-D3DED39DD33F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{6179ADBC-3973-462E-B969-F2E4C3E19710}C:\users\chris\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{AFE0D1DC-E9E7-4293-91D4-C214B14074B8}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6FEDAFB4-A2AE-4D6B-A505-D82B07291F40}" = AVG 2012
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D6C6D02-F201-42AA-B53B-7B5166B6705C}" = FIFA 12 DEMO
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-Zip" = 7-Zip 9.22beta
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"DivX Setup.divx.com" = DivX Setup
"Foxit Reader" = Foxit Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PdaNet_is1" = PdaNet for Android 3.00
"SopCast" = SopCast 3.4.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"The Rosetta Stone" = The Rosetta Stone

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2012 6:47:44 PM | Computer Name = chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/19/2012 6:47:44 PM | Computer Name = chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15226

Error - 11/19/2012 6:47:44 PM | Computer Name = chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15226

Error - 11/20/2012 4:57:50 PM | Computer Name = chris-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 11/20/2012 4:57:53 PM | Computer Name = chris-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 11/20/2012 4:57:54 PM | Computer Name = chris-PC | Source = MsiInstaller | ID = 11500
Description =

Error - 11/20/2012 5:13:47 PM | Computer Name = chris-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 11/26/2012 9:09:26 PM | Computer Name = chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/26/2012 9:09:26 PM | Computer Name = chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585

Error - 11/26/2012 9:09:26 PM | Computer Name = chris-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585

[ System Events ]
Error - 6/22/2012 4:39:34 PM | Computer Name = CHRIS-PC | Source = BugCheck | ID = 1001
Description =

Error - 6/23/2012 12:36:50 AM | Computer Name = chris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:22:04 PM on ?6/?22/?2012 was unexpected.

Error - 6/23/2012 12:36:51 AM | Computer Name = CHRIS-PC | Source = BugCheck | ID = 1001
Description =

Error - 6/23/2012 4:04:52 PM | Computer Name = chris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:58:23 AM on ?6/?23/?2012 was unexpected.

Error - 6/23/2012 4:04:53 PM | Computer Name = CHRIS-PC | Source = BugCheck | ID = 1001
Description =

Error - 6/23/2012 10:27:19 PM | Computer Name = chris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:00:17 PM on ?6/?23/?2012 was unexpected.

Error - 6/23/2012 10:27:32 PM | Computer Name = chris-PC | Source = BugCheck | ID = 1001
Description =

Error - 6/23/2012 10:58:40 PM | Computer Name = chris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:47:08 PM on ?6/?23/?2012 was unexpected.

Error - 6/23/2012 10:58:50 PM | Computer Name = CHRIS-PC | Source = BugCheck | ID = 1001
Description =

Error - 6/23/2012 11:04:09 PM | Computer Name = chris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:01:19 PM on ?6/?23/?2012 was unexpected.


< End of report >




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 16:43:50
-----------------------------
16:43:50.360 OS Version: Windows x64 6.1.7601 Service Pack 1
16:43:50.360 Number of processors: 4 586 0x2502
16:43:50.362 ComputerName: CHRIS-PC UserName: chris
16:43:51.823 Initialize success
16:45:01.654 AVAST engine defs: 12120100
00:24:33.519 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:24:33.528 Disk 0 Vendor: WDC_WD3200BEVT-00A0RT0 01.01A01 Size: 305245MB BusType: 11
00:24:33.543 Disk 0 MBR read successfully
00:24:33.549 Disk 0 MBR scan
00:24:33.558 Disk 0 Windows 7 default MBR code
00:24:33.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:24:33.588 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
00:24:33.620 Disk 0 scanning C:\Windows\system32\drivers
00:24:52.440 Service scanning
00:26:22.814 Modules scanning
00:26:22.832 Disk 0 trace - called modules:
00:26:22.863 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:26:22.874 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fb3060]
00:26:23.223 3 CLASSPNP.SYS[fffff88001b8143f] -> nt!IofCallDriver -> [0xfffffa8004ce41e0]
00:26:23.252 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004d00060]
00:26:25.714 AVAST engine scan C:\Windows
00:26:28.692 AVAST engine scan C:\Windows\system32
00:35:33.841 AVAST engine scan C:\Windows\system32\drivers
00:36:01.175 AVAST engine scan C:\Users\chris
00:48:12.072 AVAST engine scan C:\ProgramData
00:49:43.172 Scan finished successfully
00:59:50.407 Disk 0 MBR has been saved successfully to "C:\Users\chris\Downloads\MBR.dat"
00:59:50.418 The log file has been saved successfully to "C:\Users\chris\Downloads\aswMBR.txt"

Attached Files


  • 0

#4
Bumblepuck
Posted 02 December 2012 - 01:20 AM

Bumblepuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
my apologies for attaching the logs. I read that, I was just in a rush to post this and it slipped my mind.
  • 0

#5
Crag_Hack
Posted 02 December 2012 - 06:27 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Bumplepuck. I am 90% through your OTL log and will finish tomorrow. I will then give you further instructions.
Take Care,
Josh
  • 0

#6
Bumblepuck
Posted 02 December 2012 - 06:30 PM

Bumblepuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, fantastic. Thank you Josh!
  • 0

#7
Crag_Hack
Posted 03 December 2012 - 06:48 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Bumblepuck. I finished looking at all your logs. They are clean. I will have further instructions for you later tonight or tomorrow afternoon. Thanks for your patience.
  • 0

#8
Crag_Hack
Posted 04 December 2012 - 03:39 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Bumplepuck. The next step is to run a special program called TDSSKiller and then pull out the big gun - Combofix. Please do the following:

Step 1

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Make sure to have rebooted your computer prior to the following. Also make sure to take note of any message boxes that pop up during the following procedure related to your infection.

Download and Install Combofix - you can temporarily connect to the Internet for this procedure

Download ComboFix from one of the following locations:
Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
Also please make sure to take note of anything ComboFix says during the course of its run especially if related to your infection and report to me in your next post.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks - if the update succeeds combofix will restart - if not it will continue with the current copy

    Posted Image

    Posted Image

    Posted Image
  • Answer yes to install the Recovery Console if it asks and yes to scan for malware afterwards if prompted

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Things to see in your next post:
TDSSKiller log
Combofix log
  • 0

#9
Bumblepuck
Posted 04 December 2012 - 10:53 PM

Bumblepuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
COMBOFIX LOG :
ComboFix 12-12-04.01 - chris 12/04/2012 23:10:49.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3884.2610 [GMT -5:00]
Running from: c:\users\chris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\ssv.dll
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\Test.htm
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\chris\Documents\ShopToWin
.
.
((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))
.
.
2012-11-28 08:54 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E84E57F-06F3-4500-929B-39B7F770391B}\mpengine.dll
2012-11-26 22:51 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-26 22:50 . 2012-11-26 22:50 -------- d-----w- c:\program files\iPod
2012-11-26 22:50 . 2012-11-26 22:51 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-26 22:50 . 2012-11-26 22:51 -------- d-----w- c:\program files\iTunes
2012-11-26 22:50 . 2012-11-26 22:51 -------- d-----w- c:\program files (x86)\iTunes
2012-11-21 20:13 . 2012-11-21 20:13 -------- d-----w- c:\users\chris\AppData\Local\Adobe
2012-11-21 20:09 . 2012-11-21 20:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-11-20 21:07 . 2012-11-20 21:07 -------- d-----w- c:\program files\Common Files\DESIGNER
2012-11-20 21:06 . 2012-11-20 21:06 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-11-20 21:05 . 2012-11-20 21:05 -------- d-----w- c:\windows\PCHEALTH
2012-11-20 21:05 . 2012-11-20 21:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-20 21:02 . 2012-11-20 21:02 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-11-20 21:02 . 2012-11-20 21:02 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-11-20 21:01 . 2012-11-20 21:01 -------- d-----w- c:\users\chris\AppData\Local\Microsoft Help
2012-11-20 21:01 . 2012-11-20 21:05 -------- d-----w- c:\program files\Microsoft Office
2012-11-20 21:01 . 2012-11-20 21:13 -------- d-----w- c:\programdata\Microsoft Help
2012-11-20 21:01 . 2012-11-20 21:01 -------- d-----r- C:\MSOCache
2012-11-20 21:01 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-20 21:01 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-20 21:01 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-20 21:01 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-20 20:45 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-20 20:45 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-20 20:39 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-20 20:39 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-20 20:39 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-20 20:39 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-20 20:39 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-20 20:39 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-20 20:39 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 20:04 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-19 20:04 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-19 20:04 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-19 20:04 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-06 20:02 . 2004-03-29 21:23 90112 ----a-w- c:\windows\unvise32.exe
2012-11-06 19:59 . 2012-11-06 20:02 -------- d-----w- c:\program files (x86)\The Rosetta Stone
2012-11-06 00:46 . 2012-11-06 00:46 -------- d--h--w- c:\windows\AxInstSV
2012-11-06 00:45 . 2012-11-06 00:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-06 00:44 . 2012-11-06 00:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-06 00:44 . 2012-11-06 00:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-06 00:41 . 2012-11-06 00:41 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 20:40 . 2010-02-10 12:20 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-10 23:31 . 2012-09-07 06:17 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-06 00:42 . 2011-08-24 05:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-27 21:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:22 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 19:40 . 2011-07-07 01:49 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 19:40 . 2010-02-10 12:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:40 . 2012-10-08 19:40 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-30 00:54 . 2012-08-16 11:39 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 19:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 19:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-10 23:31 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-10 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-02-14 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-10 997320]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-07 1022048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-8-19 477736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-5-9 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-01-29 125344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-10 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-10 30568]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-10 711112]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2011-05-22 20752]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2010-02-10 19:40]
.
2012-12-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
- c:\users\chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 10:56]
.
2012-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job
- c:\users\chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 10:56]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000Core.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 19:50]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2235293297-2697005369-2118757151-1000UA.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 19:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-03 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-03 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-03 415256]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_0&u=___userid___
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: hbogo.com\www
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134 192.168.5.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\ntqgi778.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-17738242.sys
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{65C3061D-4456-415A-B97C-1C14099AB2FF}"=hex:51,66,7a,6c,4c,1d,38,12,73,05,d0,
61,64,0a,34,04,c6,6a,5f,54,0c,c4,f6,eb
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2f,9f,d5,54,f5,27,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-04 23:25:23
ComboFix-quarantined-files.txt 2012-12-05 04:25
.
Pre-Run: 239,123,787,776 bytes free
Post-Run: 241,385,213,952 bytes free
.
- - End Of File - - A2DDB39BD0655A675CD878BDD0CBF245







---------------------------------------------------------------------------------------------------------


