Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Funmoods, Isearch with AVG browser hijack and who knows what else [Sol

Started by ozzette50 , Dec 12 2012 12:24 PM

  • This topic is locked This topic is locked

#1
ozzette50
Posted 12 December 2012 - 12:24 PM

ozzette50

    Member

  • Member
  • PipPip
  • 26 posts
Hi. I am thoroughly ashamed of myself. A year and a half ago my son helped me get a new HP. No big deal but so ultimately superior to anything I'd ever used I've been extremely lazy. My IE (32bit) has not worked in months (maybe a year now?). Then I got the Funmoods thing which I was embarrassed at being caught with anyway. I have been having different weird attacks over the last few months, too numerous to try to list (every 10 days or so?) I have been running my AVG and Malwarebytes scans after every episode which always show infection healed, but never seem to get to the root of the problem. The most recent attack was the Isearch browser hijack. My homepage didn't even come up and me, without thinking, typed in facebook. The results page had AVG written all over it and the link for FB was phony, which makes me think I'm badly messed up. I am too embarrassed to go on though I am sure my logs will show ignored problems. I am so grateful you guys are here. Please help!!! Hoping I will not have to reformat with restore disks. Thanks so much for your time and expertise.


OTL logfile created on: 12/12/2012 12:56:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop\Tools\VirusRemoval12-12-12
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 67.24% Memory free
11.50 Gb Paging File | 9.57 Gb Available in Paging File | 83.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.16 Gb Total Space | 608.50 Gb Free Space | 66.27% Space Free | Partition Type: NTFS
Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: DEE-HP | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/12 12:54:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\Tools\VirusRemoval12-12-12\OTL.exe
PRC - [2012/11/24 10:43:03 | 013,105,848 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/28 08:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/05/06 17:52:51 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/04/05 20:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/04/02 11:14:16 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2011/11/01 16:56:08 | 000,129,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
PRC - [2011/11/01 16:55:56 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/11/01 16:55:54 | 001,436,464 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe
PRC - [2011/11/01 16:55:40 | 000,133,936 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2011/10/27 14:56:34 | 000,113,456 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/03 10:42:16 | 000,694,824 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
PRC - [2009/03/03 10:42:12 | 000,694,824 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/02/28 11:57:54 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008/02/28 11:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
PRC - [2007/03/10 13:43:52 | 000,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2007/02/10 15:40:46 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2004/08/24 14:01:12 | 000,065,536 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\HPLiteSaver.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/16 08:31:44 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll
MOD - [2012/11/16 08:30:30 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012/11/16 08:30:30 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\590352c10307d311bf4dc1addb801791\System.Windows.Input.Manipulations.ni.dll
MOD - [2012/11/16 08:30:30 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012/11/16 08:30:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/16 08:30:18 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/16 08:30:18 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/11/16 08:30:18 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
MOD - [2012/11/16 08:30:16 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012/11/16 08:30:08 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\7b9e229466be7e0bc584ea7b3de23523\System.Deployment.ni.dll
MOD - [2012/11/16 06:35:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012/11/15 20:42:03 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012/11/15 20:41:53 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012/11/15 20:41:45 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012/11/15 20:41:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012/11/15 20:39:36 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/15 20:39:33 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/15 20:39:32 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/15 20:39:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/15 20:39:29 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/15 20:39:28 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/15 20:39:24 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/05/06 17:52:52 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/06 17:52:51 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/11/01 16:56:06 | 000,076,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\MsgHook.dll
MOD - [2011/11/01 16:55:50 | 000,121,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2011/11/01 16:39:32 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2009/03/03 10:42:16 | 000,694,824 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
MOD - [2009/03/03 10:42:12 | 000,694,824 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2009/03/03 10:40:46 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2007/03/10 13:43:52 | 000,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
MOD - [2007/02/10 15:40:46 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
MOD - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/06/11 12:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/02 11:14:16 | 000,441,344 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/06/30 02:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/11/11 14:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 14:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 13:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2008/02/19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2012/12/11 20:24:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/07 09:24:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/05/06 17:52:52 | 000,932,736 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/02 11:14:16 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/11/01 16:55:56 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/11/01 16:55:40 | 000,133,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2011/10/27 14:56:34 | 000,113,456 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/09/28 11:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/01 20:34:42 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/07/20 13:05:02 | 000,311,968 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/07/20 13:02:16 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/07/01 14:25:38 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/04/03 10:57:58 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/04/03 10:57:58 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\AMD64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\AMD64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\AMD64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/27 14:56:12 | 000,020,784 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/15 13:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/06/30 04:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 02:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 01:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 22:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/01 18:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/09/23 21:59:40 | 000,030,240 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2007/03/26 13:45:52 | 010,550,656 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2012/04/03 10:57:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/04/03 10:57:48 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/03/26 13:46:30 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...tB&cr=268097960
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmood...tB&cr=268097960
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 02 3A AE 29 D7 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=992732&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B771f3037-9885-4423-b50f-a5ede4854e26%7D:1.300.428
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:11.0.0.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:54&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Dee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/06 17:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/05 08:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/07 09:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/07 09:24:50 | 000,000,000 | ---D | M]