TDSSKILLER


22:52:25.0105 2780 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:52:25.0526 2780 ============================================================
22:52:25.0526 2780 Current date / time: 2012/12/04 22:52:25.0526
22:52:25.0526 2780 SystemInfo:
22:52:25.0526 2780
22:52:25.0526 2780 OS Version: 6.1.7601 ServicePack: 1.0
22:52:25.0526 2780 Product type: Workstation
22:52:25.0526 2780 ComputerName: CHRIS-PC
22:52:25.0542 2780 UserName: chris
22:52:25.0542 2780 Windows directory: C:\Windows
22:52:25.0542 2780 System windows directory: C:\Windows
22:52:25.0542 2780 Running under WOW64
22:52:25.0542 2780 Processor architecture: Intel x64
22:52:25.0542 2780 Number of processors: 4
22:52:25.0542 2780 Page size: 0x1000
22:52:25.0542 2780 Boot type: Normal boot
22:52:25.0542 2780 ============================================================
22:52:26.0868 2780 BG loaded
22:52:29.0676 2780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:52:29.0691 2780 ============================================================
22:52:29.0691 2780 \Device\Harddisk0\DR0:
22:52:29.0691 2780 MBR partitions:
22:52:29.0691 2780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:52:29.0691 2780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:52:29.0691 2780 ============================================================
22:52:29.0738 2780 C: <-> \Device\Harddisk0\DR0\Partition2
22:52:29.0738 2780 ============================================================
22:52:29.0738 2780 Initialize success
22:52:29.0738 2780 ============================================================
22:54:15.0157 5024 ============================================================
22:54:15.0157 5024 Scan started
22:54:15.0157 5024 Mode: Manual; SigCheck; TDLFS;
22:54:15.0157 5024 ============================================================
22:54:16.0589 5024 ================ Scan system memory ========================
22:54:16.0589 5024 System memory - ok
22:54:16.0591 5024 ================ Scan services =============================
22:54:16.0832 5024 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:54:17.0122 5024 1394ohci - ok
22:54:17.0414 5024 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:54:17.0456 5024 ACPI - ok
22:54:17.0627 5024 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:54:18.0200 5024 AcpiPmi - ok
22:54:19.0096 5024 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:54:19.0128 5024 AdobeARMservice - ok
22:54:21.0212 5024 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:54:21.0248 5024 AdobeFlashPlayerUpdateSvc - ok
22:54:21.0475 5024 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:54:21.0528 5024 adp94xx - ok
22:54:21.0660 5024 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:54:21.0706 5024 adpahci - ok
22:54:21.0824 5024 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:54:21.0861 5024 adpu320 - ok
22:54:21.0926 5024 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:54:24.0809 5024 AeLookupSvc - ok
22:54:25.0020 5024 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:54:25.0109 5024 AFD - ok
22:54:25.0171 5024 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:54:25.0213 5024 agp440 - ok
22:54:25.0295 5024 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:54:25.0351 5024 ALG - ok
22:54:25.0404 5024 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:54:25.0442 5024 aliide - ok
22:54:25.0469 5024 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:54:25.0494 5024 amdide - ok
22:54:25.0632 5024 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:54:25.0843 5024 AmdK8 - ok
22:54:25.0901 5024 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:54:25.0957 5024 AmdPPM - ok
22:54:26.0040 5024 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:54:26.0099 5024 amdsata - ok
22:54:26.0222 5024 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:54:26.0258 5024 amdsbs - ok
22:54:26.0333 5024 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:54:26.0360 5024 amdxata - ok
22:54:26.0534 5024 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:54:26.0755 5024 AppID - ok
22:54:26.0824 5024 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:54:26.0993 5024 AppIDSvc - ok
22:54:27.0077 5024 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:54:27.0215 5024 Appinfo - ok
22:54:27.0608 5024 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:54:27.0635 5024 Apple Mobile Device - ok
22:54:27.0916 5024 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:54:27.0980 5024 AppMgmt - ok
22:54:28.0071 5024 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:54:28.0104 5024 arc - ok
22:54:28.0197 5024 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:54:28.0230 5024 arcsas - ok
22:54:28.0305 5024 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:28.0402 5024 AsyncMac - ok
22:54:28.0440 5024 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:54:28.0467 5024 atapi - ok
22:54:29.0130 5024 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:54:29.0402 5024 athr - ok
22:54:29.0473 5024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:54:29.0603 5024 AudioEndpointBuilder - ok
22:54:29.0784 5024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:54:29.0894 5024 AudioSrv - ok
22:54:30.0930 5024 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:54:31.0167 5024 AVGIDSAgent - ok
22:54:31.0264 5024 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:54:31.0304 5024 AVGIDSDriver - ok
22:54:31.0391 5024 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:54:31.0411 5024 AVGIDSFilter - ok
22:54:31.0457 5024 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
22:54:31.0480 5024 AVGIDSHA - ok
22:54:31.0775 5024 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
22:54:31.0808 5024 Avgldx64 - ok
22:54:31.0868 5024 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
22:54:31.0890 5024 Avgmfx64 - ok
22:54:32.0167 5024 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
22:54:32.0189 5024 Avgrkx64 - ok
22:54:32.0291 5024 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
22:54:32.0327 5024 Avgtdia - ok
22:54:32.0526 5024 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
22:54:32.0550 5024 avgtp - ok
22:54:32.0694 5024 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:54:32.0723 5024 avgwd - ok
22:54:32.0833 5024 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:54:32.0901 5024 AxInstSV - ok
22:54:33.0093 5024 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:54:33.0136 5024 b06bdrv - ok
22:54:33.0310 5024 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:54:33.0408 5024 b57nd60a - ok
22:54:33.0584 5024 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:54:33.0635 5024 BDESVC - ok
22:54:33.0692 5024 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:54:33.0828 5024 Beep - ok
22:54:33.0917 5024 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:54:34.0081 5024 BFE - ok
22:54:34.0139 5024 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:54:34.0333 5024 BITS - ok
22:54:34.0371 5024 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:54:34.0445 5024 blbdrive - ok
22:54:34.0648 5024 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:54:34.0685 5024 Bonjour Service - ok
22:54:34.0752 5024 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:54:34.0794 5024 bowser - ok
22:54:34.0854 5024 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:54:35.0506 5024 BrFiltLo - ok
22:54:35.0531 5024 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:54:35.0568 5024 BrFiltUp - ok
22:54:35.0623 5024 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:54:35.0675 5024 Browser - ok
22:54:35.0718 5024 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:54:35.0781 5024 Brserid - ok
22:54:35.0806 5024 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:54:35.0866 5024 BrSerWdm - ok
22:54:35.0896 5024 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:54:35.0956 5024 BrUsbMdm - ok
22:54:35.0996 5024 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:54:36.0053 5024 BrUsbSer - ok
22:54:36.0114 5024 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:54:36.0250 5024 BthEnum - ok
22:54:36.0283 5024 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:54:36.0351 5024 BTHMODEM - ok
22:54:36.0416 5024 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:54:36.0491 5024 BthPan - ok
22:54:36.0571 5024 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:54:36.0636 5024 BTHPORT - ok
22:54:36.0697 5024 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:54:36.0815 5024 bthserv - ok
22:54:36.0867 5024 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:54:36.0939 5024 BTHUSB - ok
22:54:36.0973 5024 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:54:37.0099 5024 cdfs - ok
22:54:37.0201 5024 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:54:37.0257 5024 cdrom - ok
22:54:37.0318 5024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:54:37.0484 5024 CertPropSvc - ok
22:54:37.0552 5024 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:54:37.0614 5024 circlass - ok
22:54:37.0670 5024 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:54:37.0711 5024 CLFS - ok
22:54:37.0852 5024 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:37.0879 5024 clr_optimization_v2.0.50727_32 - ok
22:54:37.0918 5024 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:54:37.0945 5024 clr_optimization_v2.0.50727_64 - ok
22:54:38.0038 5024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:38.0163 5024 clr_optimization_v4.0.30319_32 - ok
22:54:38.0246 5024 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:54:38.0272 5024 clr_optimization_v4.0.30319_64 - ok
22:54:38.0330 5024 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:38.0360 5024 CmBatt - ok
22:54:38.0389 5024 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:54:38.0417 5024 cmdide - ok
22:54:38.0499 5024 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:54:38.0558 5024 CNG - ok
22:54:38.0653 5024 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:54:38.0681 5024 Compbatt - ok
22:54:38.0739 5024 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:54:38.0803 5024 CompositeBus - ok
22:54:38.0824 5024 COMSysApp - ok
22:54:38.0860 5024 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:54:38.0889 5024 crcdisk - ok
22:54:38.0963 5024 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:54:39.0062 5024 CryptSvc - ok
22:54:39.0123 5024 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:54:39.0197 5024 CSC - ok
22:54:39.0264 5024 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:54:39.0326 5024 CscService - ok
22:54:39.0381 5024 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
22:54:39.0420 5024 CVirtA - ok
22:54:39.0595 5024 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
22:54:39.0676 5024 CVPND - ok
22:54:39.0763 5024 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
22:54:39.0797 5024 CVPNDRVA - ok
22:54:39.0881 5024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:54:40.0020 5024 DcomLaunch - ok
22:54:40.0072 5024 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:54:40.0163 5024 defragsvc - ok
22:54:40.0242 5024 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:54:40.0342 5024 DfsC - ok
22:54:40.0411 5024 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:54:40.0484 5024 Dhcp - ok
22:54:40.0519 5024 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:54:40.0668 5024 discache - ok
22:54:40.0723 5024 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:54:40.0760 5024 Disk - ok
22:54:40.0899 5024 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
22:54:40.0932 5024 DNE - ok
22:54:41.0023 5024 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:54:41.0082 5024 Dnscache - ok
22:54:41.0151 5024 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:54:41.0279 5024 dot3svc - ok
22:54:41.0349 5024 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:54:41.0512 5024 DPS - ok
22:54:41.0615 5024 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:54:41.0658 5024 drmkaud - ok
22:54:41.0810 5024 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:54:41.0876 5024 DXGKrnl - ok
22:54:41.0945 5024 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:54:42.0084 5024 EapHost - ok
22:54:42.0137 5024 [ 1E8D0E318D3F17B2EAAF993DB20C76F0 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
22:54:42.0176 5024 easytether - ok
22:54:42.0314 5024 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:54:42.0524 5024 ebdrv - ok
22:54:42.0640 5024 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:54:42.0676 5024 EFS - ok
22:54:42.0767 5024 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:54:42.0844 5024 ehRecvr - ok
22:54:42.0891 5024 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:54:42.0951 5024 ehSched - ok
22:54:43.0042 5024 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:54:43.0093 5024 elxstor - ok
22:54:43.0135 5024 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:54:43.0190 5024 ErrDev - ok
22:54:43.0285 5024 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:54:43.0410 5024 EventSystem - ok
22:54:43.0455 5024 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:54:43.0580 5024 exfat - ok
22:54:43.0612 5024 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:54:43.0733 5024 fastfat - ok
22:54:43.0829 5024 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:54:43.0881 5024 Fax - ok
22:54:43.0909 5024 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:54:43.0964 5024 fdc - ok
22:54:44.0003 5024 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:54:44.0127 5024 fdPHost - ok
22:54:44.0167 5024 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:54:44.0283 5024 FDResPub - ok
22:54:44.0300 5024 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:54:44.0329 5024 FileInfo - ok
22:54:44.0356 5024 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:54:44.0475 5024 Filetrace - ok
22:54:44.0533 5024 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:54:44.0566 5024 flpydisk - ok
22:54:44.0653 5024 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:54:44.0690 5024 FltMgr - ok
22:54:44.0783 5024 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:54:44.0840 5024 FontCache - ok
22:54:44.0997 5024 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:54:45.0023 5024 FontCache3.0.0.0 - ok
22:54:45.0064 5024 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:54:45.0101 5024 FsDepends - ok
22:54:45.0249 5024 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:54:45.0286 5024 Fs_Rec - ok
22:54:45.0389 5024 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:54:45.0426 5024 fvevol - ok
22:54:45.0472 5024 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:54:45.0524 5024 gagp30kx - ok
22:54:45.0576 5024 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:54:45.0601 5024 GEARAspiWDM - ok
22:54:45.0682 5024 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:54:45.0859 5024 gpsvc - ok
22:54:45.0906 5024 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:54:45.0938 5024 hcw85cir - ok
22:54:46.0005 5024 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:54:46.0100 5024 HdAudAddService - ok
22:54:46.0234 5024 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:54:46.0298 5024 HDAudBus - ok
22:54:46.0352 5024 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:54:46.0376 5024 HECIx64 - ok
22:54:46.0410 5024 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:54:46.0473 5024 HidBatt - ok
22:54:46.0505 5024 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:54:46.0602 5024 HidBth - ok
22:54:46.0658 5024 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:54:46.0727 5024 HidIr - ok
22:54:46.0755 5024 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:54:46.0892 5024 hidserv - ok
22:54:46.0984 5024 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:54:47.0015 5024 HidUsb - ok
22:54:47.0059 5024 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:54:47.0180 5024 hkmsvc - ok
22:54:47.0240 5024 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:54:47.0287 5024 HomeGroupListener - ok
22:54:47.0339 5024 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:54:47.0401 5024 HomeGroupProvider - ok
22:54:47.0487 5024 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:54:47.0519 5024 HpSAMD - ok
22:54:47.0618 5024 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:54:47.0796 5024 HTTP - ok
22:54:47.0846 5024 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:54:47.0874 5024 hwpolicy - ok
22:54:47.0939 5024 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:54:47.0973 5024 i8042prt - ok
22:54:48.0059 5024 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:54:48.0116 5024 iaStorV - ok
22:54:48.0337 5024 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:54:48.0400 5024 idsvc - ok
22:54:49.0144 5024 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:54:49.0669 5024 igfx - ok
22:54:49.0813 5024 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:54:49.0847 5024 iirsp - ok
22:54:49.0926 5024 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:54:50.0064 5024 IKEEXT - ok
22:54:50.0174 5024 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:54:50.0289 5024 Impcd - ok
22:54:50.0537 5024 [ 3EDD3CE185DA3E6AAEC22ADCFD7B1D54 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:54:50.0694 5024 IntcAzAudAddService - ok
22:54:50.0841 5024 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:54:50.0951 5024 IntcDAud - ok
22:54:51.0028 5024 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:54:51.0095 5024 intelide - ok
22:54:51.0196 5024 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:54:51.0275 5024 intelppm - ok
22:54:51.0382 5024 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:54:51.0586 5024 IPBusEnum - ok
22:54:51.0698 5024 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:51.0858 5024 IpFilterDriver - ok
22:54:52.0028 5024 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:54:52.0173 5024 iphlpsvc - ok
22:54:52.0224 5024 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:54:52.0260 5024 IPMIDRV - ok
22:54:52.0317 5024 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:54:52.0424 5024 IPNAT - ok
22:54:52.0815 5024 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:54:52.0869 5024 iPod Service - ok
22:54:52.0951 5024 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:54:53.0678 5024 IRENUM - ok
22:54:53.0731 5024 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:54:53.0760 5024 isapnp - ok
22:54:53.0854 5024 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:54:53.0896 5024 iScsiPrt - ok
22:54:53.0937 5024 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:54:53.0967 5024 kbdclass - ok
22:54:54.0022 5024 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:54:54.0069 5024 kbdhid - ok
22:54:54.0084 5024 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:54:54.0113 5024 KeyIso - ok
22:54:54.0168 5024 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:54:54.0198 5024 KSecDD - ok
22:54:54.0263 5024 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:54:54.0295 5024 KSecPkg - ok
22:54:54.0359 5024 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:54:54.0483 5024 ksthunk - ok
22:54:54.0522 5024 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:54:54.0710 5024 KtmRm - ok
22:54:54.0748 5024 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
22:54:54.0778 5024 L1C - ok
22:54:54.0827 5024 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:54:54.0950 5024 LanmanServer - ok
22:54:54.0993 5024 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:54:55.0106 5024 LanmanWorkstation - ok
22:54:55.0155 5024 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:54:55.0274 5024 lltdio - ok
22:54:55.0336 5024 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:54:55.0471 5024 lltdsvc - ok
22:54:55.0513 5024 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:54:55.0608 5024 lmhosts - ok
22:54:55.0640 5024 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:54:55.0674 5024 LSI_FC - ok
22:54:55.0706 5024 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:54:55.0741 5024 LSI_SAS - ok
22:54:55.0761 5024 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:54:55.0792 5024 LSI_SAS2 - ok
22:54:55.0864 5024 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:54:55.0897 5024 LSI_SCSI - ok
22:54:55.0925 5024 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:54:56.0050 5024 luafv - ok
22:54:56.0084 5024 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:54:56.0119 5024 Mcx2Svc - ok
22:54:56.0165 5024 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:54:56.0200 5024 megasas - ok
22:54:56.0221 5024 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:54:56.0265 5024 MegaSR - ok
22:54:56.0311 5024 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:54:56.0434 5024 MMCSS - ok
22:54:56.0497 5024 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:54:56.0620 5024 Modem - ok
22:54:56.0681 5024 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:54:56.0738 5024 monitor - ok
22:54:56.0829 5024 [ EB03D4164E7F10B601D280413655ADE4 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
22:54:56.0856 5024 MotioninJoyXFilter - ok
22:54:56.0963 5024 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:54:56.0995 5024 mouclass - ok
22:54:57.0048 5024 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:54:57.0077 5024 mouhid - ok
22:54:57.0118 5024 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:54:57.0152 5024 mountmgr - ok
22:54:57.0294 5024 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:54:57.0324 5024 MozillaMaintenance - ok
22:54:57.0363 5024 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:54:57.0398 5024 mpio - ok
22:54:57.0454 5024 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:54:57.0551 5024 mpsdrv - ok
22:54:57.0650 5024 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:54:57.0797 5024 MpsSvc - ok
22:54:57.0861 5024 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:54:57.0943 5024 MRxDAV - ok
22:54:57.0987 5024 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:58.0093 5024 mrxsmb - ok
22:54:58.0176 5024 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:58.0234 5024 mrxsmb10 - ok
22:54:58.0291 5024 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:58.0320 5024 mrxsmb20 - ok
22:54:58.0362 5024 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:54:58.0390 5024 msahci - ok
22:54:58.0418 5024 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:54:58.0471 5024 msdsm - ok
22:54:58.0513 5024 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:54:58.0574 5024 MSDTC - ok
22:54:58.0673 5024 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:54:58.0772 5024 Msfs - ok
22:54:58.0791 5024 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:54:58.0921 5024 mshidkmdf - ok
22:54:58.0971 5024 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:54:58.0998 5024 msisadrv - ok
22:54:59.0108 5024 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:54:59.0260 5024 MSiSCSI - ok
22:54:59.0266 5024 msiserver - ok
22:54:59.0345 5024 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:54:59.0523 5024 MSKSSRV - ok
22:54:59.0551 5024 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:59.0693 5024 MSPCLOCK - ok
22:54:59.0742 5024 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:54:59.0867 5024 MSPQM - ok
22:54:59.0926 5024 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:54:59.0967 5024 MsRPC - ok
22:55:00.0020 5024 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:55:00.0052 5024 mssmbios - ok
22:55:00.0132 5024 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:55:00.0265 5024 MSTEE - ok
22:55:00.0332 5024 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:55:00.0408 5024 MTConfig - ok
22:55:00.0489 5024 [ A523D9F6AEB152C4480D754DF7FA9F7F ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
22:55:00.0551 5024 MTsensor - ok
22:55:00.0586 5024 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:55:00.0615 5024 Mup - ok
22:55:00.0688 5024 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:55:00.0830 5024 napagent - ok
22:55:00.0949 5024 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:55:01.0024 5024 NativeWifiP - ok
22:55:01.0264 5024 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:55:01.0332 5024 NDIS - ok
22:55:01.0411 5024 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:55:01.0563 5024 NdisCap - ok
22:55:01.0601 5024 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:55:01.0701 5024 NdisTapi - ok
22:55:01.0746 5024 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:55:01.0876 5024 Ndisuio - ok
22:55:01.0929 5024 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:55:02.0041 5024 NdisWan - ok
22:55:02.0101 5024 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:55:02.0194 5024 NDProxy - ok
22:55:02.0226 5024 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:55:02.0344 5024 NetBIOS - ok
22:55:02.0391 5024 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:55:02.0490 5024 NetBT - ok
22:55:02.0507 5024 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:55:02.0535 5024 Netlogon - ok
22:55:02.0587 5024 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:55:02.0707 5024 Netman - ok
22:55:02.0747 5024 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:55:02.0874 5024 netprofm - ok
22:55:02.0914 5024 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:55:02.0941 5024 NetTcpPortSharing - ok
22:55:02.0989 5024 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:55:03.0019 5024 nfrd960 - ok
22:55:03.0045 5024 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:55:03.0102 5024 NlaSvc - ok
22:55:03.0126 5024 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:55:03.0222 5024 Npfs - ok
22:55:03.0260 5024 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:55:03.0357 5024 nsi - ok
22:55:03.0398 5024 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:55:03.0514 5024 nsiproxy - ok
22:55:03.0599 5024 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:55:03.0692 5024 Ntfs - ok
22:55:03.0714 5024 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:55:03.0808 5024 Null - ok
22:55:04.0191 5024 [ 573B0941A37AEBEE96085D56A103F57B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:55:04.0726 5024 nvlddmkm - ok
22:55:04.0753 5024 [ 43AF7EBEAC2AB623468E32CADDCB61A4 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
22:55:04.0772 5024 nvpciflt - ok
22:55:04.0823 5024 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:55:04.0858 5024 nvraid - ok
22:55:04.0871 5024 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:55:04.0905 5024 nvstor - ok
22:55:04.0969 5024 [ C500760572C6059918FB0C960967695B ] NVSvc C:\Windows\system32\nvvsvc.exe
22:55:05.0031 5024 NVSvc - ok
22:55:05.0143 5024 [ F28169A7ADF7B41809CF92D369E744F0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:55:05.0242 5024 nvUpdatusService - ok
22:55:05.0260 5024 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:55:05.0293 5024 nv_agp - ok
22:55:05.0340 5024 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:55:05.0372 5024 ohci1394 - ok
22:55:05.0413 5024 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:55:05.0444 5024 ose64 - ok
22:55:05.0658 5024 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:55:05.0976 5024 osppsvc - ok
22:55:06.0011 5024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:55:06.0076 5024 p2pimsvc - ok
22:55:06.0122 5024 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:55:06.0166 5024 p2psvc - ok
22:55:06.0202 5024 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:55:06.0235 5024 Parport - ok
22:55:06.0269 5024 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:55:06.0299 5024 partmgr - ok
22:55:06.0326 5024 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:55:06.0392 5024 PcaSvc - ok
22:55:06.0432 5024 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:55:06.0453 5024 pci - ok
22:55:06.0500 5024 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:55:06.0530 5024 pciide - ok
22:55:06.0545 5024 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:55:06.0584 5024 pcmcia - ok
22:55:06.0613 5024 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:55:06.0642 5024 pcw - ok
22:55:06.0685 5024 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:55:06.0816 5024 PEAUTH - ok
22:55:06.0887 5024 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:55:07.0002 5024 PeerDistSvc - ok
22:55:07.0107 5024 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:55:07.0158 5024 PerfHost - ok
22:55:07.0248 5024 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:55:07.0424 5024 pla - ok
22:55:07.0469 5024 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:55:07.0524 5024 PlugPlay - ok
22:55:07.0572 5024 [ FE74BA87CDAA80AC9261F49167F0608A ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
22:55:07.0668 5024 pneteth - ok
22:55:07.0708 5024 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:55:07.0769 5024 PNRPAutoReg - ok
22:55:07.0810 5024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:55:07.0847 5024 PNRPsvc - ok
22:55:07.0895 5024 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:55:08.0016 5024 PolicyAgent - ok
22:55:08.0067 5024 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:55:08.0192 5024 Power - ok
22:55:08.0247 5024 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:55:08.0366 5024 PptpMiniport - ok
22:55:08.0395 5024 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:55:08.0449 5024 Processor - ok
22:55:08.0506 5024 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:55:08.0543 5024 ProfSvc - ok
22:55:08.0562 5024 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:55:08.0591 5024 ProtectedStorage - ok
22:55:08.0643 5024 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:55:08.0763 5024 Psched - ok
22:55:08.0822 5024 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:55:08.0937 5024 ql2300 - ok
22:55:08.0966 5024 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:55:08.0999 5024 ql40xx - ok
22:55:09.0033 5024 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:55:09.0082 5024 QWAVE - ok
22:55:09.0097 5024 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:55:09.0166 5024 QWAVEdrv - ok
22:55:09.0190 5024 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:55:09.0306 5024 RasAcd - ok
22:55:09.0344 5024 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:55:09.0441 5024 RasAgileVpn - ok
22:55:09.0462 5024 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:55:09.0576 5024 RasAuto - ok
22:55:09.0617 5024 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:55:09.0735 5024 Rasl2tp - ok
22:55:09.0787 5024 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:55:09.0890 5024 RasMan - ok
22:55:09.0922 5024 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:55:10.0037 5024 RasPppoe - ok
22:55:10.0058 5024 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:55:10.0167 5024 RasSstp - ok
22:55:10.0228 5024 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:55:10.0344 5024 rdbss - ok
22:55:10.0368 5024 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:55:10.0432 5024 rdpbus - ok
22:55:10.0458 5024 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:55:10.0567 5024 RDPCDD - ok
22:55:10.0612 5024 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:55:10.0647 5024 RDPDR - ok
22:55:10.0667 5024 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:55:10.0783 5024 RDPENCDD - ok
22:55:10.0793 5024 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:55:10.0890 5024 RDPREFMP - ok
22:55:10.0929 5024 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:55:10.0982 5024 RDPWD - ok
22:55:11.0037 5024 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:55:11.0074 5024 rdyboost - ok
22:55:11.0107 5024 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:55:11.0223 5024 RemoteAccess - ok
22:55:11.0255 5024 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:55:11.0378 5024 RemoteRegistry - ok
22:55:11.0430 5024 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:55:11.0490 5024 RFCOMM - ok
22:55:11.0538 5024 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:55:11.0638 5024 RpcEptMapper - ok
22:55:11.0663 5024 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:55:11.0717 5024 RpcLocator - ok
22:55:11.0769 5024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:55:11.0877 5024 RpcSs - ok
22:55:11.0925 5024 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:55:12.0021 5024 rspndr - ok
22:55:12.0059 5024 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:55:12.0111 5024 s3cap - ok
22:55:12.0139 5024 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:55:12.0168 5024 SamSs - ok
22:55:12.0214 5024 [ CDB954C736D51DC5FA712C039AF4F683 ] SbFw C:\Windows\system32\drivers\SbFw.sys
22:55:12.0247 5024 SbFw - ok
22:55:12.0262 5024 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
22:55:12.0286 5024 SBFWIMCL - ok
22:55:12.0313 5024 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
22:55:12.0336 5024 SBFWIMCLMP - ok
22:55:12.0362 5024 [ A5BC45F8C2F30350E7566799C86B2F5D ] sbhips C:\Windows\system32\drivers\sbhips.sys
22:55:12.0385 5024 sbhips - ok
22:55:12.0422 5024 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:55:12.0454 5024 sbp2port - ok
22:55:12.0464 5024 SBRE - ok
22:55:12.0495 5024 [ F9955774A6BF0A5CA696F591C7B80A79 ] SbTis C:\Windows\system32\drivers\sbtis.sys
22:55:12.0518 5024 SbTis - ok
22:55:12.0553 5024 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:55:12.0662 5024 SCardSvr - ok
22:55:12.0705 5024 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:55:12.0824 5024 scfilter - ok
22:55:12.0888 5024 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:55:13.0014 5024 Schedule - ok
22:55:13.0051 5024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:55:13.0146 5024 SCPolicySvc - ok
22:55:13.0175 5024 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:55:13.0235 5024 SDRSVC - ok
22:55:13.0271 5024 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:55:13.0380 5024 secdrv - ok
22:55:13.0419 5024 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:55:13.0515 5024 seclogon - ok
22:55:13.0544 5024 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:55:13.0659 5024 SENS - ok
22:55:13.0683 5024 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:55:13.0735 5024 SensrSvc - ok
22:55:13.0758 5024 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:55:13.0812 5024 Serenum - ok
22:55:13.0863 5024 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:55:13.0896 5024 Serial - ok
22:55:13.0915 5024 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:55:13.0964 5024 sermouse - ok
22:55:14.0009 5024 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:55:14.0132 5024 SessionEnv - ok
22:55:14.0166 5024 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:55:14.0219 5024 sffdisk - ok
22:55:14.0249 5024 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:55:14.0293 5024 sffp_mmc - ok
22:55:14.0300 5024 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:55:14.0352 5024 sffp_sd - ok
22:55:14.0385 5024 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:55:14.0416 5024 sfloppy - ok
22:55:14.0464 5024 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:55:14.0569 5024 SharedAccess - ok
22:55:14.0616 5024 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:55:14.0738 5024 ShellHWDetection - ok
22:55:14.0798 5024 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:55:14.0829 5024 SiSRaid2 - ok
22:55:14.0848 5024 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:55:14.0879 5024 SiSRaid4 - ok
22:55:14.0904 5024 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:55:15.0024 5024 Smb - ok
22:55:15.0079 5024 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:55:15.0130 5024 SNMPTRAP - ok
22:55:15.0161 5024 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:55:15.0187 5024 spldr - ok
22:55:15.0239 5024 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:55:15.0284 5024 Spooler - ok
22:55:15.0417 5024 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:55:15.0624 5024 sppsvc - ok
22:55:15.0661 5024 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:55:15.0783 5024 sppuinotify - ok
22:55:15.0817 5024 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:55:15.0896 5024 srv - ok
22:55:15.0931 5024 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:55:15.0982 5024 srv2 - ok
22:55:16.0016 5024 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:55:16.0067 5024 srvnet - ok
22:55:16.0128 5024 [ 7525E8CC3F60CCEF004BB8C3408B8AD4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
22:55:16.0169 5024 ssadbus ( UnsignedFile.Multi.Generic ) - warning
22:55:16.0169 5024 ssadbus - detected UnsignedFile.Multi.Generic (1)
22:55:16.0220 5024 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:55:16.0340 5024 SSDPSRV - ok
22:55:16.0369 5024 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:55:16.0468 5024 SstpSvc - ok
22:55:16.0495 5024 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:55:16.0523 5024 stexstor - ok
22:55:16.0572 5024 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:55:16.0633 5024 stisvc - ok
22:55:16.0682 5024 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:55:16.0711 5024 storflt - ok
22:55:16.0746 5024 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:55:16.0775 5024 StorSvc - ok
22:55:16.0790 5024 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:55:16.0820 5024 storvsc - ok
22:55:16.0868 5024 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:55:16.0896 5024 swenum - ok
22:55:16.0935 5024 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:55:17.0072 5024 swprv - ok
22:55:17.0160 5024 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:55:17.0274 5024 SysMain - ok
22:55:17.0311 5024 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:55:17.0360 5024 TabletInputService - ok
22:55:17.0402 5024 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:55:17.0521 5024 TapiSrv - ok
22:55:17.0569 5024 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:55:17.0668 5024 TBS - ok
22:55:17.0758 5024 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:55:17.0863 5024 Tcpip - ok
22:55:17.0936 5024 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:55:18.0026 5024 TCPIP6 - ok
22:55:18.0073 5024 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:55:18.0120 5024 tcpipreg - ok
22:55:18.0166 5024 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:55:18.0222 5024 TDPIPE - ok
22:55:18.0261 5024 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:55:18.0307 5024 TDTCP - ok
22:55:18.0377 5024 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:55:18.0470 5024 tdx - ok
22:55:18.0505 5024 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:55:18.0534 5024 TermDD - ok
22:55:18.0595 5024 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:55:18.0732 5024 TermService - ok
22:55:18.0765 5024 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:55:18.0808 5024 Themes - ok
22:55:18.0855 5024 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:55:18.0959 5024 THREADORDER - ok
22:55:18.0995 5024 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:55:19.0107 5024 TrkWks - ok
22:55:19.0189 5024 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:55:19.0288 5024 TrustedInstaller - ok
22:55:19.0324 5024 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:55:19.0443 5024 tssecsrv - ok
22:55:19.0502 5024 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:55:19.0532 5024 TsUsbFlt - ok
22:55:19.0596 5024 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:55:19.0719 5024 tunnel - ok
22:55:19.0753 5024 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:55:19.0783 5024 uagp35 - ok
22:55:19.0823 5024 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:55:19.0946 5024 udfs - ok
22:55:19.0989 5024 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:55:20.0024 5024 UI0Detect - ok
22:55:20.0059 5024 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:55:20.0091 5024 uliagpkx - ok
22:55:20.0131 5024 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:55:20.0192 5024 umbus - ok
22:55:20.0227 5024 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:55:20.0277 5024 UmPass - ok
22:55:20.0321 5024 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:55:20.0376 5024 UmRdpService - ok
22:55:20.0423 5024 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:55:20.0552 5024 upnphost - ok
22:55:20.0610 5024 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:55:20.0692 5024 USBAAPL64 - ok
22:55:20.0764 5024 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:55:20.0825 5024 usbaudio - ok
22:55:20.0873 5024 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:55:20.0904 5024 usbccgp - ok
22:55:20.0962 5024 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:55:21.0003 5024 usbcir - ok
22:55:21.0024 5024 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:55:21.0071 5024 usbehci - ok
22:55:21.0131 5024 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:55:21.0185 5024 usbhub - ok
22:55:21.0216 5024 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:55:21.0269 5024 usbohci - ok
22:55:21.0318 5024 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:55:21.0374 5024 usbprint - ok
22:55:21.0441 5024 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:55:21.0505 5024 usbscan - ok
22:55:21.0545 5024 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:55:21.0576 5024 USBSTOR - ok
22:55:21.0619 5024 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:55:21.0676 5024 usbuhci - ok
22:55:21.0734 5024 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:55:21.0776 5024 usbvideo - ok
22:55:21.0807 5024 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:55:21.0930 5024 UxSms - ok
22:55:21.0951 5024 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:55:21.0979 5024 VaultSvc - ok
22:55:22.0029 5024 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:55:22.0057 5024 vdrvroot - ok
22:55:22.0112 5024 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:55:22.0228 5024 vds - ok
22:55:22.0254 5024 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:55:22.0291 5024 vga - ok
22:55:22.0308 5024 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:55:22.0426 5024 VgaSave - ok
22:55:22.0467 5024 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:55:22.0504 5024 vhdmp - ok
22:55:22.0539 5024 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:55:22.0569 5024 viaide - ok
22:55:22.0604 5024 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:55:22.0640 5024 vmbus - ok
22:55:22.0656 5024 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:55:22.0705 5024 VMBusHID - ok
22:55:22.0746 5024 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:55:22.0776 5024 volmgr - ok
22:55:22.0828 5024 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:55:22.0869 5024 volmgrx - ok
22:55:22.0895 5024 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:55:22.0934 5024 volsnap - ok
22:55:22.0982 5024 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:55:23.0017 5024 vsmraid - ok
22:55:23.0089 5024 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:55:23.0278 5024 VSS - ok
22:55:23.0441 5024 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
22:55:23.0493 5024 vToolbarUpdater13.2.0 - ok
22:55:23.0511 5024 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:55:23.0574 5024 vwifibus - ok
22:55:23.0603 5024 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:55:23.0674 5024 vwififlt - ok
22:55:23.0720 5024 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:55:23.0761 5024 vwifimp - ok
22:55:23.0803 5024 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:55:23.0912 5024 W32Time - ok
22:55:23.0942 5024 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:55:23.0980 5024 WacomPen - ok
22:55:24.0027 5024 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:55:24.0145 5024 WANARP - ok
22:55:24.0151 5024 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:55:24.0245 5024 Wanarpv6 - ok
22:55:24.0340 5024 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:55:24.0447 5024 WatAdminSvc - ok
22:55:24.0519 5024 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:55:24.0647 5024 wbengine - ok
22:55:24.0690 5024 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:55:24.0740 5024 WbioSrvc - ok
22:55:24.0792 5024 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:55:24.0867 5024 wcncsvc - ok
22:55:24.0899 5024 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:55:24.0931 5024 WcsPlugInService - ok
22:55:24.0969 5024 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:55:24.0998 5024 Wd - ok
22:55:25.0059 5024 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:55:25.0120 5024 Wdf01000 - ok
22:55:25.0136 5024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:55:25.0210 5024 WdiServiceHost - ok
22:55:25.0216 5024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:55:25.0264 5024 WdiSystemHost - ok
22:55:25.0304 5024 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:55:25.0374 5024 WebClient - ok
22:55:25.0416 5024 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:55:25.0538 5024 Wecsvc - ok
22:55:25.0569 5024 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:55:25.0666 5024 wercplsupport - ok
22:55:25.0706 5024 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:55:25.0820 5024 WerSvc - ok
22:55:25.0879 5024 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:55:25.0972 5024 WfpLwf - ok
22:55:25.0991 5024 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:55:26.0019 5024 WIMMount - ok
22:55:26.0047 5024 WinDefend - ok
22:55:26.0056 5024 WinHttpAutoProxySvc - ok
22:55:26.0124 5024 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:55:26.0242 5024 Winmgmt - ok
22:55:26.0327 5024 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:55:26.0529 5024 WinRM - ok
22:55:26.0631 5024 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
22:55:26.0670 5024 WinUSB - ok
22:55:26.0724 5024 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:55:26.0789 5024 Wlansvc - ok
22:55:26.0832 5024 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:55:26.0887 5024 WmiAcpi - ok
22:55:26.0926 5024 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:55:26.0979 5024 wmiApSrv - ok
22:55:27.0026 5024 WMPNetworkSvc - ok
22:55:27.0055 5024 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:55:27.0086 5024 WPCSvc - ok
22:55:27.0126 5024 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:55:27.0164 5024 WPDBusEnum - ok
22:55:27.0192 5024 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:55:27.0287 5024 ws2ifsl - ok
22:55:27.0299 5024 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:55:27.0364 5024 wscsvc - ok
22:55:27.0370 5024 WSearch - ok
22:55:27.0484 5024 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:55:27.0611 5024 wuauserv - ok
22:55:27.0649 5024 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:55:27.0714 5024 WudfPf - ok
22:55:27.0758 5024 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:55:27.0790 5024 WUDFRd - ok
22:55:27.0812 5024 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:55:27.0875 5024 wudfsvc - ok
22:55:27.0917 5024 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:55:27.0988 5024 WwanSvc - ok
22:55:28.0034 5024 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:55:28.0061 5024 xusb21 - ok
22:55:28.0149 5024 ================ Scan global ===============================
22:55:28.0174 5024 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:55:28.0221 5024 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:55:28.0235 5024 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:55:28.0262 5024 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:55:28.0296 5024 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:55:28.0303 5024 [Global] - ok
22:55:28.0304 5024 ================ Scan MBR ==================================
22:55:28.0311 5024 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:55:28.0703 5024 \Device\Harddisk0\DR0 - ok
22:55:28.0705 5024 ================ Scan VBR ==================================
22:55:28.0707 5024 [ E4D63F4402F83EA64DFFD87219B51C61 ] \Device\Harddisk0\DR0\Partition1
22:55:28.0710 5024 \Device\Harddisk0\DR0\Partition1 - ok
22:55:28.0746 5024 [ 7C1586691361AE0109C45FA1789D9E09 ] \Device\Harddisk0\DR0\Partition2
22:55:28.0749 5024 \Device\Harddisk0\DR0\Partition2 - ok
22:55:28.0750 5024 ================ Scan active images ========================
22:55:28.0755 5024 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
22:55:28.0755 5024 C:\Windows\System32\drivers\crashdmp.sys - ok
22:55:28.0763 5024 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
22:55:28.0763 5024 C:\Windows\System32\drivers\Dumpata.sys - ok
22:55:28.0770 5024 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
22:55:28.0770 5024 C:\Windows\System32\drivers\dumpfve.sys - ok
22:55:28.0778 5024 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] C:\Windows\System32\drivers\msahci.sys
22:55:28.0778 5024 C:\Windows\System32\drivers\msahci.sys - ok
22:55:28.0786 5024 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
22:55:28.0786 5024 C:\Windows\System32\drivers\cdrom.sys - ok
22:55:28.0794 5024 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] C:\Windows\System32\drivers\avgmfx64.sys
22:55:28.0794 5024 C:\Windows\System32\drivers\avgmfx64.sys - ok
22:55:28.0802 5024 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
22:55:28.0802 5024 C:\Windows\System32\drivers\beep.sys - ok
22:55:28.0810 5024 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
22:55:28.0810 5024 C:\Windows\System32\drivers\null.sys - ok
22:55:28.0818 5024 [ 371428CF0F71934CB0F2344823ADFA32 ] C:\Windows\System32\drivers\avgtpx64.sys
22:55:28.0818 5024 C:\Windows\System32\drivers\avgtpx64.sys - ok
22:55:28.0826 5024 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
22:55:28.0827 5024 C:\Windows\System32\drivers\RDPCDD.sys - ok
22:55:28.0835 5024 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
22:55:28.0835 5024 C:\Windows\System32\drivers\vga.sys - ok
22:55:28.0843 5024 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
22:55:28.0843 5024 C:\Windows\System32\drivers\videoprt.sys - ok
22:55:28.0851 5024 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
22:55:28.0851 5024 C:\Windows\System32\drivers\watchdog.sys - ok
22:55:28.0859 5024 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
22:55:28.0859 5024 C:\Windows\System32\drivers\RDPENCDD.sys - ok
22:55:28.0867 5024 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
22:55:28.0867 5024 C:\Windows\System32\drivers\RDPREFMP.sys - ok
22:55:28.0875 5024 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
22:55:28.0875 5024 C:\Windows\System32\drivers\msfs.sys - ok
22:55:28.0884 5024 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
22:55:28.0884 5024 C:\Windows\System32\drivers\npfs.sys - ok
22:55:28.0891 5024 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
22:55:28.0891 5024 C:\Windows\System32\drivers\tdi.sys - ok
22:55:28.0899 5024 [ F8C3C7ED612A41B05C66358FC9786BFD ] C:\Windows\System32\drivers\avgtdia.sys
22:55:28.0899 5024 C:\Windows\System32\drivers\avgtdia.sys - ok
22:55:28.0907 5024 [ CDB954C736D51DC5FA712C039AF4F683 ] C:\Windows\System32\drivers\SbFw.sys
22:55:28.0907 5024 C:\Windows\System32\drivers\SbFw.sys - ok
22:55:28.0915 5024 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
22:55:28.0915 5024 C:\Windows\System32\drivers\tdx.sys - ok
22:55:28.0924 5024 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
22:55:28.0924 5024 C:\Windows\System32\drivers\netbt.sys - ok
22:55:28.0932 5024 [ F9955774A6BF0A5CA696F591C7B80A79 ] C:\Windows\System32\drivers\sbtis.sys
22:55:28.0932 5024 C:\Windows\System32\drivers\sbtis.sys - ok
22:55:28.0940 5024 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
22:55:28.0940 5024 C:\Windows\System32\drivers\afd.sys - ok
22:55:28.0948 5024 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
22:55:28.0948 5024 C:\Windows\System32\drivers\netbios.sys - ok
22:55:28.0956 5024 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
22:55:28.0956 5024 C:\Windows\System32\drivers\pacer.sys - ok
22:55:28.0961 5024 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
22:55:28.0961 5024 C:\Windows\System32\drivers\vwififlt.sys - ok
22:55:28.0970 5024 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
22:55:28.0970 5024 C:\Windows\System32\drivers\wanarp.sys - ok
22:55:28.0977 5024 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
22:55:28.0977 5024 C:\Windows\System32\drivers\wfplwf.sys - ok
22:55:28.0985 5024 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
22:55:28.0985 5024 C:\Windows\System32\drivers\discache.sys - ok
22:55:28.0994 5024 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
22:55:28.0994 5024 C:\Windows\System32\drivers\mssmbios.sys - ok
22:55:29.0002 5024 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
22:55:29.0002 5024 C:\Windows\System32\drivers\nsiproxy.sys - ok
22:55:29.0009 5024 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
22:55:29.0009 5024 C:\Windows\System32\drivers\rdbss.sys - ok
22:55:29.0017 5024 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
22:55:29.0018 5024 C:\Windows\System32\drivers\termdd.sys - ok
22:55:29.0025 5024 [ 221FEBAB02D6C97C95558348CC354A85 ] C:\Windows\System32\drivers\avgldx64.sys
22:55:29.0026 5024 C:\Windows\System32\drivers\avgldx64.sys - ok
22:55:29.0033 5024 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
22:55:29.0034 5024 C:\Windows\System32\drivers\blbdrive.sys - ok
22:55:29.0041 5024 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys
22:55:29.0041 5024 C:\Windows\System32\drivers\csc.sys - ok
22:55:29.0049 5024 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
22:55:29.0049 5024 C:\Windows\System32\drivers\dfsc.sys - ok
22:55:29.0057 5024 [ 1E8D0E318D3F17B2EAAF993DB20C76F0 ] C:\Windows\System32\drivers\easytthr.sys
22:55:29.0058 5024 C:\Windows\System32\drivers\easytthr.sys - ok
22:55:29.0066 5024 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
22:55:29.0066 5024 C:\Windows\System32\drivers\tunnel.sys - ok
22:55:29.0073 5024 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
22:55:29.0073 5024 C:\Windows\System32\ntdll.dll - ok
22:55:29.0081 5024 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
22:55:29.0081 5024 C:\Windows\System32\smss.exe - ok
22:55:29.0089 5024 [ 573B0941A37AEBEE96085D56A103F57B ] C:\Windows\System32\drivers\nvlddmkm.sys
22:55:29.0089 5024 C:\Windows\System32\drivers\nvlddmkm.sys - ok
22:55:29.0097 5024 [ 53883A0057063F9695475186A81BF001 ] C:\Windows\System32\drivers\nvBridge.kmd
22:55:29.0097 5024 C:\Windows\System32\drivers\nvBridge.kmd - ok
22:55:29.0105 5024 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
22:55:29.0105 5024 C:\Windows\System32\drivers\dxgkrnl.sys - ok
22:55:29.0113 5024 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
22:55:29.0113 5024 C:\Windows\System32\drivers\dxgmms1.sys - ok
22:55:29.0121 5024 [ 677AA5991026A65ADA128C4B59CF2BAD ] C:\Windows\System32\drivers\igdkmd64.sys
22:55:29.0121 5024 C:\Windows\System32\drivers\igdkmd64.sys - ok
22:55:29.0129 5024 [ B6AC71AAA2B10848F57FC49D55A651AF ] C:\Windows\System32\drivers\HECIx64.sys
22:55:29.0129 5024 C:\Windows\System32\drivers\HECIx64.sys - ok
22:55:29.0137 5024 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
22:55:29.0137 5024 C:\Windows\System32\drivers\usbehci.sys - ok
22:55:29.0144 5024 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
22:55:29.0145 5024 C:\Windows\System32\drivers\usbport.sys - ok
22:55:29.0152 5024 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
22:55:29.0153 5024 C:\Windows\System32\drivers\hdaudbus.sys - ok
22:55:29.0160 5024 [ A5E770426D18F8EF332A593F3289DA91 ] C:\Windows\System32\drivers\athrx.sys
22:55:29.0160 5024 C:\Windows\System32\drivers\athrx.sys - ok
22:55:29.0168 5024 [ 033B4AED2C5519072C0D81E00804D003 ] C:\Windows\System32\drivers\L1C62x64.sys
22:55:29.0168 5024 C:\Windows\System32\drivers\L1C62x64.sys - ok
22:55:29.0176 5024 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
22:55:29.0176 5024 C:\Windows\System32\drivers\vwifibus.sys - ok
22:55:29.0185 5024 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
22:55:29.0185 5024 C:\Windows\System32\drivers\i8042prt.sys - ok
22:55:29.0193 5024 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
22:55:29.0193 5024 C:\Windows\System32\drivers\mouclass.sys - ok
22:55:29.0201 5024 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
22:55:29.0202 5024 C:\Windows\System32\drivers\kbdclass.sys - ok
22:55:29.0210 5024 [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
22:55:29.0210 5024 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
22:55:29.0215 5024 [ DD587A55390ED2295BCE6D36AD567DA9 ] C:\Windows\System32\drivers\Impcd.sys
22:55:29.0215 5024 C:\Windows\System32\drivers\Impcd.sys - ok
22:55:29.0224 5024 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
22:55:29.0224 5024 C:\Windows\System32\drivers\CmBatt.sys - ok
22:55:29.0232 5024 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
22:55:29.0232 5024 C:\Windows\System32\drivers\wmiacpi.sys - ok
22:55:29.0239 5024 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
22:55:29.0240 5024 C:\Windows\System32\drivers\intelppm.sys - ok
22:55:29.0248 5024 [ A523D9F6AEB152C4480D754DF7FA9F7F ] C:\Windows\System32\drivers\ATK64AMD.sys
22:55:29.0248 5024 C:\Windows\System32\drivers\ATK64AMD.sys - ok
22:55:29.0256 5024 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
22:55:29.0256 5024 C:\Windows\System32\drivers\CompositeBus.sys - ok
22:55:29.0264 5024 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] C:\Windows\System32\drivers\dne64x.sys
22:55:29.0264 5024 C:\Windows\System32\drivers\dne64x.sys - ok
22:55:29.0272 5024 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
22:55:29.0272 5024 C:\Windows\System32\drivers\agilevpn.sys - ok
22:55:29.0280 5024 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
22:55:29.0280 5024 C:\Windows\System32\drivers\rasl2tp.sys - ok
22:55:29.0288 5024 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
22:55:29.0288 5024 C:\Windows\System32\drivers\ndistapi.sys - ok
22:55:29.0297 5024 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
22:55:29.0297 5024 C:\Windows\System32\drivers\ndiswan.sys - ok
22:55:29.0304 5024 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
22:55:29.0304 5024 C:\Windows\System32\drivers\raspppoe.sys - ok
22:55:29.0312 5024 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
22:55:29.0312 5024 C:\Windows\System32\drivers\raspptp.sys - ok
22:55:29.0320 5024 [ FE74BA87CDAA80AC9261F49167F0608A ] C:\Windows\System32\drivers\pneteth.sys
22:55:29.0320 5024 C:\Windows\System32\drivers\pneteth.sys - ok
22:55:29.0329 5024 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
22:55:29.0329 5024 C:\Windows\System32\drivers\rassstp.sys - ok
22:55:29.0336 5024 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
22:55:29.0336 5024 C:\Windows\System32\drivers\rdpbus.sys - ok
22:55:29.0344 5024 [ 5DE22E3CB6140213DA2E0599B08D525C ] C:\Windows\System32\drivers\SbFwIm.sys
22:55:29.0344 5024 C:\Windows\System32\drivers\SbFwIm.sys - ok
22:55:29.0352 5024 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
22:55:29.0352 5024 C:\Windows\System32\drivers\ks.sys - ok
22:55:29.0359 5024 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
22:55:29.0360 5024 C:\Windows\System32\drivers\swenum.sys - ok
22:55:29.0368 5024 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
22:55:29.0368 5024 C:\Windows\System32\drivers\umbus.sys - ok
22:55:29.0375 5024 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
22:55:29.0375 5024 C:\Windows\System32\drivers\usbhub.sys - ok
22:55:29.0384 5024 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
22:55:29.0384 5024 C:\Windows\System32\drivers\ndproxy.sys - ok
22:55:29.0391 5024 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
22:55:29.0391 5024 C:\Windows\System32\drivers\drmk.sys - ok
22:55:29.0402 5024 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
22:55:29.0402 5024 C:\Windows\System32\drivers\portcls.sys - ok
22:55:29.0408 5024 [ 3EDD3CE185DA3E6AAEC22ADCFD7B1D54 ] C:\Windows\System32\drivers\RTKVHD64.sys
22:55:29.0408 5024 C:\Windows\System32\drivers\RTKVHD64.sys - ok
22:55:29.0416 5024 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
22:55:29.0416 5024 C:\Windows\System32\drivers\ksthunk.sys - ok
22:55:29.0425 5024 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] C:\Windows\System32\drivers\IntcDAud.sys
22:55:29.0425 5024 C:\Windows\System32\drivers\IntcDAud.sys - ok
22:55:29.0433 5024 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
22:55:29.0433 5024 C:\Windows\System32\autochk.exe - ok
22:55:29.0441 5024 [ 072D294B9005F9AA1D03B7EBFA981344 ] C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
22:55:29.0441 5024 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe - ok
22:55:29.0449 5024 [ F108BD69365EFC749C7E5F8BBEB51E3B ] C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll
22:55:29.0449 5024 C:\Program Files (x86)\AVG\AVG2012\avgsysa.dll - ok
22:55:29.0458 5024 [ 863D56F63D254EBE27589893688CA8B3 ] C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll
22:55:29.0458 5024 C:\Program Files (x86)\AVG\AVG2012\avgntopenssla.dll - ok
22:55:29.0466 5024 [ 67165D5818A872A7F01047771AA81FC9 ] C:\Program Files (x86)\AVG\AVG2012\avgloga.dll
22:55:29.0466 5024 C:\Program Files (x86)\AVG\AVG2012\avgloga.dll - ok
22:55:29.0472 5024 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
22:55:29.0472 5024 C:\Windows\System32\drivers\usbccgp.sys - ok
22:55:29.0480 5024 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
22:55:29.0480 5024 C:\Windows\System32\drivers\usbd.sys - ok
22:55:29.0488 5024 [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
22:55:29.0488 5024 C:\Windows\System32\drivers\usbvideo.sys - ok
22:55:29.0496 5024 [ EB03D4164E7F10B601D280413655ADE4 ] C:\Windows\System32\drivers\MijXfilt.sys
22:55:29.0496 5024 C:\Windows\System32\drivers\MijXfilt.sys - ok
22:55:29.0504 5024 [ 9176C0822FAA649E45121875BE32F5D2 ] C:\Windows\System32\drivers\xusb21.sys
22:55:29.0504 5024 C:\Windows\System32\drivers\xusb21.sys - ok
22:55:29.0512 5024 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
22:55:29.0512 5024 C:\Windows\System32\drivers\hidclass.sys - ok
22:55:29.0520 5024 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
22:55:29.0520 5024 C:\Windows\System32\drivers\hidparse.sys - ok
22:55:29.0528 5024 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
22:55:29.0528 5024 C:\Windows\System32\drivers\hidusb.sys - ok
22:55:29.0537 5024 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
22:55:29.0537 5024 C:\Windows\System32\drivers\mouhid.sys - ok
22:55:29.0546 5024 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
22:55:29.0546 5024 C:\Windows\System32\drivers\kbdhid.sys - ok
22:55:29.0553 5024 [ 0C9456994D087498B4B12DB6DE02779C ] C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll
22:55:29.0553 5024 C:\PROGRA~2\AVG\AVG2012\avgchjwa.dll - ok
22:55:29.0562 5024 [ 2A4C9B21AEE9B53DD086B3AFBD251514 ] C:\PROGRA~2\AVG\AVG2012\avgclita.dll
22:55:29.0562 5024 C:\PROGRA~2\AVG\AVG2012\avgclita.dll - ok
22:55:29.0569 5024 [ 80DDC9151BFDF260AC4441A2F3943A04 ] C:\PROGRA~2\AVG\AVG2012\avgcclia.dll
22:55:29.0569 5024 C:\PROGRA~2\AVG\AVG2012\avgcclia.dll - ok
22:55:29.0577 5024 [ B96E3E543675039FC93D14EDF627231A ] C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
22:55:29.0578 5024 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe - ok
22:55:29.0585 5024 [ ACB7D94F0144EFD4FB3946F342D3594D ] C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll
22:55:29.0585 5024 C:\Program Files (x86)\AVG\AVG2012\avgcorea.dll - ok
22:55:29.0593 5024 [ 747601D47721AD1DE22CFFB4F912203D ] C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll
22:55:29.0593 5024 C:\Program Files (x86)\AVG\AVG2012\avgcerta.dll - ok
22:55:29.0601 5024 [ D64B112ECC7230808829A7BE86DCE8E3 ] C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll
22:55:29.0601 5024 C:\Program Files (x86)\AVG\AVG2012\avgchcla.dll - ok
22:55:29.0609 5024 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
22:55:29.0609 5024 C:\Windows\System32\Wldap32.dll - ok
22:55:29.0617 5024 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
22:55:29.0617 5024 C:\Windows\System32\gdi32.dll - ok
22:55:29.0627 5024 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
22:55:29.0627 5024 C:\Windows\System32\sechost.dll - ok