[2011/07/29 08:29:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Extensions
[2012/10/22 18:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\extensions
[2012/07/18 11:58:01 | 000,552,766 | ---- | M] () (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}.xpi
[2012/07/18 07:59:43 | 000,001,734 | ---- | M] () -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\searchplugins\search-the-web.xml
[2012/08/05 18:19:38 | 000,002,337 | ---- | M] () -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\searchplugins\Search.xml
[2012/12/07 09:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/06 17:53:02 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
[2012/12/07 09:24:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/06 17:52:50 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/31 04:38:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/14 07:13:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll File not found
O4:64bit: - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DT HWP] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ent_4.5.1.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{432B7047-F37C-472D-84E5-7CC3CF766BD8}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E779C27C-A8C0-4D12-A111-751886C4E058}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09aefa84-2dc3-11e1-8508-643150468332}\Shell - "" = AutoRun
O33 - MountPoints2\{09aefa84-2dc3-11e1-8508-643150468332}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O33 - MountPoints2\{665136c2-4a45-11e0-bf4d-643150468332}\Shell - "" = AutoRun
O33 - MountPoints2\{665136c2-4a45-11e0-bf4d-643150468332}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{67effe8e-2fb6-11e1-957e-643150468332}\Shell - "" = AutoRun
O33 - MountPoints2\{67effe8e-2fb6-11e1-957e-643150468332}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O33 - MountPoints2\{76bfc0b4-5469-11e0-a84d-643150468332}\Shell - "" = AutoRun
O33 - MountPoints2\{76bfc0b4-5469-11e0-a84d-643150468332}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{ee0bec40-c8a6-11e0-a74e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee0bec40-c8a6-11e0-a74e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{f9966816-4523-11e1-91fe-643150468332}\Shell - "" = AutoRun
O33 - MountPoints2\{f9966816-4523-11e1-91fe-643150468332}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/09 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\ElementalsTheMagicKey
[2012/12/09 17:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\{9A776EA9-5BE6-4C54-8DA4-922194BF60AC}
[2012/12/09 17:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/12/07 09:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/06 20:38:35 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\Mystery of Mortlake Mansion
[2012/12/06 20:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playrix Entertainment
[2012/12/06 20:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playrix Entertainment
[2012/12/04 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\Apple
[2012/12/03 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\GameMill
[2012/12/03 20:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\GameMill
[2012/12/02 15:24:02 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012/12/02 09:35:35 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\gogii
[2012/12/02 09:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\gogii
[2012/11/30 16:02:00 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/30 16:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/30 16:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/30 10:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Eye
[2012/11/30 10:52:42 | 000,000,000 | ---D | C] -- C:\Windows\Private Eye
[2012/11/30 10:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Private Eye
[2012/11/30 10:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2012/11/25 18:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery in London
[2012/11/25 18:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery in London
[2012/11/25 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\{12E41634-B7A9-41A3-A55C-D394B102476E}
[2012/11/24 15:39:40 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\SpookyManor
[2012/11/24 15:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MumboJumbo
[2012/11/24 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\AVG2013
[2012/11/21 08:51:21 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\{20E4065C-3CEB-4448-953F-64A95FEF017F}
[2012/11/19 17:26:48 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\SpinTop Games
[2012/11/19 17:05:20 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\casualArts
[2012/11/19 17:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2012/11/19 17:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery Murders - Jack the Ripper
[2012/11/19 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twisted - A Haunted Carol
[2012/11/19 16:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxy Games
[2012/11/18 18:54:07 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Roaming\Boolat Games
[2012/11/17 15:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Home Sweet Home Christmas Edition