22:55:29.0634 5024 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
22:55:29.0634 5024 C:\Windows\System32\advapi32.dll - ok
22:55:29.0642 5024 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
22:55:29.0642 5024 C:\Windows\System32\normaliz.dll - ok
22:55:29.0650 5024 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
22:55:29.0650 5024 C:\Windows\System32\ws2_32.dll - ok
22:55:29.0658 5024 [ A19DB004D954BBC9C4EC125711E1D1C2 ] C:\Windows\System32\wininet.dll
22:55:29.0658 5024 C:\Windows\System32\wininet.dll - ok
22:55:29.0667 5024 [ EAF41CFBA5281834CBC383C710AC7965 ] C:\Windows\System32\kernel32.dll
22:55:29.0667 5024 C:\Windows\System32\kernel32.dll - ok
22:55:29.0674 5024 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
22:55:29.0674 5024 C:\Windows\System32\user32.dll - ok
22:55:29.0683 5024 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
22:55:29.0683 5024 C:\Windows\System32\clbcatq.dll - ok
22:55:29.0691 5024 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
22:55:29.0691 5024 C:\Windows\System32\ole32.dll - ok
22:55:29.0699 5024 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
22:55:29.0699 5024 C:\Windows\System32\comdlg32.dll - ok
22:55:29.0707 5024 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
22:55:29.0707 5024 C:\Windows\System32\msvcrt.dll - ok
22:55:29.0715 5024 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
22:55:29.0715 5024 C:\Windows\System32\usp10.dll - ok
22:55:29.0720 5024 [ D25968D163EC487A50C8C6A91D4134B4 ] C:\Windows\System32\iertutil.dll
22:55:29.0720 5024 C:\Windows\System32\iertutil.dll - ok
22:55:29.0729 5024 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
22:55:29.0729 5024 C:\Windows\System32\setupapi.dll - ok
22:55:29.0736 5024 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
22:55:29.0737 5024 C:\Windows\System32\shell32.dll - ok
22:55:29.0744 5024 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
22:55:29.0744 5024 C:\Windows\System32\rpcrt4.dll - ok
22:55:29.0752 5024 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
22:55:29.0752 5024 C:\Windows\System32\lpk.dll - ok
22:55:29.0760 5024 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
22:55:29.0760 5024 C:\Windows\System32\difxapi.dll - ok
22:55:29.0768 5024 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
22:55:29.0768 5024 C:\Windows\System32\imagehlp.dll - ok
22:55:29.0776 5024 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
22:55:29.0776 5024 C:\Windows\System32\oleaut32.dll - ok
22:55:29.0785 5024 [ E519FD2CE6D57062400537C95C3B17FD ] C:\Windows\System32\urlmon.dll
22:55:29.0785 5024 C:\Windows\System32\urlmon.dll - ok
22:55:29.0793 5024 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
22:55:29.0793 5024 C:\Windows\System32\imm32.dll - ok
22:55:29.0801 5024 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
22:55:29.0801 5024 C:\Windows\System32\nsi.dll - ok
22:55:29.0809 5024 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
22:55:29.0809 5024 C:\Windows\System32\psapi.dll - ok
22:55:29.0817 5024 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
22:55:29.0817 5024 C:\Windows\System32\msctf.dll - ok
22:55:29.0825 5024 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
22:55:29.0825 5024 C:\Windows\System32\shlwapi.dll - ok
22:55:29.0833 5024 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
22:55:29.0833 5024 C:\Windows\System32\crypt32.dll - ok
22:55:29.0841 5024 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
22:55:29.0841 5024 C:\Windows\System32\devobj.dll - ok
22:55:29.0849 5024 [ CF0997050DB2B359D7F4103092296A1B ] C:\Windows\System32\KernelBase.dll
22:55:29.0849 5024 C:\Windows\System32\KernelBase.dll - ok
22:55:29.0857 5024 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
22:55:29.0857 5024 C:\Windows\System32\wintrust.dll - ok
22:55:29.0865 5024 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
22:55:29.0866 5024 C:\Windows\System32\cfgmgr32.dll - ok
22:55:29.0873 5024 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
22:55:29.0874 5024 C:\Windows\System32\comctl32.dll - ok
22:55:29.0881 5024 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
22:55:29.0881 5024 C:\Windows\System32\msasn1.dll - ok
22:55:29.0889 5024 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
22:55:29.0889 5024 C:\Windows\SysWOW64\normaliz.dll - ok
22:55:29.0898 5024 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
22:55:29.0898 5024 C:\Windows\System32\drivers\dxapi.sys - ok
22:55:29.0905 5024 [ 34B419EDEAC6F12B34908DE3758F98C9 ] C:\Windows\System32\win32k.sys
22:55:29.0905 5024 C:\Windows\System32\win32k.sys - ok
22:55:29.0914 5024 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
22:55:29.0914 5024 C:\Windows\System32\basesrv.dll - ok
22:55:29.0922 5024 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
22:55:29.0922 5024 C:\Windows\System32\csrsrv.dll - ok
22:55:29.0930 5024 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
22:55:29.0931 5024 C:\Windows\System32\csrss.exe - ok
22:55:29.0938 5024 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\System32\winsrv.dll
22:55:29.0938 5024 C:\Windows\System32\winsrv.dll - ok
22:55:29.0946 5024 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
22:55:29.0946 5024 C:\Windows\System32\drivers\monitor.sys - ok
22:55:29.0954 5024 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
22:55:29.0954 5024 C:\Windows\System32\tsddd.dll - ok
22:55:29.0962 5024 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
22:55:29.0963 5024 C:\Windows\System32\profapi.dll - ok
22:55:29.0970 5024 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
22:55:29.0970 5024 C:\Windows\System32\sxssrv.dll - ok
22:55:29.0976 5024 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
22:55:29.0976 5024 C:\Windows\System32\wininit.exe - ok
22:55:29.0983 5024 [ C08FE62AE1A51A4F8DD82D3D630ED24B ] C:\Windows\System32\nvinitx.dll
22:55:29.0984 5024 C:\Windows\System32\nvinitx.dll - ok
22:55:29.0991 5024 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
22:55:29.0991 5024 C:\Windows\System32\RpcRtRemote.dll - ok
22:55:29.0999 5024 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
22:55:29.0999 5024 C:\Windows\System32\cdd.dll - ok
22:55:30.0007 5024 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
22:55:30.0007 5024 C:\Windows\System32\KBDUS.DLL - ok
22:55:30.0015 5024 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
22:55:30.0015 5024 C:\Windows\System32\WlS0WndH.dll - ok
22:55:30.0022 5024 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
22:55:30.0022 5024 C:\Windows\System32\sxs.dll - ok
22:55:30.0030 5024 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
22:55:30.0030 5024 C:\Windows\System32\winlogon.exe - ok
22:55:30.0038 5024 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
22:55:30.0038 5024 C:\Windows\System32\winsta.dll - ok
22:55:30.0048 5024 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
22:55:30.0048 5024 C:\Windows\System32\cryptbase.dll - ok
22:55:30.0056 5024 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
22:55:30.0056 5024 C:\Windows\System32\apphelp.dll - ok
22:55:30.0064 5024 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
22:55:30.0064 5024 C:\Windows\System32\services.exe - ok
22:55:30.0072 5024 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
22:55:30.0072 5024 C:\Windows\System32\sspicli.dll - ok
22:55:30.0080 5024 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
22:55:30.0080 5024 C:\Windows\System32\lsasrv.dll - ok
22:55:30.0088 5024 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
22:55:30.0088 5024 C:\Windows\System32\lsass.exe - ok
22:55:30.0095 5024 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
22:55:30.0095 5024 C:\Windows\System32\lsm.exe - ok
22:55:30.0103 5024 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
22:55:30.0103 5024 C:\Windows\System32\scesrv.dll - ok
22:55:30.0111 5024 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
22:55:30.0111 5024 C:\Windows\System32\scext.dll - ok
22:55:30.0118 5024 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
22:55:30.0118 5024 C:\Windows\System32\secur32.dll - ok
22:55:30.0127 5024 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
22:55:30.0127 5024 C:\Windows\System32\sspisrv.dll - ok
22:55:30.0134 5024 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
22:55:30.0134 5024 C:\Windows\System32\sysntfy.dll - ok
22:55:30.0142 5024 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
22:55:30.0142 5024 C:\Windows\System32\wmsgapi.dll - ok
22:55:30.0150 5024 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
22:55:30.0150 5024 C:\Windows\System32\srvcli.dll - ok
22:55:30.0157 5024 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
22:55:30.0157 5024 C:\Windows\System32\cryptdll.dll - ok
22:55:30.0165 5024 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
22:55:30.0165 5024 C:\Windows\System32\samsrv.dll - ok
22:55:30.0173 5024 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
22:55:30.0173 5024 C:\Windows\System32\wevtapi.dll - ok
22:55:30.0181 5024 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
22:55:30.0181 5024 C:\Windows\System32\authz.dll - ok
22:55:30.0188 5024 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
22:55:30.0189 5024 C:\Windows\System32\cngaudit.dll - ok
22:55:30.0196 5024 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
22:55:30.0196 5024 C:\Windows\System32\ncrypt.dll - ok
22:55:30.0204 5024 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
22:55:30.0204 5024 C:\Windows\System32\bcrypt.dll - ok
22:55:30.0212 5024 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
22:55:30.0212 5024 C:\Windows\System32\msprivs.dll - ok
22:55:30.0219 5024 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
22:55:30.0219 5024 C:\Windows\System32\negoexts.dll - ok
22:55:30.0224 5024 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
22:55:30.0224 5024 C:\Windows\System32\netjoin.dll - ok
22:55:30.0233 5024 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
22:55:30.0233 5024 C:\Windows\System32\kerberos.dll - ok
22:55:30.0241 5024 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
22:55:30.0241 5024 C:\Windows\System32\cryptsp.dll - ok
22:55:30.0249 5024 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
22:55:30.0249 5024 C:\Windows\System32\mswsock.dll - ok
22:55:30.0257 5024 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
22:55:30.0257 5024 C:\Windows\System32\wship6.dll - ok
22:55:30.0264 5024 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
22:55:30.0264 5024 C:\Windows\System32\msv1_0.dll - ok
22:55:30.0272 5024 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
22:55:30.0272 5024 C:\Windows\System32\netlogon.dll - ok
22:55:30.0280 5024 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
22:55:30.0280 5024 C:\Windows\System32\dnsapi.dll - ok
22:55:30.0288 5024 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
22:55:30.0288 5024 C:\Windows\System32\logoncli.dll - ok
22:55:30.0296 5024 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
22:55:30.0296 5024 C:\Windows\System32\schannel.dll - ok
22:55:30.0303 5024 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
22:55:30.0303 5024 C:\Windows\System32\wdigest.dll - ok
22:55:30.0311 5024 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
22:55:30.0311 5024 C:\Windows\System32\rsaenh.dll - ok
22:55:30.0318 5024 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
22:55:30.0319 5024 C:\Windows\System32\pku2u.dll - ok
22:55:30.0327 5024 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
22:55:30.0327 5024 C:\Windows\System32\TSpkg.dll - ok
22:55:30.0334 5024 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
22:55:30.0334 5024 C:\Windows\System32\bcryptprimitives.dll - ok
22:55:30.0341 5024 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
22:55:30.0341 5024 C:\Windows\System32\credssp.dll - ok
22:55:30.0349 5024 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
22:55:30.0349 5024 C:\Windows\System32\efslsaext.dll - ok
22:55:30.0357 5024 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
22:55:30.0357 5024 C:\Windows\System32\scecli.dll - ok
22:55:30.0365 5024 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
22:55:30.0365 5024 C:\Windows\System32\ubpm.dll - ok
22:55:30.0373 5024 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
22:55:30.0373 5024 C:\Windows\System32\svchost.exe - ok
22:55:30.0380 5024 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
22:55:30.0380 5024 C:\Windows\System32\umpnpmgr.dll - ok
22:55:30.0388 5024 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
22:55:30.0388 5024 C:\Windows\System32\devrtl.dll - ok
22:55:30.0396 5024 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
22:55:30.0396 5024 C:\Windows\System32\SPInf.dll - ok
22:55:30.0403 5024 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
22:55:30.0403 5024 C:\Windows\System32\gpapi.dll - ok
22:55:30.0411 5024 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
22:55:30.0411 5024 C:\Windows\System32\userenv.dll - ok
22:55:30.0419 5024 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
22:55:30.0419 5024 C:\Windows\System32\umpo.dll - ok
22:55:30.0427 5024 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
22:55:30.0427 5024 C:\Windows\System32\pcwum.dll - ok
22:55:30.0435 5024 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
22:55:30.0435 5024 C:\Windows\System32\powrprof.dll - ok
22:55:30.0443 5024 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
22:55:30.0443 5024 C:\Windows\System32\drivers\luafv.sys - ok
22:55:30.0450 5024 [ C500760572C6059918FB0C960967695B ] C:\Windows\System32\nvvsvc.exe
22:55:30.0450 5024 C:\Windows\System32\nvvsvc.exe - ok
22:55:30.0458 5024 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
22:55:30.0458 5024 C:\Windows\System32\wtsapi32.dll - ok
22:55:30.0466 5024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
22:55:30.0466 5024 C:\Windows\System32\rpcss.dll - ok
22:55:30.0473 5024 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
22:55:30.0474 5024 C:\Windows\System32\RpcEpMap.dll - ok
22:55:30.0482 5024 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
22:55:30.0482 5024 C:\Windows\System32\WSHTCPIP.DLL - ok
22:55:30.0490 5024 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
22:55:30.0490 5024 C:\Windows\System32\wshqos.dll - ok
22:55:30.0498 5024 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
22:55:30.0498 5024 C:\Windows\System32\FirewallAPI.dll - ok
22:55:30.0505 5024 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
22:55:30.0505 5024 C:\Windows\System32\version.dll - ok
22:55:30.0513 5024 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
22:55:30.0513 5024 C:\Windows\System32\LogonUI.exe - ok
22:55:30.0521 5024 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
22:55:30.0521 5024 C:\Windows\System32\authui.dll - ok
22:55:30.0528 5024 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
22:55:30.0528 5024 C:\Windows\System32\cryptui.dll - ok
22:55:30.0536 5024 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
22:55:30.0536 5024 C:\Windows\System32\wevtsvc.dll - ok
22:55:30.0544 5024 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
22:55:30.0545 5024 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
22:55:30.0553 5024 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
22:55:30.0553 5024 C:\Windows\System32\shacct.dll - ok
22:55:30.0561 5024 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
22:55:30.0561 5024 C:\Windows\System32\samlib.dll - ok
22:55:30.0569 5024 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
22:55:30.0569 5024 C:\Windows\System32\propsys.dll - ok
22:55:30.0577 5024 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
22:55:30.0577 5024 C:\Windows\System32\audiosrv.dll - ok
22:55:30.0585 5024 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
22:55:30.0585 5024 C:\Windows\System32\ntmarta.dll - ok
22:55:30.0593 5024 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
22:55:30.0593 5024 C:\Windows\System32\uxtheme.dll - ok
22:55:30.0601 5024 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
22:55:30.0601 5024 C:\Windows\System32\avrt.dll - ok
22:55:30.0611 5024 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
22:55:30.0611 5024 C:\Windows\System32\MMDevAPI.dll - ok
22:55:30.0616 5024 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
22:55:30.0616 5024 C:\Windows\System32\profsvc.dll - ok
22:55:30.0626 5024 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
22:55:30.0626 5024 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
22:55:30.0633 5024 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
22:55:30.0633 5024 C:\Windows\System32\mmcss.dll - ok
22:55:30.0641 5024 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
22:55:30.0641 5024 C:\Windows\System32\dui70.dll - ok
22:55:30.0648 5024 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
22:55:30.0648 5024 C:\Windows\System32\duser.dll - ok
22:55:30.0656 5024 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
22:55:30.0656 5024 C:\Windows\System32\SndVolSSO.dll - ok
22:55:30.0664 5024 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
22:55:30.0664 5024 C:\Windows\System32\dwmapi.dll - ok
22:55:30.0672 5024 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
22:55:30.0672 5024 C:\Windows\System32\hid.dll - ok
22:55:30.0680 5024 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
22:55:30.0680 5024 C:\Windows\System32\xmllite.dll - ok
22:55:30.0687 5024 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
22:55:30.0688 5024 C:\Windows\System32\WindowsCodecs.dll - ok
22:55:30.0695 5024 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
22:55:30.0695 5024 C:\Windows\System32\wlansvc.dll - ok
22:55:30.0704 5024 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
22:55:30.0704 5024 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
22:55:30.0712 5024 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
22:55:30.0712 5024 C:\Windows\System32\winbrand.dll - ok
22:55:30.0720 5024 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
22:55:30.0720 5024 C:\Windows\System32\adtschema.dll - ok
22:55:30.0728 5024 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
22:55:30.0728 5024 C:\Windows\System32\audiodg.exe - ok
22:55:30.0734 5024 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
22:55:30.0734 5024 C:\Windows\System32\netprofm.dll - ok
22:55:30.0742 5024 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
22:55:30.0742 5024 C:\Windows\System32\VaultCredProvider.dll - ok
22:55:30.0750 5024 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
22:55:30.0750 5024 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
22:55:30.0759 5024 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
22:55:30.0759 5024 C:\Windows\System32\BioCredProv.dll - ok
22:55:30.0766 5024 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
22:55:30.0766 5024 C:\Windows\System32\credui.dll - ok
22:55:30.0773 5024 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
22:55:30.0774 5024 C:\Windows\System32\vaultcli.dll - ok
22:55:30.0781 5024 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
22:55:30.0781 5024 C:\Windows\System32\winbio.dll - ok
22:55:30.0789 5024 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
22:55:30.0789 5024 C:\Windows\System32\drivers\fltMgr.sys - ok
22:55:30.0797 5024 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
22:55:30.0797 5024 C:\Windows\System32\netapi32.dll - ok
22:55:30.0805 5024 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
22:55:30.0805 5024 C:\Windows\System32\netutils.dll - ok
22:55:30.0813 5024 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
22:55:30.0813 5024 C:\Windows\System32\samcli.dll - ok
22:55:30.0820 5024 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
22:55:30.0820 5024 C:\Windows\System32\wkscli.dll - ok
22:55:30.0828 5024 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
22:55:30.0828 5024 C:\Windows\System32\PSHED.DLL - ok
22:55:30.0836 5024 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
22:55:30.0836 5024 C:\Windows\System32\certCredProvider.dll - ok
22:55:30.0844 5024 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
22:55:30.0844 5024 C:\Windows\System32\rasapi32.dll - ok
22:55:30.0852 5024 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
22:55:30.0852 5024 C:\Windows\System32\rasplap.dll - ok
22:55:30.0859 5024 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
22:55:30.0860 5024 C:\Windows\System32\MPSSVC.dll - ok
22:55:30.0867 5024 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
22:55:30.0867 5024 C:\Windows\System32\rasman.dll - ok
22:55:30.0875 5024 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
22:55:30.0875 5024 C:\Windows\System32\rtutils.dll - ok
22:55:30.0883 5024 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll
22:55:30.0883 5024 C:\Windows\System32\cscsvc.dll - ok
22:55:30.0890 5024 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
22:55:30.0890 5024 C:\Windows\System32\gpsvc.dll - ok
22:55:30.0898 5024 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
22:55:30.0898 5024 C:\Windows\System32\winmm.dll - ok
22:55:30.0905 5024 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
22:55:30.0906 5024 C:\Windows\System32\ksuser.dll - ok
22:55:30.0913 5024 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
22:55:30.0913 5024 C:\Windows\System32\nlaapi.dll - ok
22:55:30.0921 5024 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll
22:55:30.0921 5024 C:\Windows\System32\PeerDist.dll - ok
22:55:30.0929 5024 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
22:55:30.0929 5024 C:\Windows\System32\themeservice.dll - ok
22:55:30.0936 5024 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
22:55:30.0936 5024 C:\Windows\System32\wdmaud.drv - ok
22:55:30.0944 5024 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
22:55:30.0944 5024 C:\Windows\System32\atl.dll - ok
22:55:30.0953 5024 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
22:55:30.0953 5024 C:\Windows\System32\dsrole.dll - ok
22:55:30.0960 5024 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
22:55:30.0960 5024 C:\Windows\System32\slc.dll - ok
22:55:30.0967 5024 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
22:55:30.0968 5024 C:\Windows\System32\taskschd.dll - ok
22:55:30.0975 5024 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
22:55:30.0975 5024 C:\Windows\System32\mstask.dll - ok
22:55:30.0980 5024 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
22:55:30.0980 5024 C:\Windows\System32\AudioSes.dll - ok
22:55:30.0988 5024 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
22:55:30.0988 5024 C:\Windows\System32\es.dll - ok
22:55:30.0996 5024 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
22:55:30.0996 5024 C:\Windows\System32\msacm32.dll - ok
22:55:31.0004 5024 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
22:55:31.0004 5024 C:\Windows\System32\msacm32.drv - ok
22:55:31.0012 5024 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
22:55:31.0012 5024 C:\Windows\System32\midimap.dll - ok
22:55:31.0020 5024 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
22:55:31.0020 5024 C:\Windows\System32\comres.dll - ok
22:55:31.0027 5024 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
22:55:31.0027 5024 C:\Windows\System32\Sens.dll - ok
22:55:31.0035 5024 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
22:55:31.0035 5024 C:\Windows\System32\UXInit.dll - ok
22:55:31.0043 5024 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
22:55:31.0043 5024 C:\Windows\System32\drivers\lltdio.sys - ok
22:55:31.0050 5024 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
22:55:31.0050 5024 C:\Windows\System32\uxsms.dll - ok
22:55:31.0058 5024 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
22:55:31.0058 5024 C:\Windows\System32\AudioEng.dll - ok
22:55:31.0066 5024 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
22:55:31.0066 5024 C:\Windows\System32\drivers\nwifi.sys - ok
22:55:31.0076 5024 [ 5A957D902C612D60A40AA5E43E5749A3 ] C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
22:55:31.0076 5024 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe - ok
22:55:31.0082 5024 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
22:55:31.0083 5024 C:\Windows\System32\AUDIOKSE.dll - ok
22:55:31.0090 5024 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
22:55:31.0092 5024 C:\Windows\System32\drivers\ndisuio.sys - ok
22:55:31.0098 5024 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
22:55:31.0098 5024 C:\Windows\System32\drivers\rspndr.sys - ok
22:55:31.0106 5024 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
22:55:31.0106 5024 C:\Windows\System32\lmhsvc.dll - ok
22:55:31.0114 5024 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
22:55:31.0114 5024 C:\Windows\System32\IPHLPAPI.DLL - ok
22:55:31.0122 5024 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
22:55:31.0122 5024 C:\Windows\System32\nsisvc.dll - ok
22:55:31.0129 5024 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
22:55:31.0129 5024 C:\Windows\System32\nrpsrv.dll - ok
22:55:31.0137 5024 [ 99F6FC25C100BF30CD583E046F15A7E1 ] C:\Windows\System32\nvsvc64.dll
22:55:31.0137 5024 C:\Windows\System32\nvsvc64.dll - ok
22:55:31.0145 5024 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
22:55:31.0145 5024 C:\Windows\System32\winnsi.dll - ok
22:55:31.0152 5024 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
22:55:31.0152 5024 C:\Windows\System32\dhcpcore.dll - ok
22:55:31.0160 5024 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
22:55:31.0160 5024 C:\Windows\System32\mscms.dll - ok
22:55:31.0168 5024 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
22:55:31.0168 5024 C:\Windows\System32\dhcpcore6.dll - ok
22:55:31.0176 5024 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
22:55:31.0176 5024 C:\Windows\System32\msimg32.dll - ok
22:55:31.0183 5024 [ E99D996FA2B431B9FF9C193F15A48367 ] C:\Windows\System32\nvapi64.dll
22:55:31.0183 5024 C:\Windows\System32\nvapi64.dll - ok
22:55:31.0192 5024 [ 02D6947AD310D9286053C30601E8A824 ] C:\Windows\System32\RtkAPO64.dll
22:55:31.0192 5024 C:\Windows\System32\RtkAPO64.dll - ok
22:55:31.0200 5024 [ F445704E69B5D7CBFDCCABA55C9DC97E ] C:\Windows\System32\nvsvcr.dll
22:55:31.0200 5024 C:\Windows\System32\nvsvcr.dll - ok
22:55:31.0209 5024 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
22:55:31.0209 5024 C:\Windows\System32\dnsrslvr.dll - ok
22:55:31.0215 5024 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
22:55:31.0215 5024 C:\Windows\System32\keyiso.dll - ok
22:55:31.0225 5024 [ 5066A34CF05AA081F08F3FED0926DE67 ] C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll
22:55:31.0225 5024 C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll - ok
22:55:31.0232 5024 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
22:55:31.0232 5024 C:\Windows\System32\eapphost.dll - ok
22:55:31.0237 5024 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
22:55:31.0237 5024 C:\Windows\System32\eapsvc.dll - ok
22:55:31.0245 5024 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
22:55:31.0245 5024 C:\Windows\System32\FWPUCLNT.DLL - ok
22:55:31.0253 5024 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
22:55:31.0253 5024 C:\Windows\System32\dnsext.dll - ok
22:55:31.0260 5024 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
22:55:31.0260 5024 C:\Windows\System32\umb.dll - ok
22:55:31.0268 5024 [ 745FB479B5932C943A418ED9BBA27514 ] C:\Windows\System32\nvcpl.dll
22:55:31.0268 5024 C:\Windows\System32\nvcpl.dll - ok
22:55:31.0276 5024 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
22:55:31.0276 5024 C:\Windows\System32\wlanmsm.dll - ok
22:55:31.0283 5024 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
22:55:31.0283 5024 C:\Windows\System32\onex.dll - ok
22:55:31.0291 5024 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
22:55:31.0291 5024 C:\Windows\System32\wlansec.dll - ok
22:55:31.0300 5024 [ 5A079BB2AC221247AAA5779748D1D97D ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
22:55:31.0300 5024 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
22:55:31.0309 5024 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
22:55:31.0309 5024 C:\Windows\System32\dhcpcsvc.dll - ok
22:55:31.0316 5024 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
22:55:31.0316 5024 C:\Windows\System32\eappprxy.dll - ok
22:55:31.0324 5024 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
22:55:31.0324 5024 C:\Windows\System32\dhcpcsvc6.dll - ok
22:55:31.0332 5024 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
22:55:31.0332 5024 C:\Windows\System32\eappcfg.dll - ok
22:55:31.0341 5024 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
22:55:31.0341 5024 C:\Windows\System32\l2gpstore.dll - ok
22:55:31.0348 5024 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
22:55:31.0348 5024 C:\Windows\System32\wlanutil.dll - ok
22:55:31.0355 5024 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
22:55:31.0355 5024 C:\Windows\System32\wlgpclnt.dll - ok
22:55:31.0364 5024 [ 8A113C0FCFF48B4AD9FF40F280FD4355 ] C:\Program Files\NVIDIA Corporation\Display\NVXDBat.dll
22:55:31.0364 5024 C:\Program Files\NVIDIA Corporation\Display\NVXDBat.dll - ok
22:55:31.0371 5024 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
22:55:31.0371 5024 C:\Windows\System32\WinSCard.dll - ok
22:55:31.0379 5024 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
22:55:31.0379 5024 C:\Windows\System32\msxml6.dll - ok
22:55:31.0387 5024 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
22:55:31.0387 5024 C:\Windows\System32\winspool.drv - ok
22:55:31.0395 5024 [ FA673579913E03B6A1D95BFE6F49D3E9 ] C:\Program Files\NVIDIA Corporation\Display\NVXDPlcy.dll
22:55:31.0395 5024 C:\Program Files\NVIDIA Corporation\Display\NVXDPlcy.dll - ok
22:55:31.0404 5024 [ A1DA97797FCABB0E82D0E08741E79CFE ] C:\Program Files\NVIDIA Corporation\Display\nvuir.dll
22:55:31.0404 5024 C:\Program Files\NVIDIA Corporation\Display\nvuir.dll - ok
22:55:31.0412 5024 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
22:55:31.0412 5024 C:\Windows\System32\WMALFXGFXDSP.dll - ok
22:55:31.0421 5024 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
22:55:31.0421 5024 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
22:55:31.0430 5024 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
22:55:31.0430 5024 C:\Windows\System32\mfplat.dll - ok
22:55:31.0438 5024 [ B1D5E4C607C42A9C45915AB739B34AE1 ] C:\Windows\System32\nvumdshimx.dll
22:55:31.0438 5024 C:\Windows\System32\nvumdshimx.dll - ok
22:55:31.0445 5024 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
22:55:31.0445 5024 C:\Windows\System32\shsvcs.dll - ok
22:55:31.0454 5024 [ CD76E59F58EB6E69C80148F682A3F634 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll
22:55:31.0454 5024 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll - ok
22:55:31.0464 5024 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
22:55:31.0464 5024 C:\Windows\System32\schedsvc.dll - ok
22:55:31.0470 5024 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
22:55:31.0470 5024 C:\Windows\System32\ktmw32.dll - ok
22:55:31.0478 5024 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
22:55:31.0478 5024 C:\Windows\System32\fveapi.dll - ok
22:55:31.0486 5024 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
22:55:31.0486 5024 C:\Windows\System32\fvecerts.dll - ok
22:55:31.0491 5024 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
22:55:31.0491 5024 C:\Windows\System32\tbs.dll - ok
22:55:31.0499 5024 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
22:55:31.0499 5024 C:\Windows\System32\taskcomp.dll - ok
22:55:31.0507 5024 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
22:55:31.0507 5024 C:\Windows\System32\wiarpc.dll - ok
22:55:31.0515 5024 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
22:55:31.0515 5024 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
22:55:31.0524 5024 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
22:55:31.0524 5024 C:\Windows\System32\drivers\http.sys - ok
22:55:31.0531 5024 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
22:55:31.0532 5024 C:\Windows\System32\spoolsv.exe - ok
22:55:31.0542 5024 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
22:55:31.0542 5024 C:\Windows\System32\imageres.dll - ok
22:55:31.0547 5024 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
22:55:31.0547 5024 C:\Windows\System32\BFE.DLL - ok
22:55:31.0555 5024 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
22:55:31.0555 5024 C:\Windows\System32\drivers\bowser.sys - ok
22:55:31.0563 5024 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
22:55:31.0564 5024 C:\Windows\System32\drivers\mpsdrv.sys - ok
22:55:31.0571 5024 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
22:55:31.0572 5024 C:\Windows\System32\drivers\mrxsmb.sys - ok
22:55:31.0579 5024 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
22:55:31.0579 5024 C:\Windows\System32\drivers\mrxsmb10.sys - ok
22:55:31.0587 5024 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
22:55:31.0588 5024 C:\Windows\System32\drivers\mrxsmb20.sys - ok
22:55:31.0595 5024 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
22:55:31.0595 5024 C:\Windows\System32\wkssvc.dll - ok
22:55:31.0603 5024 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
22:55:31.0603 5024 C:\Windows\System32\wfapigp.dll - ok
22:55:31.0611 5024 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
22:55:31.0611 5024 C:\Windows\System32\pcasvc.dll - ok
22:55:31.0619 5024 [ B809D62A3C0670F06092AFEB9B492D19 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp64.dll
22:55:31.0619 5024 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp64.dll - ok
22:55:31.0627 5024 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
22:55:31.0627 5024 C:\Windows\System32\snmptrap.exe - ok
22:55:31.0635 5024 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll
22:55:31.0635 5024 C:\Windows\System32\PeerDistSh.dll - ok
22:55:31.0643 5024 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
22:55:31.0643 5024 C:\Windows\System32\provsvc.dll - ok
22:55:31.0652 5024 [ B1EA9681502EE57F87DB71D726288A5B ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:55:31.0652 5024 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
22:55:31.0661 5024 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
22:55:31.0661 5024 C:\Windows\SysWOW64\ntdll.dll - ok
22:55:31.0669 5024 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
22:55:31.0669 5024 C:\Windows\System32\sstpsvc.dll - ok
22:55:31.0677 5024 [ D29902687A6110FE637F87189C6A3FB5 ] C:\Windows\System32\wow64.dll
22:55:31.0677 5024 C:\Windows\System32\wow64.dll - ok
22:55:31.0684 5024 [ CFBE90EF20EE550F4A6B74CED16DAFCA ] C:\Windows\System32\wow64win.dll
22:55:31.0685 5024 C:\Windows\System32\wow64win.dll - ok
22:55:31.0692 5024 [ E9EEC159B08BFDD76FAD2C1C333223B3 ] C:\Windows\System32\wow64cpu.dll
22:55:31.0692 5024 C:\Windows\System32\wow64cpu.dll - ok
22:55:31.0700 5024 [ 9B98D47916EAD4F69EF51B56B0C2323C ] C:\Windows\SysWOW64\kernel32.dll
22:55:31.0700 5024 C:\Windows\SysWOW64\kernel32.dll - ok
22:55:31.0708 5024 [ 53BB811ED12D2C867B354390FABF9612 ] C:\Windows\SysWOW64\KernelBase.dll
22:55:31.0708 5024 C:\Windows\SysWOW64\KernelBase.dll - ok
22:55:31.0716 5024 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
22:55:31.0716 5024 C:\Windows\SysWOW64\gdi32.dll - ok
22:55:31.0724 5024 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
22:55:31.0724 5024 C:\Windows\SysWOW64\user32.dll - ok
22:55:31.0731 5024 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
22:55:31.0731 5024 C:\Windows\SysWOW64\lpk.dll - ok
22:55:31.0739 5024 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
22:55:31.0739 5024 C:\Windows\SysWOW64\msvcrt.dll - ok
22:55:31.0744 5024 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
22:55:31.0744 5024 C:\Windows\SysWOW64\usp10.dll - ok
22:55:31.0752 5024 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
22:55:31.0752 5024 C:\Windows\SysWOW64\advapi32.dll - ok
22:55:31.0759 5024 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
22:55:31.0759 5024 C:\Windows\SysWOW64\rpcrt4.dll - ok
22:55:31.0765 5024 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
22:55:31.0765 5024 C:\Windows\SysWOW64\sechost.dll - ok
22:55:31.0765 5024 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
22:55:31.0765 5024 C:\Windows\SysWOW64\cryptbase.dll - ok
22:55:31.0781 5024 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
22:55:31.0781 5024 C:\Windows\SysWOW64\shell32.dll - ok
22:55:31.0781 5024 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
22:55:31.0781 5024 C:\Windows\SysWOW64\sspicli.dll - ok
22:55:31.0797 5024 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
22:55:31.0797 5024 C:\Windows\SysWOW64\ole32.dll - ok
22:55:31.0797 5024 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
22:55:31.0797 5024 C:\Windows\SysWOW64\shlwapi.dll - ok
22:55:31.0812 5024 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
22:55:31.0812 5024 C:\Windows\SysWOW64\crypt32.dll - ok
22:55:31.0812 5024 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
22:55:31.0812 5024 C:\Windows\SysWOW64\oleaut32.dll - ok
22:55:31.0828 5024 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
22:55:31.0828 5024 C:\Windows\SysWOW64\msasn1.dll - ok
22:55:31.0836 5024 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
22:55:31.0836 5024 C:\Windows\SysWOW64\wintrust.dll - ok
22:55:31.0844 5024 [ B3892E6DA8E2C8CE4B0A9D3EB9A185E5 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
22:55:31.0845 5024 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll - ok
22:55:31.0853 5024 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
22:55:31.0853 5024 C:\Windows\SysWOW64\imm32.dll - ok
22:55:31.0860 5024 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
22:55:31.0860 5024 C:\Windows\SysWOW64\msctf.dll - ok
22:55:31.0868 5024 [ 7F40FDEBB93FBFF5BD3B40972A57FAC2 ] C:\Windows\SysWOW64\nvinit.dll
22:55:31.0868 5024 C:\Windows\SysWOW64\nvinit.dll - ok
22:55:31.0876 5024 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:55:31.0876 5024 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
22:55:31.0886 5024 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
22:55:31.0886 5024 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
22:55:31.0895 5024 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
22:55:31.0895 5024 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
22:55:31.0904 5024 [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
22:55:31.0904 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
22:55:31.0913 5024 [ D339D7F6E52AECCA9C0898CB547B2902 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
22:55:31.0913 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
22:55:31.0921 5024 [ 7373DE70D405FF08DC53336B83989138 ] C:\Windows\System32\rastls.dll
22:55:31.0921 5024 C:\Windows\System32\rastls.dll - ok
22:55:31.0928 5024 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
22:55:31.0928 5024 C:\Windows\SysWOW64\version.dll - ok
22:55:31.0937 5024 [ 5F3347EBA403EE64780980A5BAF10304 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
22:55:31.0937 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
22:55:31.0946 5024 [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
22:55:31.0946 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
22:55:31.0954 5024 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
22:55:31.0954 5024 C:\Windows\System32\raschap.dll - ok
22:55:31.0962 5024 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
22:55:31.0962 5024 C:\Windows\SysWOW64\nsi.dll - ok
22:55:31.0970 5024 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
22:55:31.0970 5024 C:\Windows\SysWOW64\ws2_32.dll - ok
22:55:31.0978 5024 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
22:55:31.0978 5024 C:\Windows\SysWOW64\wsock32.dll - ok
22:55:31.0986 5024 [ 09B7E7CD6F202247B3CF2306108589C2 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
22:55:31.0986 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
22:55:31.0992 5024 [ 26655CA3645C49DA4A79AC18FE84EE11 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
22:55:31.0992 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
22:55:32.0001 5024 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
22:55:32.0002 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
22:55:32.0010 5024 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
22:55:32.0010 5024 C:\Windows\SysWOW64\winmm.dll - ok
22:55:32.0018 5024 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
22:55:32.0018 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
22:55:32.0027 5024 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
22:55:32.0027 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
22:55:32.0036 5024 [ 24AA9776D6AB032071B61C88089AEA59 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
22:55:32.0036 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
22:55:32.0045 5024 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
22:55:32.0045 5024 C:\Windows\SysWOW64\profapi.dll - ok
22:55:32.0053 5024 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
22:55:32.0053 5024 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
22:55:32.0062 5024 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
22:55:32.0062 5024 C:\Windows\SysWOW64\setupapi.dll - ok
22:55:32.0069 5024 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
22:55:32.0069 5024 C:\Windows\SysWOW64\cfgmgr32.dll - ok
22:55:32.0077 5024 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
22:55:32.0077 5024 C:\Windows\SysWOW64\devobj.dll - ok
22:55:32.0085 5024 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
22:55:32.0085 5024 C:\Windows\SysWOW64\dnssd.dll - ok
22:55:32.0093 5024 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
22:55:32.0093 5024 C:\Windows\SysWOW64\userenv.dll - ok
22:55:32.0100 5024 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
22:55:32.0101 5024 C:\Windows\SysWOW64\wtsapi32.dll - ok
22:55:32.0108 5024 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
22:55:32.0108 5024 C:\Windows\SysWOW64\ntmarta.dll - ok
22:55:32.0116 5024 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
22:55:32.0116 5024 C:\Windows\SysWOW64\Wldap32.dll - ok
22:55:32.0124 5024 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] C:\Windows\System32\drivers\avgidsfiltera.sys
22:55:32.0125 5024 C:\Windows\System32\drivers\avgidsfiltera.sys - ok
22:55:32.0132 5024 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
22:55:32.0132 5024 C:\Windows\SysWOW64\mswsock.dll - ok
22:55:32.0140 5024 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
22:55:32.0140 5024 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
22:55:32.0149 5024 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
22:55:32.0149 5024 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
22:55:32.0158 5024 [ 3178C47DB9F1615E5334029607BD3459 ] C:\Windows\SysWOW64\iertutil.dll
22:55:32.0158 5024 C:\Windows\SysWOW64\iertutil.dll - ok
22:55:32.0165 5024 [ 9CB0D2A9A77D91D9614355EE9FF00519 ] C:\Windows\SysWOW64\wininet.dll
22:55:32.0165 5024 C:\Windows\SysWOW64\wininet.dll - ok
22:55:32.0173 5024 [ FC4EE980C3BD87D35816EC55007E00B5 ] C:\Windows\SysWOW64\urlmon.dll
22:55:32.0173 5024 C:\Windows\SysWOW64\urlmon.dll - ok
22:55:32.0181 5024 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
22:55:32.0182 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
22:55:32.0190 5024 [ E53B389AABC47A86A41884E94C9A3012 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
22:55:32.0190 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
22:55:32.0199 5024 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
22:55:32.0199 5024 C:\Windows\System32\netcfgx.dll - ok
22:55:32.0207 5024 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
22:55:32.0207 5024 C:\Windows\System32\drivers\vwifimp.sys - ok
22:55:32.0214 5024 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
22:55:32.0214 5024 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
22:55:32.0223 5024 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
22:55:32.0223 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
22:55:32.0231 5024 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
22:55:32.0231 5024 C:\Windows\SysWOW64\winnsi.dll - ok
22:55:32.0240 5024 [ 5E33C164DC7FA74728D8A83036C438BB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
22:55:32.0240 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
22:55:32.0246 5024 [ EA1145DEBCD508FD25BD1E95C4346929 ] C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:55:32.0246 5024 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe - ok
22:55:32.0257 5024 [ FFAF216AFD913E48180BC0B7270DA66E ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36064.dll
22:55:32.0257 5024 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36064.dll - ok
22:55:32.0264 5024 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
22:55:32.0264 5024 C:\Windows\System32\dllhost.exe - ok
22:55:32.0271 5024 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
22:55:32.0271 5024 C:\Windows\System32\IDStore.dll - ok
22:55:32.0279 5024 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
22:55:32.0279 5024 C:\Windows\System32\taskhost.exe - ok
22:55:32.0287 5024 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
22:55:32.0287 5024 C:\Windows\System32\mpr.dll - ok
22:55:32.0295 5024 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
22:55:32.0295 5024 C:\Windows\System32\userinit.exe - ok
22:55:32.0303 5024 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
22:55:32.0303 5024 C:\Windows\System32\dwm.exe - ok
22:55:32.0311 5024 [ 7CF8E97FFB8746598D87E4F2117FED94 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slInit64.dll
22:55:32.0311 5024 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slInit64.dll - ok
22:55:32.0320 5024 [ 3226A4C05E4FB1A42830743A0BC1E594 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slmaxv64.dll
22:55:32.0320 5024 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slmaxv64.dll - ok
22:55:32.0329 5024 [ D96A1F785501D7A8062C4CF8A7413825 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd64.dll
22:55:32.0329 5024 C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd64.dll - ok
22:55:32.0337 5024 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
22:55:32.0337 5024 C:\Windows\explorer.exe - ok
22:55:32.0345 5024 [ 110150E4AA7E73EAA5A09FF98AB1CEF2 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
22:55:32.0345 5024 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok
22:55:32.0353 5024 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
22:55:32.0353 5024 C:\Windows\SysWOW64\winsta.dll - ok
22:55:32.0361 5024 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
22:55:32.0361 5024 C:\Program Files\Bonjour\mdnsNSP.dll - ok
22:55:32.0369 5024 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
22:55:32.0369 5024 C:\Windows\System32\rasadhlp.dll - ok
22:55:32.0377 5024 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
22:55:32.0377 5024 C:\Windows\System32\localspl.dll - ok
22:55:32.0385 5024 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
22:55:32.0385 5024 C:\Windows\System32\spoolss.dll - ok
22:55:32.0392 5024 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
22:55:32.0392 5024 C:\Windows\System32\PrintIsolationProxy.dll - ok
22:55:32.0401 5024 [ 8CE9DA018A219B5E59209AFDFE6D698A ] C:\Windows\System32\CNMLMA7.DLL
22:55:32.0401 5024 C:\Windows\System32\CNMLMA7.DLL - ok
22:55:32.0409 5024 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
22:55:32.0409 5024 C:\Windows\System32\PlaySndSrv.dll - ok
22:55:32.0416 5024 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
22:55:32.0416 5024 C:\Windows\System32\MsCtfMonitor.dll - ok
22:55:32.0425 5024 [ 0AFFF58CC116399FADCDB76B3E5EEA35 ] C:\Windows\System32\CNCF2Lm.DLL
22:55:32.0425 5024 C:\Windows\System32\CNCF2Lm.DLL - ok
22:55:32.0432 5024 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
22:55:32.0433 5024 C:\Windows\System32\msutb.dll - ok
22:55:32.0440 5024 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
22:55:32.0440 5024 C:\Windows\System32\FXSMON.dll - ok
22:55:32.0448 5024 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
22:55:32.0448 5024 C:\Windows\System32\HotStartUserAgent.dll - ok
22:55:32.0455 5024 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
22:55:32.0456 5024 C:\Windows\System32\dwmredir.dll - ok
22:55:32.0463 5024 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
22:55:32.0463 5024 C:\Windows\System32\tcpmon.dll - ok
22:55:32.0471 5024 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
22:55:32.0472 5024 C:\Windows\System32\dwmcore.dll - ok
22:55:32.0479 5024 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
22:55:32.0479 5024 C:\Windows\System32\snmpapi.dll - ok
22:55:32.0486 5024 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
22:55:32.0486 5024 C:\Windows\System32\wsnmp32.dll - ok
22:55:32.0495 5024 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
22:55:32.0495 5024 C:\Windows\System32\usbmon.dll - ok
22:55:32.0501 5024 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
22:55:32.0501 5024 C:\Windows\System32\WSDMon.dll - ok
22:55:32.0508 5024 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
22:55:32.0508 5024 C:\Windows\System32\WSDApi.dll - ok
22:55:32.0516 5024 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
22:55:32.0516 5024 C:\Windows\System32\webservices.dll - ok
22:55:32.0524 5024 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
22:55:32.0524 5024 C:\Windows\System32\fundisc.dll - ok
22:55:32.0532 5024 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
22:55:32.0532 5024 C:\Windows\System32\fdPnp.dll - ok
22:55:32.0540 5024 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
22:55:32.0540 5024 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
22:55:32.0548 5024 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
22:55:32.0548 5024 C:\Windows\System32\d3d10_1.dll - ok
22:55:32.0557 5024 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
22:55:32.0557 5024 C:\Windows\System32\d3d10_1core.dll - ok
22:55:32.0565 5024 [ 2344AA330F5522D4687B0CB666865113 ] C:\Windows\System32\spool\prtprocs\x64\CNMPDA7.DLL
22:55:32.0565 5024 C:\Windows\System32\spool\prtprocs\x64\CNMPDA7.DLL - ok
22:55:32.0573 5024 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
22:55:32.0573 5024 C:\Windows\System32\dxgi.dll - ok
22:55:32.0581 5024 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
22:55:32.0581 5024 C:\Windows\System32\win32spl.dll - ok
22:55:32.0589 5024 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
22:55:32.0589 5024 C:\Windows\System32\inetpp.dll - ok
22:55:32.0597 5024 [ D8F0E941B1E35DEEE3EDF6DF45517607 ] C:\Windows\System32\igd10umd64.dll
22:55:32.0597 5024 C:\Windows\System32\igd10umd64.dll - ok
22:55:32.0605 5024 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
22:55:32.0605 5024 C:\Windows\System32\uDWM.dll - ok
22:55:32.0612 5024 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
22:55:32.0612 5024 C:\Windows\System32\cscapi.dll - ok
22:55:32.0620 5024 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
22:55:32.0620 5024 C:\Windows\System32\ExplorerFrame.dll - ok
22:55:32.0629 5024 [ A57750E129AAE76E933417C8CD63B256 ] C:\Windows\System32\spool\drivers\x64\3\CNCFIMm.DLL
22:55:32.0629 5024 C:\Windows\System32\spool\drivers\x64\3\CNCFIMm.DLL - ok
22:55:32.0637 5024 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
22:55:32.0637 5024 C:\Windows\System32\EhStorShell.dll - ok
22:55:32.0645 5024 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
22:55:32.0645 5024 C:\Windows\System32\cscui.dll - ok
22:55:32.0652 5024 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
22:55:32.0652 5024 C:\Windows\System32\cscdll.dll - ok
22:55:32.0660 5024 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
22:55:32.0660 5024 C:\Windows\System32\ntshrui.dll - ok
22:55:32.0668 5024 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
22:55:32.0668 5024 C:\Windows\System32\IconCodecService.dll - ok
22:55:32.0676 5024 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
22:55:32.0676 5024 C:\Program Files\Bonjour\mDNSResponder.exe - ok
22:55:32.0685 5024 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
22:55:32.0685 5024 C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe - ok
22:55:32.0693 5024 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
22:55:32.0693 5024 C:\Windows\System32\cryptsvc.dll - ok
22:55:32.0700 5024 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
22:55:32.0700 5024 C:\Windows\System32\cryptnet.dll - ok
22:55:32.0708 5024 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
22:55:32.0708 5024 C:\Windows\System32\vssapi.dll - ok
22:55:32.0716 5024 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
22:55:32.0716 5024 C:\Windows\System32\vsstrace.dll - ok
22:55:32.0724 5024 [ 9E9542A6DDF96AD1BF5070A27012D8D5 ] C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
22:55:32.0724 5024 C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll - ok
22:55:32.0732 5024 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
22:55:32.0732 5024 C:\Windows\SysWOW64\rasapi32.dll - ok
22:55:32.0740 5024 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
22:55:32.0740 5024 C:\Windows\SysWOW64\rasman.dll - ok
22:55:32.0747 5024 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
22:55:32.0747 5024 C:\Windows\SysWOW64\mfc42.dll - ok
22:55:32.0753 5024 [ 126B75D50756FE204283D418AE1A66DF ] C:\Windows\SysWOW64\msvcirt.dll
22:55:32.0753 5024 C:\Windows\SysWOW64\msvcirt.dll - ok
22:55:32.0766 5024 [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\SysWOW64\msvcp60.dll
22:55:32.0766 5024 C:\Windows\SysWOW64\msvcp60.dll - ok
22:55:32.0771 5024 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
22:55:32.0771 5024 C:\Windows\SysWOW64\odbc32.dll - ok
22:55:32.0779 5024 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
22:55:32.0779 5024 C:\Windows\SysWOW64\odbcint.dll - ok
22:55:32.0787 5024 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
22:55:32.0787 5024 C:\Windows\System32\dps.dll - ok
22:55:32.0795 5024 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
22:55:32.0795 5024 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
22:55:32.0803 5024 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
22:55:32.0803 5024 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
22:55:32.0811 5024 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
22:55:32.0812 5024 C:\Windows\System32\FDResPub.dll - ok
22:55:32.0819 5024 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
22:55:32.0819 5024 C:\Windows\System32\aepic.dll - ok
22:55:32.0827 5024 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
22:55:32.0827 5024 C:\Windows\System32\nlasvc.dll - ok
22:55:32.0835 5024 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
22:55:32.0835 5024 C:\Windows\System32\drivers\PEAuth.sys - ok
22:55:32.0843 5024 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
22:55:32.0843 5024 C:\Windows\System32\ncsi.dll - ok
22:55:32.0851 5024 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
22:55:32.0851 5024 C:\Windows\System32\sfc.dll - ok
22:55:32.0853 5024 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
22:55:32.0853 5024 C:\Windows\System32\sfc_os.dll - ok
22:55:32.0853 5024 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
22:55:32.0853 5024 C:\Windows\System32\webio.dll - ok
22:55:32.0868 5024 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
22:55:32.0868 5024 C:\Windows\System32\winhttp.dll - ok
22:55:32.0868 5024 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
22:55:32.0868 5024 C:\Windows\System32\IKEEXT.DLL - ok
22:55:32.0884 5024 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
22:55:32.0884 5024 C:\Windows\System32\ssdpapi.dll - ok
22:55:32.0884 5024 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
22:55:32.0884 5024 C:\Windows\System32\drivers\secdrv.sys - ok
22:55:32.0900 5024 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
22:55:32.0900 5024 C:\Windows\System32\drivers\srvnet.sys - ok
22:55:32.0900 5024 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
22:55:32.0900 5024 C:\Windows\System32\httpapi.dll - ok
22:55:32.0922 5024 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
22:55:32.0922 5024 C:\Windows\System32\vpnikeapi.dll - ok
22:55:32.0930 5024 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
22:55:32.0930 5024 C:\Windows\System32\aeevts.dll - ok
22:55:32.0938 5024 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
22:55:32.0938 5024 C:\Windows\System32\sysmain.dll - ok
22:55:32.0946 5024 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
22:55:32.0946 5024 C:\Windows\System32\wiaservc.dll - ok
22:55:32.0955 5024 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
22:55:32.0955 5024 C:\Windows\System32\drivers\tcpipreg.sys - ok
22:55:32.0964 5024 [ 7D110D645030C05A06C3CD08D1E47D0A ] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
22:55:32.0964 5024 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe - ok
22:55:32.0972 5024 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
22:55:32.0972 5024 C:\Windows\System32\trkwks.dll - ok
22:55:32.0980 5024 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
22:55:32.0980 5024 C:\Windows\System32\wiatrace.dll - ok
22:55:32.0989 5024 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
22:55:32.0989 5024 C:\Windows\System32\wbem\WMIsvc.dll - ok
22:55:32.0997 5024 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
22:55:32.0997 5024 C:\Windows\System32\wbemcomn.dll - ok
22:55:33.0002 5024 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
22:55:33.0002 5024 C:\Windows\System32\wbem\fastprox.dll - ok
22:55:33.0011 5024 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
22:55:33.0011 5024 C:\Windows\System32\wbem\WinMgmtR.dll - ok
22:55:33.0019 5024 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
22:55:33.0019 5024 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
22:55:33.0027 5024 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
22:55:33.0028 5024 C:\Windows\System32\ntdsapi.dll - ok
22:55:33.0036 5024 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
22:55:33.0036 5024 C:\Windows\System32\wbem\wbemprox.dll - ok
22:55:33.0044 5024 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
22:55:33.0044 5024 C:\Windows\System32\wbem\esscli.dll - ok
22:55:33.0052 5024 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
22:55:33.0052 5024 C:\Windows\System32\wbem\wbemcore.dll - ok
22:55:33.0061 5024 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
22:55:33.0061 5024 C:\Windows\System32\wbem\wbemsvc.dll - ok
22:55:33.0069 5024 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
22:55:33.0069 5024 C:\Windows\System32\wbem\repdrvfs.dll - ok
22:55:33.0077 5024 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
22:55:33.0077 5024 C:\Windows\System32\wbem\wmiutils.dll - ok
22:55:33.0085 5024 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
22:55:33.0085 5024 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
22:55:33.0093 5024 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
22:55:33.0094 5024 C:\Windows\System32\ncobjapi.dll - ok
22:55:33.0101 5024 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
22:55:33.0102 5024 C:\Windows\System32\wbem\wbemess.dll - ok
22:55:33.0109 5024 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
22:55:33.0109 5024 C:\Windows\SysWOW64\clbcatq.dll - ok
22:55:33.0117 5024 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\SysWOW64\msxml3.dll
22:55:33.0117 5024 C:\Windows\SysWOW64\msxml3.dll - ok
22:55:33.0126 5024 [ 81E7E920312D372CF57A817049AC7C76 ] C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
22:55:33.0126 5024 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL - ok
22:55:33.0134 5024 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
22:55:33.0135 5024 C:\Windows\SysWOW64\secur32.dll - ok
22:55:33.0143 5024 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
22:55:33.0143 5024 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
22:55:33.0151 5024 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
22:55:33.0151 5024 C:\Windows\SysWOW64\dnsapi.dll - ok
22:55:33.0159 5024 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
22:55:33.0159 5024 C:\Windows\SysWOW64\rtutils.dll - ok
22:55:33.0167 5024 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
22:55:33.0167 5024 C:\Windows\SysWOW64\SensApi.dll - ok
22:55:33.0174 5024 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
22:55:33.0174 5024 C:\Windows\SysWOW64\nlaapi.dll - ok
22:55:33.0182 5024 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
22:55:33.0182 5024 C:\Windows\SysWOW64\rasadhlp.dll - ok
22:55:33.0190 5024 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
22:55:33.0190 5024 C:\Windows\SysWOW64\wship6.dll - ok
22:55:33.0198 5024 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
22:55:33.0198 5024 C:\Windows\SysWOW64\netprofm.dll - ok
22:55:33.0206 5024 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
22:55:33.0206 5024 C:\Windows\SysWOW64\cryptsp.dll - ok
22:55:33.0214 5024 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
22:55:33.0214 5024 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
22:55:33.0222 5024 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
22:55:33.0222 5024 C:\Windows\SysWOW64\rsaenh.dll - ok
22:55:33.0230 5024 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] C:\Windows\System32\drivers\avgidsdrivera.sys
22:55:33.0230 5024 C:\Windows\System32\drivers\avgidsdrivera.sys - ok
22:55:33.0238 5024 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
22:55:33.0238 5024 C:\Windows\System32\drivers\srv2.sys - ok
22:55:33.0246 5024 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
22:55:33.0246 5024 C:\Windows\System32\iphlpsvc.dll - ok
22:55:33.0254 5024 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
22:55:33.0254 5024 C:\Windows\System32\sqmapi.dll - ok
22:55:33.0260 5024 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
22:55:33.0260 5024 C:\Windows\System32\wdscore.dll - ok
22:55:33.0268 5024 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:55:33.0268 5024 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe - ok
22:55:33.0276 5024 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
22:55:33.0276 5024 C:\Windows\System32\hnetcfg.dll - ok
22:55:33.0284 5024 [ 93312F83FD4D5C38CEE8AA1265C061EE ] C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll
22:55:33.0284 5024 C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll - ok
22:55:33.0292 5024 [ 91DC97F9DA3E2B59049D410870935C78 ] C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll
22:55:33.0292 5024 C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll - ok
22:55:33.0301 5024 [ DB001FAEA818AE2E14A74E0ADC530FC0 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll
22:55:33.0301 5024 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll - ok
22:55:33.0309 5024 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
22:55:33.0309 5024 C:\Windows\SysWOW64\psapi.dll - ok
22:55:33.0317 5024 [ AFF2E23E4E867140F07ABADC9E29ACDC ] C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll
22:55:33.0318 5024 C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll - ok
22:55:33.0326 5024 [ 25CD97F030AE70AF458FF6AB0B7E9B2E ] C:\Program Files (x86)\AVG\AVG2012\avglogx.dll
22:55:33.0326 5024 C:\Program Files (x86)\AVG\AVG2012\avglogx.dll - ok
22:55:33.0334 5024 [ E2C78D19572AACC2062A00F01503807E ] C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll
22:55:33.0334 5024 C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll - ok
22:55:33.0342 5024 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
22:55:33.0342 5024 C:\Windows\System32\drivers\srv.sys - ok
22:55:33.0350 5024 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
22:55:33.0350 5024 C:\Windows\System32\browser.dll - ok
22:55:33.0358 5024 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
22:55:33.0358 5024 C:\Windows\System32\netmsg.dll - ok
22:55:33.0365 5024 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
22:55:33.0365 5024 C:\Windows\System32\srvsvc.dll - ok
22:55:33.0372 5024 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
22:55:33.0373 5024 C:\Windows\System32\sscore.dll - ok
22:55:33.0380 5024 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
22:55:33.0381 5024 C:\Windows\System32\clusapi.dll - ok