[2012/11/13 19:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/13 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/12 12:35:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2375802078-1423229213-3210898512-1001UA.job
[2012/12/12 12:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/12 08:46:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/12 08:46:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/12 08:39:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/12 08:39:02 | 334,979,071 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/11 18:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2375802078-1423229213-3210898512-1001Core.job
[2012/12/09 18:46:05 | 000,000,710 | ---- | M] () -- C:\Windows\Lexstat.ini
[2012/12/09 17:29:12 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/07 09:22:15 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDee.job
[2012/12/06 20:25:10 | 000,002,214 | ---- | M] () -- C:\Users\Dee\Desktop\Play More Playrix Games!.lnk
[2012/12/06 20:25:10 | 000,001,260 | ---- | M] () -- C:\Users\Dee\Desktop\Spirit Of Wandering.lnk
[2012/12/06 20:24:12 | 000,001,391 | ---- | M] () -- C:\Users\Dee\Desktop\Elementals - The Magic Key.lnk
[2012/12/06 20:23:22 | 000,001,363 | ---- | M] () -- C:\Users\Dee\Desktop\Mystery of Mortlake Mansion.lnk
[2012/12/04 09:51:40 | 000,002,495 | ---- | M] () -- C:\Users\Dee\Desktop\Midnight Mysteries - The Edgar Allan Poe Conspiracy - Shortcut.lnk
[2012/12/04 09:47:27 | 000,002,616 | ---- | M] () -- C:\Users\Dee\Desktop\Dark Tales 2 Edgar Allan Poes The Black Cat.lnk
[2012/12/04 09:46:37 | 000,001,830 | ---- | M] () -- C:\Users\Dee\Desktop\SC3_CE.exe - Shortcut.lnk
[2012/12/04 09:42:38 | 000,001,423 | ---- | M] () -- C:\Users\Dee\Desktop\Gravely Silent - House of Deadlock Collector's Edition.exe - Shortcut.lnk
[2012/11/30 16:02:00 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/30 10:52:46 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Private Eye.lnk
[2012/11/25 18:12:30 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Mystery in London.lnk
[2012/11/25 11:33:23 | 000,784,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/25 11:33:23 | 000,663,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/25 11:33:23 | 000,122,734 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/24 10:43:10 | 000,001,274 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2012/11/19 17:04:46 | 000,002,253 | ---- | M] () -- C:\Users\Dee\Desktop\Mystery Murders - Jack the Ripper.lnk
[2012/11/19 16:55:24 | 000,027,520 | ---- | M] () -- C:\Users\Dee\AppData\Local\dt.dat
[2012/11/19 16:54:55 | 000,002,227 | ---- | M] () -- C:\Users\Dee\Desktop\Twisted - A Haunted Carol.lnk
[2012/11/18 18:53:52 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/11/16 06:22:17 | 000,507,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/13 19:05:03 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/06 20:25:10 | 000,001,260 | ---- | C] () -- C:\Users\Dee\Desktop\Spirit Of Wandering.lnk
[2012/12/06 20:24:12 | 000,001,391 | ---- | C] () -- C:\Users\Dee\Desktop\Elementals - The Magic Key.lnk
[2012/12/06 20:23:22 | 000,002,214 | ---- | C] () -- C:\Users\Dee\Desktop\Play More Playrix Games!.lnk
[2012/12/06 20:23:22 | 000,001,363 | ---- | C] () -- C:\Users\Dee\Desktop\Mystery of Mortlake Mansion.lnk
[2012/12/04 09:51:40 | 000,002,495 | ---- | C] () -- C:\Users\Dee\Desktop\Midnight Mysteries - The Edgar Allan Poe Conspiracy - Shortcut.lnk
[2012/12/04 09:47:27 | 000,002,616 | ---- | C] () -- C:\Users\Dee\Desktop\Dark Tales 2 Edgar Allan Poes The Black Cat.lnk
[2012/12/04 09:46:37 | 000,001,830 | ---- | C] () -- C:\Users\Dee\Desktop\SC3_CE.exe - Shortcut.lnk
[2012/12/04 09:42:38 | 000,001,423 | ---- | C] () -- C:\Users\Dee\Desktop\Gravely Silent - House of Deadlock Collector's Edition.exe - Shortcut.lnk
[2012/11/30 10:52:46 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Eye.lnk
[2012/11/30 10:52:46 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Private Eye.lnk
[2012/11/25 18:12:30 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Mystery in London.lnk
[2012/11/23 09:01:20 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/19 17:04:46 | 000,002,253 | ---- | C] () -- C:\Users\Dee\Desktop\Mystery Murders - Jack the Ripper.lnk
[2012/11/19 16:55:24 | 000,027,520 | ---- | C] () -- C:\Users\Dee\AppData\Local\dt.dat
[2012/11/19 16:54:55 | 000,002,227 | ---- | C] () -- C:\Users\Dee\Desktop\Twisted - A Haunted Carol.lnk
[2012/11/18 18:53:52 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/11/15 20:40:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 20:33:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 19:05:03 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/03 05:36:56 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2012/08/29 12:34:02 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2012/08/29 12:34:02 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2012/08/29 12:34:02 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012/08/29 12:33:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2012/08/29 12:33:59 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2012/08/29 12:33:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2012/08/05 18:17:36 | 000,384,844 | ---- | C] () -- C:\Users\Dee