22:55:33.0388 5024 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
22:55:33.0389 5024 C:\Windows\System32\resutils.dll - ok
22:55:33.0397 5024 [ 60732ECEC8AEF0A05FE36E661AA1C99C ] C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll
22:55:33.0397 5024 C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll - ok
22:55:33.0405 5024 [ 583D2AB70DA4BDC7DCB5EC5C7B87A57C ] C:\Program Files (x86)\AVG\AVG2012\avgcertx.dll
22:55:33.0405 5024 C:\Program Files (x86)\AVG\AVG2012\avgcertx.dll - ok
22:55:33.0413 5024 [ 3466855DE825F86C484A3454AD090967 ] C:\Program Files (x86)\AVG\AVG2012\avgchclx.dll
22:55:33.0413 5024 C:\Program Files (x86)\AVG\AVG2012\avgchclx.dll - ok
22:55:33.0421 5024 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
22:55:33.0421 5024 C:\Windows\SysWOW64\sfc.dll - ok
22:55:33.0429 5024 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
22:55:33.0429 5024 C:\Windows\SysWOW64\sfc_os.dll - ok
22:55:33.0437 5024 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
22:55:33.0437 5024 C:\Windows\System32\appinfo.dll - ok
22:55:33.0445 5024 [ 79AF0E203D089AF442A3F70ED00A37FB ] C:\Windows\System32\drivers\CVPNDRVA.sys
22:55:33.0445 5024 C:\Windows\System32\drivers\CVPNDRVA.sys - ok
22:55:33.0453 5024 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
22:55:33.0453 5024 C:\Windows\System32\esent.dll - ok
22:55:33.0460 5024 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
22:55:33.0461 5024 C:\Windows\SysWOW64\devrtl.dll - ok
22:55:33.0468 5024 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
22:55:33.0468 5024 C:\Windows\System32\NapiNSP.dll - ok
22:55:33.0477 5024 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
22:55:33.0477 5024 C:\Windows\System32\pnrpnsp.dll - ok
22:55:33.0487 5024 [ 748849C42DEA24C723048E24BCA1BD55 ] C:\Windows\System32\wshbth.dll
22:55:33.0488 5024 C:\Windows\System32\wshbth.dll - ok
22:55:33.0493 5024 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
22:55:33.0493 5024 C:\Windows\System32\winrnr.dll - ok
22:55:33.0500 5024 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
22:55:33.0500 5024 C:\Windows\System32\wdi.dll - ok
22:55:33.0508 5024 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
22:55:33.0508 5024 C:\Windows\SysWOW64\NapiNSP.dll - ok
22:55:33.0514 5024 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
22:55:33.0514 5024 C:\Windows\System32\npmproxy.dll - ok
22:55:33.0522 5024 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
22:55:33.0522 5024 C:\Windows\SysWOW64\pnrpnsp.dll - ok
22:55:33.0530 5024 [ AC122407B29378FF9646F03404AC7C54 ] C:\Windows\SysWOW64\wshbth.dll
22:55:33.0530 5024 C:\Windows\SysWOW64\wshbth.dll - ok
22:55:33.0537 5024 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
22:55:33.0538 5024 C:\Windows\System32\diagperf.dll - ok
22:55:33.0545 5024 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
22:55:33.0546 5024 C:\Windows\System32\perftrack.dll - ok
22:55:33.0554 5024 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
22:55:33.0554 5024 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
22:55:33.0562 5024 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
22:55:33.0562 5024 C:\Windows\SysWOW64\npmproxy.dll - ok
22:55:33.0570 5024 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
22:55:33.0570 5024 C:\Windows\SysWOW64\winrnr.dll - ok
22:55:33.0577 5024 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
22:55:33.0577 5024 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
22:55:33.0586 5024 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
22:55:33.0586 5024 C:\Windows\System32\runonce.exe - ok
22:55:33.0593 5024 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
22:55:33.0593 5024 C:\Windows\System32\wer.dll - ok
22:55:33.0600 5024 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
22:55:33.0601 5024 C:\Windows\SysWOW64\runonce.exe - ok
22:55:33.0608 5024 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
22:55:33.0608 5024 C:\Windows\System32\pnpts.dll - ok
22:55:33.0616 5024 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
22:55:33.0616 5024 C:\Windows\SysWOW64\uxtheme.dll - ok
22:55:33.0624 5024 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
22:55:33.0624 5024 C:\Windows\System32\aelupsvc.dll - ok
22:55:33.0632 5024 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
22:55:33.0632 5024 C:\Windows\System32\IPSECSVC.DLL - ok
22:55:33.0639 5024 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
22:55:33.0640 5024 C:\Windows\System32\radardt.dll - ok
22:55:33.0647 5024 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
22:55:33.0647 5024 C:\Windows\System32\FwRemoteSvr.dll - ok
22:55:33.0655 5024 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
22:55:33.0655 5024 C:\Windows\System32\wdiasqmmodule.dll - ok
22:55:33.0663 5024 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
22:55:33.0663 5024 C:\Windows\SysWOW64\propsys.dll - ok
22:55:33.0671 5024 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
22:55:33.0671 5024 C:\Windows\System32\dimsjob.dll - ok
22:55:33.0679 5024 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
22:55:33.0679 5024 C:\Windows\System32\pautoenr.dll - ok
22:55:33.0687 5024 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
22:55:33.0687 5024 C:\Windows\System32\certcli.dll - ok
22:55:33.0695 5024 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
22:55:33.0695 5024 C:\Windows\System32\CertEnroll.dll - ok
22:55:33.0704 5024 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
22:55:33.0704 5024 C:\Windows\SysWOW64\apphelp.dll - ok
22:55:33.0711 5024 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
22:55:33.0711 5024 C:\Windows\SysWOW64\cmd.exe - ok
22:55:33.0721 5024 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
22:55:33.0721 5024 C:\Windows\System32\rundll32.exe - ok
22:55:33.0727 5024 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
22:55:33.0727 5024 C:\Windows\System32\actxprxy.dll - ok
22:55:33.0736 5024 [ 402B44B31C7183FCF2C4E1083AF317FA ] C:\Windows\System32\conhost.exe
22:55:33.0736 5024 C:\Windows\System32\conhost.exe - ok
22:55:33.0743 5024 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
22:55:33.0743 5024 C:\Windows\SysWOW64\winbrand.dll - ok
22:55:33.0752 5024 [ A6B73FCB9496DB101F3066CAF5A7DA4B ] C:\Windows\SysWOW64\ieframe.dll
22:55:33.0752 5024 C:\Windows\SysWOW64\ieframe.dll - ok
22:55:33.0759 5024 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
22:55:33.0759 5024 C:\Windows\System32\wpdbusenum.dll - ok
22:55:33.0764 5024 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
22:55:33.0765 5024 C:\Windows\SysWOW64\oleacc.dll - ok
22:55:33.0772 5024 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
22:55:33.0772 5024 C:\Windows\SysWOW64\shdocvw.dll - ok
22:55:33.0780 5024 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
22:55:33.0780 5024 C:\Windows\System32\ndiscapCfg.dll - ok
22:55:33.0788 5024 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
22:55:33.0788 5024 C:\Windows\System32\rascfg.dll - ok
22:55:33.0795 5024 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
22:55:33.0795 5024 C:\Windows\System32\mprapi.dll - ok
22:55:33.0803 5024 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
22:55:33.0803 5024 C:\Windows\System32\mprmsg.dll - ok
22:55:33.0811 5024 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
22:55:33.0811 5024 C:\Windows\System32\tcpipcfg.dll - ok
22:55:33.0820 5024 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
22:55:33.0820 5024 C:\Windows\System32\nci.dll - ok
22:55:33.0827 5024 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
22:55:33.0827 5024 C:\Windows\System32\wlaninst.dll - ok
22:55:33.0836 5024 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
22:55:33.0837 5024 C:\Windows\System32\wwaninst.dll - ok
22:55:33.0845 5024 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\chris\AppData\Local\Temp\4EB4EE6B-76AC-4960-829D-774466DEBCF0.exe
22:55:33.0846 5024 C:\Users\chris\AppData\Local\Temp\4EB4EE6B-76AC-4960-829D-774466DEBCF0.exe - ok
22:55:33.0854 5024 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
22:55:33.0854 5024 C:\Windows\SysWOW64\imagehlp.dll - ok
22:55:33.0862 5024 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
22:55:33.0862 5024 C:\Windows\SysWOW64\ncrypt.dll - ok
22:55:33.0870 5024 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
22:55:33.0870 5024 C:\Windows\SysWOW64\bcrypt.dll - ok
22:55:33.0878 5024 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
22:55:33.0878 5024 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
22:55:33.0887 5024 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
22:55:33.0887 5024 C:\Windows\System32\PortableDeviceApi.dll - ok
22:55:33.0895 5024 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
22:55:33.0895 5024 C:\Windows\System32\Apphlpdm.dll - ok
22:55:33.0903 5024 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
22:55:33.0904 5024 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
22:55:33.0908 5024 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
22:55:33.0908 5024 C:\Windows\SysWOW64\gpapi.dll - ok
22:55:33.0908 5024 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
22:55:33.0908 5024 C:\Windows\SysWOW64\cryptnet.dll - ok
22:55:33.0924 5024 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
22:55:33.0924 5024 C:\Windows\SysWOW64\winhttp.dll - ok
22:55:33.0924 5024 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
22:55:33.0924 5024 C:\Windows\SysWOW64\webio.dll - ok
22:55:33.0939 5024 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
22:55:33.0939 5024 C:\Windows\SysWOW64\credssp.dll - ok
22:55:33.0939 5024 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\SysWOW64\cabinet.dll
22:55:33.0939 5024 C:\Windows\SysWOW64\cabinet.dll - ok
22:55:33.0955 5024 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
22:55:33.0955 5024 C:\Windows\System32\p2pcollab.dll - ok
22:55:33.0955 5024 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
22:55:33.0955 5024 C:\Windows\System32\QAGENTRT.DLL - ok
22:55:33.0976 5024 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
22:55:33.0977 5024 C:\Windows\System32\fveui.dll - ok
22:55:33.0984 5024 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
22:55:33.0985 5024 C:\Windows\SysWOW64\dwmapi.dll - ok
22:55:33.0993 5024 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
22:55:33.0993 5024 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
22:55:34.0000 5024 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
22:55:34.0000 5024 C:\Windows\SysWOW64\EhStorShell.dll - ok
22:55:34.0008 5024 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
22:55:34.0008 5024 C:\Windows\SysWOW64\ntshrui.dll - ok
22:55:34.0013 5024 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
22:55:34.0013 5024 C:\Windows\SysWOW64\srvcli.dll - ok
22:55:34.0022 5024 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
22:55:34.0022 5024 C:\Windows\SysWOW64\cscapi.dll - ok
22:55:34.0030 5024 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
22:55:34.0030 5024 C:\Windows\SysWOW64\slc.dll - ok
22:55:34.0038 5024 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
22:55:34.0038 5024 C:\Windows\SysWOW64\imageres.dll - ok
22:55:34.0047 5024 [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
22:55:34.0047 5024 C:\Windows\System32\spfileq.dll - ok
22:55:34.0057 5024 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
22:55:34.0057 5024 C:\Windows\System32\wbem\NCProv.dll - ok
22:55:34.0065 5024 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
22:55:34.0065 5024 C:\Windows\SysWOW64\mpr.dll - ok
22:55:34.0074 5024 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
22:55:34.0074 5024 C:\Windows\SysWOW64\netutils.dll - ok
22:55:34.0082 5024 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
22:55:34.0082 5024 C:\Windows\System32\ie4uinit.exe - ok
22:55:34.0090 5024 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
22:55:34.0091 5024 C:\Windows\System32\iedkcs32.dll - ok
22:55:34.0098 5024 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
22:55:34.0098 5024 C:\Windows\System32\timedate.cpl - ok
22:55:34.0106 5024 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
22:55:34.0107 5024 C:\Windows\System32\shdocvw.dll - ok
22:55:34.0114 5024 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
22:55:34.0115 5024 C:\Windows\System32\linkinfo.dll - ok
22:55:34.0123 5024 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
22:55:34.0123 5024 C:\Windows\System32\msftedit.dll - ok
22:55:34.0131 5024 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
22:55:34.0131 5024 C:\Windows\System32\msls31.dll - ok
22:55:34.0138 5024 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
22:55:34.0139 5024 C:\Windows\System32\gameux.dll - ok
22:55:34.0146 5024 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
22:55:34.0147 5024 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
22:55:34.0155 5024 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
22:55:34.0155 5024 C:\Windows\System32\msi.dll - ok
22:55:34.0162 5024 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
22:55:34.0162 5024 C:\Windows\System32\msiltcfg.dll - ok
22:55:34.0171 5024 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
22:55:34.0171 5024 C:\Windows\System32\thumbcache.dll - ok
22:55:34.0178 5024 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
22:55:34.0179 5024 C:\Windows\System32\networkexplorer.dll - ok
22:55:34.0187 5024 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\21986893.sys
22:55:34.0187 5024 C:\Windows\System32\drivers\21986893.sys - ok
22:55:34.0195 5024 [ A787947E214239C6957435180151F0D8 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:55:34.0195 5024 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
22:55:34.0203 5024 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
22:55:34.0203 5024 C:\Windows\System32\DeviceCenter.dll - ok
22:55:34.0211 5024 [ EEA8AF1F2F3502FB3846F6FE1CB9DA7C ] C:\Windows\System32\igfxtray.exe
22:55:34.0211 5024 C:\Windows\System32\igfxtray.exe - ok
22:55:34.0219 5024 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
22:55:34.0219 5024 C:\Windows\SysWOW64\msi.dll - ok
22:55:34.0227 5024 [ 05EA520BFB1D3085CB12A4355598081D ] C:\Windows\System32\hccutils.dll
22:55:34.0227 5024 C:\Windows\System32\hccutils.dll - ok
22:55:34.0235 5024 [ 588F11201B056CBF0DD984D4E89EC7E2 ] C:\Windows\System32\hkcmd.exe
22:55:34.0235 5024 C:\Windows\System32\hkcmd.exe - ok
22:55:34.0242 5024 [ 357BB2B30C6A1BCBBC15809D54402CAB ] C:\Windows\System32\igfxpers.exe
22:55:34.0242 5024 C:\Windows\System32\igfxpers.exe - ok
22:55:34.0252 5024 [ 1FAD6ACA65366E1AFF10EC6B02F47A84 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
22:55:34.0252 5024 C:\Program Files\Microsoft Office\Office14\BCSSync.exe - ok
22:55:34.0259 5024 [ 0D7BE936A44E6B70F822D272A5CEBC22 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll
22:55:34.0259 5024 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\msvcr90.dll - ok
22:55:34.0265 5024 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
22:55:34.0265 5024 C:\Windows\System32\mscoree.dll - ok
22:55:34.0274 5024 [ F02A533F517EB38333CB12A9E8963773 ] C:\Users\chris\AppData\Local\Google\Update\GoogleUpdate.exe
22:55:34.0274 5024 C:\Users\chris\AppData\Local\Google\Update\GoogleUpdate.exe - ok
22:55:34.0282 5024 [ 11F9DA38C72BAC9909AB67DABC1CB73A ] C:\Windows\System32\igfxsrvc.exe
22:55:34.0282 5024 C:\Windows\System32\igfxsrvc.exe - ok
22:55:34.0291 5024 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
22:55:34.0291 5024 C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\goopdate.dll - ok
22:55:34.0299 5024 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
22:55:34.0299 5024 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
22:55:34.0307 5024 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
22:55:34.0307 5024 C:\Windows\System32\dsound.dll - ok
22:55:34.0316 5024 [ C281F59DDA1C15EEDEA1C51B48643204 ] C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
22:55:34.0316 5024 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe - ok
22:55:34.0324 5024 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
22:55:34.0324 5024 C:\Windows\SysWOW64\netapi32.dll - ok
22:55:34.0332 5024 [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
22:55:34.0332 5024 C:\Windows\System32\opengl32.dll - ok
22:55:34.0340 5024 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
22:55:34.0340 5024 C:\Windows\SysWOW64\wkscli.dll - ok
22:55:34.0348 5024 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
22:55:34.0348 5024 C:\Windows\System32\ddraw.dll - ok
22:55:34.0356 5024 [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
22:55:34.0356 5024 C:\Windows\System32\glu32.dll - ok
22:55:34.0363 5024 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
22:55:34.0363 5024 C:\Windows\SysWOW64\dbghelp.dll - ok
22:55:34.0371 5024 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
22:55:34.0371 5024 C:\Windows\System32\dciman32.dll - ok
22:55:34.0379 5024 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
22:55:34.0379 5024 C:\Windows\System32\oledlg.dll - ok
22:55:34.0388 5024 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
22:55:34.0388 5024 C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
22:55:34.0396 5024 [ 31A6D4B8803CCBA44271F05E08C4955A ] C:\Windows\System32\igfxsrvc.dll
22:55:34.0396 5024 C:\Windows\System32\igfxsrvc.dll - ok
22:55:34.0404 5024 [ 7636713B4F0944045AB4AF7CED5245AB ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
22:55:34.0404 5024 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe - ok
22:55:34.0412 5024 [ F51059EE3C543CB364A069CAFB252031 ] C:\Windows\System32\igfxdev.dll
22:55:34.0412 5024 C:\Windows\System32\igfxdev.dll - ok
22:55:34.0420 5024 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
22:55:34.0420 5024 C:\Windows\System32\msxml3.dll - ok
22:55:34.0429 5024 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
22:55:34.0429 5024 C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok
22:55:34.0437 5024 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
22:55:34.0437 5024 C:\Windows\SysWOW64\mstask.dll - ok
22:55:34.0444 5024 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
22:55:34.0444 5024 C:\Windows\SysWOW64\riched20.dll - ok
22:55:34.0452 5024 [ 180A7380320AF73CCF7F7D8880CA2193 ] C:\Windows\System32\ieframe.dll
22:55:34.0452 5024 C:\Windows\System32\ieframe.dll - ok
22:55:34.0460 5024 [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
22:55:34.0460 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
22:55:34.0469 5024 [ 7726C681F89F51D1D03F5DEC2538DA7B ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
22:55:34.0469 5024 C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll - ok
22:55:34.0477 5024 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
22:55:34.0477 5024 C:\Windows\System32\dbghelp.dll - ok
22:55:34.0485 5024 [ AF43C4F7F3C8BC95DAD95024F96CDC4A ] C:\Program Files (x86)\QuickTime\qttask.exe
22:55:34.0486 5024 C:\Program Files (x86)\QuickTime\qttask.exe - ok
22:55:34.0494 5024 [ 596F5A2C5916EFD177B0614788B0CDF1 ] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
22:55:34.0494 5024 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe - ok
22:55:34.0502 5024 [ 79D776E2B167AF1C09626D833B3CFAD1 ] C:\Windows\System32\RtkCfg64.dll
22:55:34.0502 5024 C:\Windows\System32\RtkCfg64.dll - ok
22:55:34.0510 5024 [ C25602103B927A359B3ED9307EB37ED6 ] C:\Program Files (x86)\AVG Secure Search\vprot.exe
22:55:34.0510 5024 C:\Program Files (x86)\AVG Secure Search\vprot.exe - ok
22:55:34.0515 5024 [ 5CEDF292F4573A1F36CC7DE598ECCFC7 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
22:55:34.0515 5024 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
22:55:34.0525 5024 [ 423069307FB726E51E2A66F1C3F738FE ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
22:55:34.0525 5024 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll - ok
22:55:34.0534 5024 [ C5F1D82D9CC8979971CC748FCB2EE7CA ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
22:55:34.0534 5024 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe - ok
22:55:34.0543 5024 [ 8A4D564076F8739C8C0C2B9A461F9408 ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
22:55:34.0543 5024 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll - ok
22:55:34.0553 5024 [ 7E72B82A67212BC07E23CC96D966B1CF ] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
22:55:34.0553 5024 C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe - ok
22:55:34.0562 5024 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:55:34.0562 5024 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
22:55:34.0571 5024 [ FE821F6FA60E9DF9FDEE69A23488BBAB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:55:34.0571 5024 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
22:55:34.0580 5024 [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
22:55:34.0580 5024 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
22:55:34.0588 5024 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
22:55:34.0588 5024 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
22:55:34.0597 5024 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
22:55:34.0597 5024 C:\Windows\System32\oleacc.dll - ok
22:55:34.0604 5024 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
22:55:34.0604 5024 C:\Windows\SysWOW64\comdlg32.dll - ok
22:55:34.0612 5024 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
22:55:34.0612 5024 C:\Windows\SysWOW64\winspool.drv - ok
22:55:34.0620 5024 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
22:55:34.0620 5024 C:\Windows\SysWOW64\msimg32.dll - ok
22:55:34.0628 5024 [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
22:55:34.0628 5024 C:\Windows\SysWOW64\msvfw32.dll - ok
22:55:34.0636 5024 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
22:55:34.0636 5024 C:\Windows\SysWOW64\oledlg.dll - ok
22:55:34.0644 5024 [ 7B845BFE314509D08AB5865CB141E332 ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
22:55:34.0644 5024 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
22:55:34.0653 5024 [ CA0C67BA7AEBA6AED5DDB852E6EEA811 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
22:55:34.0653 5024 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
22:55:34.0662 5024 [ 9DEE004269DADEE715BD572410AA6076 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
22:55:34.0662 5024 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
22:55:34.0672 5024 [ A7146C0C90D7BA0F251AC073E655D4D2 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
22:55:34.0672 5024 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
22:55:34.0681 5024 [ D867517D8D6F4552FDFAA6934CAB969A ] C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
22:55:34.0681 5024 C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe - ok
22:55:34.0689 5024 [ 2A632A95433E9719F37AE06BA00543AC ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL
22:55:34.0690 5024 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL - ok
22:55:34.0698 5024 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
22:55:34.0698 5024 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
22:55:34.0707 5024 [ 8B9D6D070113CFD8E20793768AFA26FC ] C:\Program Files (x86)\AVG\AVG2012\avglngx.dll
22:55:34.0707 5024 C:\Program Files (x86)\AVG\AVG2012\avglngx.dll - ok
22:55:34.0715 5024 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\Windows\SysWOW64\msvcp100.dll
22:55:34.0715 5024 C:\Windows\SysWOW64\msvcp100.dll - ok
22:55:34.0723 5024 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\Windows\SysWOW64\msvcr100.dll
22:55:34.0723 5024 C:\Windows\SysWOW64\msvcr100.dll - ok
22:55:34.0731 5024 [ 7240EA3FA768ED1E6E52741AE47EA08A ] C:\Program Files (x86)\AVG\AVG2012\avgabout.dll
22:55:34.0731 5024 C:\Program Files (x86)\AVG\AVG2012\avgabout.dll - ok
22:55:34.0739 5024 [ 5B8D71AC2074550D78BC188A8888054F ] C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll
22:55:34.0739 5024 C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll - ok
22:55:34.0747 5024 [ 6F20729E802D5CC643A73A7F0339032B ] C:\Program Files (x86)\AVG\AVG2012\avguires.dll
22:55:34.0747 5024 C:\Program Files (x86)\AVG\AVG2012\avguires.dll - ok
22:55:34.0756 5024 [ FE56C0DA05F4C3B8BEAB297C486FF737 ] C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll
22:55:34.0756 5024 C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll - ok
22:55:34.0765 5024 [ AB781C0E4C09E08F464081D17C0F6184 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
22:55:34.0765 5024 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
22:55:34.0771 5024 [ D870F564BA017FEFC51D2B3C7E2B568B ] C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
22:55:34.0771 5024 C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll - ok
22:55:34.0780 5024 [ 6E50CFA46527B39015B750AAD161C5CC ] C:\Program Files\iPod\bin\iPodService.exe
22:55:34.0780 5024 C:\Program Files\iPod\bin\iPodService.exe - ok
22:55:34.0789 5024 [ 8044B0D9959B03894973BBD805CA4F36 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
22:55:34.0789 5024 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
22:55:34.0797 5024 [ 9AF2D062007C2C39BFC04679E13DC0C4 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
22:55:34.0797 5024 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
22:55:34.0806 5024 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
22:55:34.0806 5024 C:\Windows\SysWOW64\sxs.dll - ok
22:55:34.0814 5024 [ F7DCE54077EE9D8A351C4B1FFA866EE7 ] C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
22:55:34.0814 5024 C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ok
22:55:34.0823 5024 [ 2712C5D20CFD411623314767BC6137BB ] C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
22:55:34.0823 5024 C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe - ok
22:55:34.0831 5024 [ BAD050773640C4673E29E5B4B09CE60C ] C:\Windows\System32\GfxUI.exe
22:55:34.0831 5024 C:\Windows\System32\GfxUI.exe - ok
22:55:34.0839 5024 [ 352C7C2470C03AFD41889236D849D75C ] C:\Windows\System32\igfxrenu.lrc
22:55:34.0839 5024 C:\Windows\System32\igfxrenu.lrc - ok
22:55:34.0847 5024 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
22:55:34.0847 5024 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
22:55:34.0855 5024 [ B2E9DB5E5F4091FCDA0C9249C1E3F974 ] C:\Program Files (x86)\AVG\AVG2012\avgidpmx.dll
22:55:34.0855 5024 C:\Program Files (x86)\AVG\AVG2012\avgidpmx.dll - ok
22:55:34.0863 5024 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
22:55:34.0863 5024 C:\Windows\System32\stobject.dll - ok
22:55:34.0871 5024 [ 442427DDE21553EAFD11566037F1637A ] C:\Program Files (x86)\PdaNet for Android\PnHelp.exe
22:55:34.0872 5024 C:\Program Files (x86)\PdaNet for Android\PnHelp.exe - ok
22:55:34.0880 5024 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
22:55:34.0880 5024 C:\Windows\System32\batmeter.dll - ok
22:55:34.0888 5024 [ 9209994CFBDF2814AC8CB16DA267600D ] C:\Users\chris\AppData\Local\Google\Chrome\Application\chrome.exe
22:55:34.0889 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\chrome.exe - ok
22:55:34.0896 5024 [ 11E8D8272FDBE213ADE3DAD91427CE35 ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
22:55:34.0897 5024 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe - ok
22:55:34.0904 5024 [ 8D1BB1E5A033E8817EF94A9047630165 ] C:\Windows\SysWOW64\mshtml.dll
22:55:34.0904 5024 C:\Windows\SysWOW64\mshtml.dll - ok
22:55:34.0912 5024 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
22:55:34.0912 5024 C:\Windows\SysWOW64\duser.dll - ok
22:55:34.0921 5024 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
22:55:34.0921 5024 C:\Windows\System32\prnfldr.dll - ok
22:55:34.0929 5024 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
22:55:34.0929 5024 C:\Windows\SysWOW64\dui70.dll - ok
22:55:34.0936 5024 [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
22:55:34.0936 5024 C:\Windows\System32\wersvc.dll - ok
22:55:34.0944 5024 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
22:55:34.0944 5024 C:\Windows\System32\DXP.dll - ok
22:55:34.0952 5024 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
22:55:34.0952 5024 C:\Windows\System32\Syncreg.dll - ok
22:55:34.0960 5024 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
22:55:34.0960 5024 C:\Windows\System32\UIAnimation.dll - ok
22:55:34.0967 5024 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
22:55:34.0967 5024 C:\Windows\ehome\ehSSO.dll - ok
22:55:34.0969 5024 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
22:55:34.0969 5024 C:\Windows\System32\netshell.dll - ok
22:55:34.0969 5024 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
22:55:34.0969 5024 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
22:55:34.0984 5024 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
22:55:34.0984 5024 C:\Windows\System32\SearchIndexer.exe - ok
22:55:34.0984 5024 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
22:55:34.0984 5024 C:\Windows\System32\tquery.dll - ok
22:55:35.0000 5024 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
22:55:35.0000 5024 C:\Windows\System32\AltTab.dll - ok
22:55:35.0000 5024 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
22:55:35.0000 5024 C:\Windows\System32\ActionCenter.dll - ok
22:55:35.0016 5024 [ A3287F8EB6182FB060C818524C7D6A63 ] C:\Windows\System32\dxtrans.dll
22:55:35.0016 5024 C:\Windows\System32\dxtrans.dll - ok
22:55:35.0016 5024 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
22:55:35.0016 5024 C:\Windows\System32\WPDShServiceObj.dll - ok
22:55:35.0034 5024 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
22:55:35.0034 5024 C:\Windows\System32\pnidui.dll - ok
22:55:35.0041 5024 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
22:55:35.0041 5024 C:\Windows\System32\mssrch.dll - ok
22:55:35.0052 5024 [ FD2031A7D5BBB95DC8A763D20B352A46 ] C:\Windows\System32\imgutil.dll
22:55:35.0052 5024 C:\Windows\System32\imgutil.dll - ok
22:55:35.0057 5024 [ 4938A4350327E1A5DEB0CD134AC1AAA3 ] C:\Windows\System32\ddrawex.dll
22:55:35.0058 5024 C:\Windows\System32\ddrawex.dll - ok
22:55:35.0068 5024 [ 2337EC951C4AF6E1AF65D10BD9615BEB ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
22:55:35.0068 5024 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin - ok
22:55:35.0075 5024 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
22:55:35.0075 5024 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
22:55:35.0083 5024 [ 2F31597DA72FE328E1F7FEBF8548759C ] C:\Windows\System32\pngfilt.dll
22:55:35.0083 5024 C:\Windows\System32\pngfilt.dll - ok
22:55:35.0091 5024 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
22:55:35.0091 5024 C:\Windows\SysWOW64\msimtf.dll - ok
22:55:35.0098 5024 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
22:55:35.0098 5024 C:\Windows\System32\msidle.dll - ok
22:55:35.0107 5024 [ 396F72E102E368E402736813ED6683C7 ] C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
22:55:35.0107 5024 C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll - ok
22:55:35.0116 5024 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
22:55:35.0116 5024 C:\Windows\SysWOW64\mlang.dll - ok
22:55:35.0123 5024 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
22:55:35.0123 5024 C:\Windows\System32\mssprxy.dll - ok
22:55:35.0131 5024 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
22:55:35.0131 5024 C:\Windows\System32\QUTIL.DLL - ok
22:55:35.0139 5024 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
22:55:35.0139 5024 C:\Windows\SysWOW64\mssprxy.dll - ok
22:55:35.0147 5024 [ 54E2D3E2B827A8C3E4B907A4711A31AF ] C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
22:55:35.0147 5024 C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll - ok
22:55:35.0155 5024 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
22:55:35.0155 5024 C:\Windows\System32\FXSST.dll - ok
22:55:35.0163 5024 [ 962C8A3AF8CA4ABF553E367368565335 ] C:\Windows\SysWOW64\jscript9.dll
22:55:35.0163 5024 C:\Windows\SysWOW64\jscript9.dll - ok
22:55:35.0172 5024 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll
22:55:35.0172 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok
22:55:35.0179 5024 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
22:55:35.0180 5024 C:\Windows\System32\FXSAPI.dll - ok
22:55:35.0188 5024 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
22:55:35.0188 5024 C:\Windows\System32\FXSRESM.dll - ok
22:55:35.0195 5024 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
22:55:35.0195 5024 C:\Windows\SysWOW64\msls31.dll - ok
22:55:35.0203 5024 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
22:55:35.0203 5024 C:\Windows\System32\en-US\tquery.dll.mui - ok
22:55:35.0212 5024 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
22:55:35.0212 5024 C:\Windows\System32\PortableDeviceTypes.dll - ok
22:55:35.0219 5024 [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\SysWOW64\d2d1.dll
22:55:35.0219 5024 C:\Windows\SysWOW64\d2d1.dll - ok
22:55:35.0227 5024 [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll
22:55:35.0227 5024 C:\Windows\System32\cscobj.dll - ok
22:55:35.0235 5024 [ 0089E7D7C5DB88AED1C6DABA299F2543 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
22:55:35.0236 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll - ok
22:55:35.0243 5024 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
22:55:35.0243 5024 C:\Windows\System32\bthprops.cpl - ok
22:55:35.0251 5024 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
22:55:35.0251 5024 C:\Windows\System32\FXSSVC.exe - ok
22:55:35.0259 5024 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
22:55:35.0259 5024 C:\Windows\System32\srchadmin.dll - ok
22:55:35.0267 5024 [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\SysWOW64\DWrite.dll
22:55:35.0267 5024 C:\Windows\SysWOW64\DWrite.dll - ok
22:55:35.0272 5024 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
22:55:35.0272 5024 C:\Windows\System32\netman.dll - ok
22:55:35.0280 5024 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
22:55:35.0280 5024 C:\Windows\System32\rasdlg.dll - ok
22:55:35.0289 5024 [ EC18AEF05DBCCB3339AC6F3AC654DC2F ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
22:55:35.0289 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll - ok
22:55:35.0297 5024 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
22:55:35.0297 5024 C:\Windows\System32\wlanhlp.dll - ok
22:55:35.0305 5024 [ 8A5ED0C3112D2B9C38FFFDC0DB7621E5 ] C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
22:55:35.0305 5024 C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll - ok
22:55:35.0313 5024 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
22:55:35.0313 5024 C:\Windows\System32\wlanapi.dll - ok
22:55:35.0321 5024 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
22:55:35.0321 5024 C:\Windows\System32\dot3api.dll - ok
22:55:35.0330 5024 [ 98934C38D3C8EF3821532C9601A5FD00 ] C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll
22:55:35.0330 5024 C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll - ok
22:55:35.0338 5024 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
22:55:35.0338 5024 C:\Windows\System32\FntCache.dll - ok
22:55:35.0346 5024 [ A357580AB18EE226CDAD0AED2A26D2A1 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
22:55:35.0346 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll - ok
22:55:35.0354 5024 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
22:55:35.0355 5024 C:\Windows\System32\WWanAPI.dll - ok
22:55:35.0362 5024 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
22:55:35.0362 5024 C:\Windows\System32\wwapi.dll - ok
22:55:35.0370 5024 [ 1E3C481863BC641EED1F286BD2B52BFF ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
22:55:35.0371 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll - ok
22:55:35.0379 5024 [ 5D8853DC268A9334ED4F95CC05464182 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
22:55:35.0379 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll - ok
22:55:35.0387 5024 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
22:55:35.0387 5024 C:\Windows\System32\SensApi.dll - ok
22:55:35.0396 5024 [ DF8509F210E0644321C901F316FF0D5F ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
22:55:35.0396 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll - ok
22:55:35.0404 5024 [ CA493A92DA9880B6F1A89C3DBD54BA5B ] C:\Windows\SysWOW64\dxtrans.dll
22:55:35.0404 5024 C:\Windows\SysWOW64\dxtrans.dll - ok
22:55:35.0412 5024 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
22:55:35.0412 5024 C:\Windows\SysWOW64\atl.dll - ok
22:55:35.0420 5024 [ BAB9EF9A340113666F678AA2474904B6 ] C:\Windows\SysWOW64\ddrawex.dll
22:55:35.0420 5024 C:\Windows\SysWOW64\ddrawex.dll - ok
22:55:35.0428 5024 [ AC75E94C10FBAE87FD113E000E97A494 ] C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
22:55:35.0428 5024 C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll - ok
22:55:35.0436 5024 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
22:55:35.0436 5024 C:\Windows\SysWOW64\ddraw.dll - ok
22:55:35.0444 5024 [ 842EF05B0835DB1D0DF9B96C66F3AE99 ] C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
22:55:35.0444 5024 C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll - ok
22:55:35.0453 5024 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll
22:55:35.0453 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok
22:55:35.0462 5024 [ E33305ED6335A6CDCFA2535DFD391C5D ] C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll
22:55:35.0462 5024 C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll - ok
22:55:35.0470 5024 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
22:55:35.0470 5024 C:\Windows\SysWOW64\dciman32.dll - ok
22:55:35.0478 5024 [ B631027F828D2233BFD39F0158998602 ] C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll
22:55:35.0478 5024 C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll - ok
22:55:35.0486 5024 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
22:55:35.0486 5024 C:\Windows\SysWOW64\dxgi.dll - ok
22:55:35.0495 5024 [ 412D311C23406DA899146C63073B1B1B ] C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
22:55:35.0495 5024 C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll - ok
22:55:35.0504 5024 [ B4E14C0398F0354520B449599EF4772C ] C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll
22:55:35.0504 5024 C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll - ok
22:55:35.0512 5024 [ EBC46519818325ADB53F08A03BA96B79 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
22:55:35.0512 5024 C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll - ok
22:55:35.0522 5024 [ F9E2088F6672D1ACF5318A0D6826817D ] C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
22:55:35.0522 5024 C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll - ok
22:55:35.0530 5024 [ AEED70294D4793AA216F542D55483F4A ] C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
22:55:35.0533 5024 C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll - ok
22:55:35.0538 5024 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
22:55:35.0539 5024 C:\Windows\System32\QAGENT.DLL - ok
22:55:35.0546 5024 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\SysWOW64\d3d10_1.dll
22:55:35.0546 5024 C:\Windows\SysWOW64\d3d10_1.dll - ok
22:55:35.0555 5024 [ FD214D31314D49640ABDC4E9FEB4F011 ] C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll
22:55:35.0555 5024 C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll - ok
22:55:35.0565 5024 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\SysWOW64\d3d10_1core.dll
22:55:35.0565 5024 C:\Windows\SysWOW64\d3d10_1core.dll - ok
22:55:35.0576 5024 [ 76F39902E25F43FE9450AD3D6A14D0D8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll
22:55:35.0576 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll - ok
22:55:35.0582 5024 [ 78B7A3BDA25C90DAA50D36A56A8D1351 ] C:\Windows\SysWOW64\d3d10warp.dll
22:55:35.0582 5024 C:\Windows\SysWOW64\d3d10warp.dll - ok
22:55:35.0590 5024 [ 4312DEBDACBE338F0B90E7F08E7672BE ] C:\Windows\SysWOW64\dxtmsft.dll
22:55:35.0590 5024 C:\Windows\SysWOW64\dxtmsft.dll - ok
22:55:35.0598 5024 [ BA38C50F523DC053488AC3F9EF99AA0B ] C:\Windows\SysWOW64\igdumdx32.dll
22:55:35.0598 5024 C:\Windows\SysWOW64\igdumdx32.dll - ok
22:55:35.0606 5024 [ 906987ECACDC29F61E40C2EDC777A8C0 ] C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
22:55:35.0607 5024 C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll - ok
22:55:35.0615 5024 [ 66EBA9C639D72440703624A5C824502F ] C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll
22:55:35.0615 5024 C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll - ok
22:55:35.0623 5024 [ 6723775876366534128CF2E1EEE173B8 ] C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll
22:55:35.0623 5024 C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll - ok
22:55:35.0634 5024 [ 72AB8C3F8AB7B550A896357C9E0896DA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll
22:55:35.0634 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll - ok
22:55:35.0641 5024 [ ADFC74F16BDD0FA95792E74A0330A303 ] C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll
22:55:35.0641 5024 C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll - ok
22:55:35.0649 5024 [ 2572E1F0254E2267E97DE1B15D099EC4 ] C:\Windows\SysWOW64\d3d10.dll
22:55:35.0650 5024 C:\Windows\SysWOW64\d3d10.dll - ok
22:55:35.0657 5024 [ B688D2B29F76AA8E7AD3BD9543B64521 ] C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll
22:55:35.0657 5024 C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll - ok
22:55:35.0665 5024 [ 547F78746F20901C770E8653B242217C ] C:\Windows\SysWOW64\d3d10core.dll
22:55:35.0665 5024 C:\Windows\SysWOW64\d3d10core.dll - ok
22:55:35.0674 5024 [ 0FB621AB33827DB5983805758D00F862 ] C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
22:55:35.0674 5024 C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll - ok
22:55:35.0682 5024 [ 8889D7C1996BAC716CFC5309C3D189BE ] C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
22:55:35.0683 5024 C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll - ok
22:55:35.0691 5024 [ C733EBBDD79892B96C9980EBDC0CA704 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll
22:55:35.0691 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll - ok
22:55:35.0699 5024 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
22:55:35.0699 5024 C:\Windows\System32\webcheck.dll - ok
22:55:35.0708 5024 [ 3395657CF9D08497B0C731869BA29123 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
22:55:35.0708 5024 C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll - ok
22:55:35.0717 5024 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
22:55:35.0717 5024 C:\Windows\System32\SearchProtocolHost.exe - ok
22:55:35.0724 5024 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
22:55:35.0724 5024 C:\Windows\System32\mlang.dll - ok
22:55:35.0733 5024 [ 20EE3646897D1A788D43DC071839575C ] C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
22:55:35.0733 5024 C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll - ok
22:55:35.0740 5024 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
22:55:35.0740 5024 C:\Windows\System32\SyncCenter.dll - ok
22:55:35.0749 5024 [ F269E64019E7797DBF6DC3DEB97C7750 ] C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
22:55:35.0749 5024 C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll - ok
22:55:35.0758 5024 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
22:55:35.0758 5024 C:\Windows\System32\msshooks.dll - ok
22:55:35.0766 5024 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
22:55:35.0766 5024 C:\Windows\System32\SearchFilterHost.exe - ok
22:55:35.0774 5024 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
22:55:35.0774 5024 C:\Windows\System32\mssph.dll - ok
22:55:35.0779 5024 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
22:55:35.0779 5024 C:\Windows\System32\imapi2.dll - ok
22:55:35.0787 5024 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
22:55:35.0787 5024 C:\Windows\System32\mapi32.dll - ok
22:55:35.0795 5024 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
22:55:35.0795 5024 C:\Windows\System32\hgcpl.dll - ok
22:55:35.0804 5024 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
22:55:35.0804 5024 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
22:55:35.0813 5024 [ C264145F107437CBD3B30303733AEE4F ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
22:55:35.0813 5024 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
22:55:35.0822 5024 [ 1D6EC197A370250224EE86E3815D3140 ] C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
22:55:35.0822 5024 C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll - ok
22:55:35.0831 5024 [ 84198EDE8CC6DABD564147E1A5789FF1 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
22:55:35.0831 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll - ok
22:55:35.0839 5024 [ FF824DFA487309A7DDDA7070BA251040 ] C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
22:55:35.0839 5024 C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll - ok
22:55:35.0848 5024 [ C8541AECCCA9260DE93C85F214110FA8 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
22:55:35.0848 5024 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
22:55:35.0856 5024 [ D07F102373F55F2790B229DBAD6F1225 ] C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll
22:55:35.0856 5024 C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll - ok
22:55:35.0864 5024 [ 7C27F5AD651035A99AA84CCF0F6E9B43 ] C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll
22:55:35.0864 5024 C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll - ok
22:55:35.0873 5024 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
22:55:35.0873 5024 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
22:55:35.0882 5024 [ 9B2DA8B311BDF7E95F5C9E57A61E8579 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
22:55:35.0882 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll - ok
22:55:35.0891 5024 [ 9D292306325D739281E3E68D81985E3F ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
22:55:35.0891 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll - ok
22:55:35.0900 5024 [ D4CB489326CF06972569AD00BFA601F1 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
22:55:35.0900 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll - ok
22:55:35.0908 5024 [ 87AD0CBF0048DE4A7F4CD820578166D2 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
22:55:35.0908 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll - ok
22:55:35.0917 5024 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
22:55:35.0917 5024 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
22:55:35.0925 5024 [ 0EC4190B22A0E37010CC69371432FC0C ] C:\Windows\System32\gfxSrvc.dll
22:55:35.0925 5024 C:\Windows\System32\gfxSrvc.dll - ok
22:55:35.0933 5024 [ 58957A04853F47B791D68B960258043C ] C:\Windows\System32\IGFXDEVLib.dll
22:55:35.0933 5024 C:\Windows\System32\IGFXDEVLib.dll - ok
22:55:35.0941 5024 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
22:55:35.0941 5024 C:\Windows\System32\d3d9.dll - ok
22:55:35.0948 5024 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
22:55:35.0948 5024 C:\Windows\System32\d3d8thk.dll - ok
22:55:35.0956 5024 [ 9C253164E7016B42591F08BEB90FB494 ] C:\Windows\System32\igdumd64.dll
22:55:35.0956 5024 C:\Windows\System32\igdumd64.dll - ok
22:55:35.0964 5024 [ AA76C702E092BF73751CE3DA166101F9 ] C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll
22:55:35.0964 5024 C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll - ok
22:55:35.0973 5024 [ A4B3A9FFA483F8CB36E56C19448DDE36 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll
22:55:35.0973 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll - ok
22:55:35.0982 5024 [ 5D0E28A22860E487148B2820309C0063 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll
22:55:35.0983 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll - ok
22:55:35.0991 5024 [ 80C834BA6B844C4B717F2465C4E8EC0F ] C:\Windows\System32\WindowsCodecsExt.dll
22:55:35.0991 5024 C:\Windows\System32\WindowsCodecsExt.dll - ok
22:55:35.0999 5024 [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
22:55:35.0999 5024 C:\Windows\System32\icm32.dll - ok
22:55:36.0008 5024 [ E185E2C42F8FBD2D7A21341CB171E648 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\20942af5321167fd09020d868507555a\WindowsFormsIntegration.ni.dll
22:55:36.0008 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\20942af5321167fd09020d868507555a\WindowsFormsIntegration.ni.dll - ok
22:55:36.0017 5024 [ DCEB48CB98EB6496CA8B6B26B1DE161A ] C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
22:55:36.0017 5024 C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll - ok
22:55:36.0023 5024 [ 0B445C4527F9AFAA03DC3B8F296764BB ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
22:55:36.0023 5024 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll - ok
22:55:36.0023 5024 [ 70C8F2121EA29625A4913336AF781725 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\adcf9e45725f341acbd5d3fcd0a54572\PresentationFramework.Aero.ni.dll
22:55:36.0023 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\adcf9e45725f341acbd5d3fcd0a54572\PresentationFramework.Aero.ni.dll - ok
22:55:36.0039 5024 [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\SysWOW64\Faultrep.dll
22:55:36.0039 5024 C:\Windows\SysWOW64\Faultrep.dll - ok
22:55:36.0039 5024 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
22:55:36.0039 5024 C:\Windows\SysWOW64\wer.dll - ok
22:55:36.0054 5024 [ BBB941D38253524BF975211A97B31EC1 ] C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
22:55:36.0054 5024 C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll - ok
22:55:36.0054 5024 [ C542B006ABD6FC881E07CC1127267B81 ] C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll
22:55:36.0054 5024 C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll - ok
22:55:36.0070 5024 [ B8528D49272643AA4AA763E391FFAE23 ] C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll
22:55:36.0070 5024 C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll - ok
22:55:36.0070 5024 [ EFD30977213B7881E80E86C6F9D74B3F ] C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll
22:55:36.0070 5024 C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll - ok
22:55:36.0090 5024 [ 2E2C6E12719A769A2DA57C4A690B04D5 ] C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll
22:55:36.0090 5024 C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll - ok
22:55:36.0098 5024 [ 6A6CFD2A1F4C2DD947BD177C9B60CFF4 ] C:\Program Files (x86)\OpenOffice.org 3\program\package2.dll
22:55:36.0099 5024 C:\Program Files (x86)\OpenOffice.org 3\program\package2.dll - ok
22:55:36.0107 5024 [ 870050A1A930D93385A67E845FF1672D ] C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll
22:55:36.0107 5024 C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll - ok
22:55:36.0115 5024 [ FD57703E62D9EB18EA3D23D134350988 ] C:\Program Files (x86)\OpenOffice.org 3\program\xomi.dll
22:55:36.0116 5024 C:\Program Files (x86)\OpenOffice.org 3\program\xomi.dll - ok
22:55:36.0124 5024 [ 427B464DE914461A6B282220A157925B ] C:\Program Files (x86)\OpenOffice.org 3\program\localedata_en.dll
22:55:36.0124 5024 C:\Program Files (x86)\OpenOffice.org 3\program\localedata_en.dll - ok
22:55:36.0135 5024 [ D79D19EC66106119DCD45D042C6B5170 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll
22:55:36.0135 5024 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll - ok
22:55:36.0142 5024 [ A555EC9827745E760BBABB7C6D4CE37F ] C:\Program Files\Internet Explorer\ieproxy.dll
22:55:36.0142 5024 C:\Program Files\Internet Explorer\ieproxy.dll - ok
22:55:36.0151 5024 [ F52634E7D7A363F2AB4AB2120E4A8ACE ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\chrome.dll
22:55:36.0151 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\chrome.dll - ok
22:55:36.0159 5024 [ 885FD19118BC7514590C5EEF31CD7D71 ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\icudt.dll
22:55:36.0160 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\icudt.dll - ok
22:55:36.0168 5024 [ 71C4F42DC8DB668E826DA79462EA741E ] C:\Windows\SysWOW64\KBDUS.DLL
22:55:36.0168 5024 C:\Windows\SysWOW64\KBDUS.DLL - ok
22:55:36.0175 5024 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
22:55:36.0175 5024 C:\Windows\SysWOW64\mscms.dll - ok
22:55:36.0183 5024 [ 236360CE5E4C3F063AC110533747C0A8 ] C:\Windows\SysWOW64\Wpc.dll
22:55:36.0183 5024 C:\Windows\SysWOW64\Wpc.dll - ok
22:55:36.0190 5024 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
22:55:36.0191 5024 C:\Windows\SysWOW64\wevtapi.dll - ok
22:55:36.0198 5024 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
22:55:36.0198 5024 C:\Windows\SysWOW64\samcli.dll - ok
22:55:36.0206 5024 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
22:55:36.0206 5024 C:\Windows\SysWOW64\samlib.dll - ok
22:55:36.0214 5024 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\SysWOW64\msftedit.dll
22:55:36.0214 5024 C:\Windows\SysWOW64\msftedit.dll - ok
22:55:36.0222 5024 [ 0F2F2C982672FAD5D55450298E7E962C ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
22:55:36.0222 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll - ok
22:55:36.0231 5024 [ 1C9B45E87528B8BB8CFA884EA0099A85 ] C:\Windows\SysWOW64\D3DCompiler_43.dll
22:55:36.0231 5024 C:\Windows\SysWOW64\D3DCompiler_43.dll - ok
22:55:36.0239 5024 [ 8B62C93760524569B9254DB70B16D98B ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
22:55:36.0239 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll - ok
22:55:36.0248 5024 [ 86E39E9161C3D930D93822F1563C280D ] C:\Windows\SysWOW64\D3DX9_43.dll
22:55:36.0248 5024 C:\Windows\SysWOW64\D3DX9_43.dll - ok
22:55:36.0256 5024 [ F37B4AEB402CE4DC7DDCC55AD0FD2EDF ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
22:55:36.0256 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll - ok
22:55:36.0265 5024 [ 8862D4B7722A3E631435C33A78BB7B20 ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
22:55:36.0265 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll - ok
22:55:36.0274 5024 [ 92E76B2B0382A89E6A0C897D88065952 ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
22:55:36.0274 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll - ok
22:55:36.0283 5024 [ 5BCFBC1BD4F8BAB9A2A15DFEAE5CE1DD ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
22:55:36.0283 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll - ok
22:55:36.0292 5024 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
22:55:36.0292 5024 C:\Windows\SysWOW64\d3d9.dll - ok
22:55:36.0299 5024 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
22:55:36.0299 5024 C:\Windows\SysWOW64\d3d8thk.dll - ok
22:55:36.0306 5024 [ 28EE522EC405CC08A69F16A16921EF99 ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
22:55:36.0306 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll - ok
22:55:36.0315 5024 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
22:55:36.0315 5024 C:\Windows\SysWOW64\linkinfo.dll - ok
22:55:36.0323 5024 [ 10AB9C9ADB89816BEFB077E72659D029 ] C:\Windows\SysWOW64\igdumd32.dll
22:55:36.0323 5024 C:\Windows\SysWOW64\igdumd32.dll - ok
22:55:36.0332 5024 [ 50180B04EC08921D30B736122A691FA3 ] C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
22:55:36.0332 5024 C:\Users\chris\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll - ok
22:55:36.0340 5024 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
22:55:36.0340 5024 C:\Windows\SysWOW64\powrprof.dll - ok
22:55:36.0348 5024 [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\SysWOW64\dxva2.dll
22:55:36.0348 5024 C:\Windows\SysWOW64\dxva2.dll - ok
22:55:36.0355 5024 [ FDBA1DEC4F9BE4274A00B9B850C63484 ] C:\Windows\SysWOW64\mf.dll
22:55:36.0355 5024 C:\Windows\SysWOW64\mf.dll - ok
22:55:36.0364 5024 [ B50CFCB466D0634EF9A258D0A0FB408C ] C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
22:55:36.0364 5024 C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll - ok
22:55:36.0372 5024 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\SysWOW64\mfplat.dll
22:55:36.0372 5024 C:\Windows\SysWOW64\mfplat.dll - ok
22:55:36.0380 5024 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
22:55:36.0380 5024 C:\Windows\SysWOW64\avrt.dll - ok
22:55:36.0392 5024 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
22:55:36.0392 5024 C:\Windows\SysWOW64\ksuser.dll - ok
22:55:36.0398 5024 [ 21FF3F07336CE4F8DF6AF1746BC26AAB ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
22:55:36.0398 5024 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll - ok
22:55:36.0406 5024 [ 3DE43BFDAF3F8979699650202AA18B12 ] C:\Windows\SysWOW64\msmpeg2vdec.dll
22:55:36.0406 5024 C:\Windows\SysWOW64\msmpeg2vdec.dll - ok
22:55:36.0416 5024 [ 47C3FA43F99202E2F92EFA1EB9BDECF7 ] C:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
22:55:36.0416 5024 C:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll - ok
22:55:36.0424 5024 [ C7BE533F805F8AEFE75FC7D7C6D0EBF9 ] C:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
22:55:36.0425 5024 C:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll - ok
22:55:36.0433 5024 [ D11EC90E0D361D8EBD6BCB3F29BEF153 ] C:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
22:55:36.0433 5024 C:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll - ok
22:55:36.0441 5024 [ EAE76FAEFB3DDE4B990DA9506132B3C3 ] C:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
22:55:36.0442 5024 C:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll - ok
22:55:36.0450 5024 [ 0B6CE016084875A998C5B5D35CB2BFEF ] C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
22:55:36.0450 5024 C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll - ok
22:55:36.0458 5024 [ C6413394AE69008A2E817B428E7F69E7 ] C:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
22:55:36.0458 5024 C:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll - ok
22:55:36.0467 5024 [ CC8294EF935A1BCE97C882B8F279669A ] C:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
22:55:36.0467 5024 C:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll - ok
22:55:36.0476 5024 [ E54631B36DB25082B7998AE7538BA8C8 ] C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
22:55:36.0476 5024 C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - ok
22:55:36.0484 5024 [ 9B301B3FAE10015350B96B58AB24F046 ] C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
22:55:36.0484 5024 C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - ok
22:55:36.0492 5024 [ 53AF1750FD45DDD705C9B68C7DC58827 ] C:\Windows\SysWOW64\evr.dll
22:55:36.0492 5024 C:\Windows\SysWOW64\evr.dll - ok
22:55:36.0500 5024 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\SysWOW64\sqmapi.dll
22:55:36.0500 5024 C:\Windows\SysWOW64\sqmapi.dll - ok
22:55:36.0508 5024 [ 7E2B763CF671ADB558D5F7110889D469 ] C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
22:55:36.0508 5024 C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL - ok
22:55:36.0516 5024 [ 7B882AEBC5F6DBEA4E0361C0FC3E36D4 ] C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
22:55:36.0516 5024 C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL - ok
22:55:36.0526 5024 [ E0BCE90537E4A41AF36D5BDD5963A09D ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
22:55:36.0526 5024 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - ok
22:55:36.0535 5024 [ 6C5205AD5AD2CC1064115FA608645B52 ] C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
22:55:36.0535 5024 C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll - ok
22:55:36.0543 5024 [ A96CF24DCE0DBAC3C3B80B61FB1C44A7 ] C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
22:55:36.0543 5024 C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll - ok
22:55:36.0551 5024 [ 1A02FC0F35E1236136A2AF0BAE2D1A0E ] C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
22:55:36.0552 5024 C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - ok
22:55:36.0559 5024 [ C04FCB7EEBEB5097B30468828F20FB9E ] C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
22:55:36.0559 5024 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll - ok
22:55:36.0568 5024 [ C1680C34DE8A405C8829AB93236576FD ] C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
22:55:36.0568 5024 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll - ok
22:55:36.0577 5024 [ 0B31B0F8FA99CFD009C8FBEA9E20C9DE ] C:\Users\chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
22:55:36.0577 5024 C:\Users\chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - ok
22:55:36.0585 5024 [ 586FDC4E02623EE228EC35B9604AE5F2 ] C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
22:55:36.0586 5024 C:\Users\chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll - ok
22:55:36.0594 5024 [ E7BC792810EC02DD1F7ED25D830E9324 ] C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
22:55:36.0594 5024 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll - ok
22:55:36.0602 5024 [ 2C82D753EF779945977C82A3908DA20A ] C:\Windows\SysWOW64\npDeployJava1.dll
22:55:36.0602 5024 C:\Windows\SysWOW64\npDeployJava1.dll - ok
22:55:36.0609 5024 [ 87132527E2256CF6683A18C4EB34DD3B ] C:\Windows\SysWOW64\Wat\npWatWeb.dll
22:55:36.0609 5024 C:\Windows\SysWOW64\Wat\npWatWeb.dll - ok
22:55:36.0619 5024 [ 9013599B12923A45C029C34E8D2211AC ] C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
22:55:36.0619 5024 C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll - ok
22:55:36.0627 5024 [ F7C1F465E8283C806D5F52B20ECA0A77 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
22:55:36.0627 5024 C:\Program Files (x86)\Skype\Phone\Skype.exe - ok
22:55:36.0636 5024 [ 6FBB5678CD74CFFADB360CE2C00A464C ] C:\Program Files (x86)\Skype\Toolbars\Shared\SkypePnr.dll
22:55:36.0636 5024 C:\Program Files (x86)\Skype\Toolbars\Shared\SkypePnr.dll - ok
22:55:36.0645 5024 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:55:36.0645 5024 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
22:55:36.0653 5024 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
22:55:36.0653 5024 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
22:55:36.0661 5024 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
22:55:36.0661 5024 C:\Windows\SysWOW64\mscoree.dll - ok
22:55:36.0670 5024 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:55:36.0670 5024 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
22:55:36.0678 5024 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
22:55:36.0678 5024 C:\Windows\System32\msvcr100_clr0400.dll - ok
22:55:36.0687 5024 [ F28169A7ADF7B41809CF92D369E744F0 ] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:55:36.0687 5024 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe - ok
22:55:36.0694 5024 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
22:55:36.0695 5024 C:\Windows\System32\sppsvc.exe - ok
22:55:36.0702 5024 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
22:55:36.0702 5024 C:\Windows\System32\drivers\spsys.sys - ok
22:55:36.0710 5024 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
22:55:36.0710 5024 C:\Windows\System32\wscsvc.dll - ok
22:55:36.0718 5024 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
22:55:36.0718 5024 C:\Windows\System32\wuaueng.dll - ok
22:55:36.0725 5024 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
22:55:36.0725 5024 C:\Windows\System32\cabinet.dll - ok
22:55:36.0733 5024 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
22:55:36.0733 5024 C:\Windows\System32\sppwinob.dll - ok
22:55:36.0741 5024 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
22:55:36.0741 5024 C:\Windows\System32\mspatcha.dll - ok
22:55:36.0749 5024 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
22:55:36.0749 5024 C:\Windows\System32\wuapi.dll - ok
22:55:36.0756 5024 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
22:55:36.0756 5024 C:\Windows\System32\wups.dll - ok
22:55:36.0764 5024 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
22:55:36.0764 5024 C:\Windows\System32\wups2.dll - ok
22:55:36.0771 5024 [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
22:55:36.0771 5024 C:\Windows\System32\sppobjs.dll - ok
22:55:36.0781 5024 [ 769765CE2CC62867468CEA93969B2242 ] C:\Windows\System32\drivers\asyncmac.sys
22:55:36.0781 5024 C:\Windows\System32\drivers\asyncmac.sys - ok
22:55:36.0784 5024 ============================================================
22:55:36.0784 5024 Scan finished
22:55:36.0784 5024 ============================================================
22:55:36.0804 5016 Detected object count: 1
22:55:36.0804 5016 Actual detected object count: 1
22:56:29.0389 5016 ssadbus ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:29.0390 5016 ssadbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:58:21.0954 1236 Deinitialize success
  • 0

#10
Crag_Hack
Posted 05 December 2012 - 06:15 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Bumblepuck. All your logs are clean. I see no evidence of malware anywhere. I believe SBAMSvc.exe might be related to ad-aware browsing protection not sure though. I am going to consult a colleague. Is this the only process that is hogging your CPU usage? Chrome using 400 MB or so is pretty typical. Also I would like to look at your MBAM log. Please do the following:

  • Start Malwarebytes' Anti-Malware
  • The log can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

  • 0

Advertisements

#11
Bumblepuck
Posted 05 December 2012 - 06:56 PM

Bumblepuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
But what about the fraud emails? The emails are the concerning thing. I got an email that was "from" someone that I have no contact with except for facebook friends. We met once at a camp. There is no other trace linking me to him except facebook. Of course I have gotten other emails "from" people in my family and people that I do interact with, but the one from facebook is the most puzzling. Also, my uncle, and dad have been getting these emails now after I started getting them. But the point is that I think my comp is the origin.

Log from 11-28- all it found were these m-player things which is just some bloatware stuff i never installed that came with some stuff I downloaded.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
chris :: CHRIS-PC [administrator]

11/28/2012 1:56:50 AM
mbam-log-2012-11-28 (01-56-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384476
Time elapsed: 1 hour(s), 11 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\chris\Downloads\mplayer_Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\mplayer_Setup (2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\mplayer_Setup (3).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\mplayer_Setup (5).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\mplayer_Setup (6).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\mplayer_Setup (7).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)

Edited by Bumblepuck, 05 December 2012 - 06:59 PM.

  • 0

#12
Bumblepuck
Posted 05 December 2012 - 06:57 PM

Bumblepuck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
And I have never installed Vipre or any sunbelt software?? why would that be running? that is the one process that I have identified that I can end and it speeds everything up. Other strange thing is that SBAMsvc doesn't show up under task manager ever. Only under resource monitor...

Edited by Bumblepuck, 05 December 2012 - 07:00 PM.

  • 0

#13
Crag_Hack
Posted 06 December 2012 - 06:51 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
SBAMSvc should show up in task manager if you go to Processes tab. Sorry for the delay my colleague is in Great Britain so it's hard for us to sync up. His first impression is that SBAMSvc is part of Lavasoft Ad-Aware. Have you ever had this installed? You could go to start menu --> type "Programs and Features" --> press enter. There will be a list of your installed programs. Are there any that match the name Ad-Aware? I noticed you have Ad-Aware Browsing Protection but I don't think that would slow down your computer like what you are experiencing.
  • 0

#14
Crag_Hack
Posted 07 December 2012 - 05:25 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
I just consulted with my colleague. The next step is to uninstall Ad-Aware Browsing Protection in Programs and Features and see what happens. If you want you can shoot me an OTL log after and I'll see if the Sunbelt Software entries show up or not.

  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, one at a time and post them in your topic.

  • 0

#15
Crag_Hack
Posted 07 December 2012 - 05:27 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Regarding the emails see here how easy from addresses can be spoofed in emails. Also it's possible somebody hacked a facebook account to find your friends connection to you.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP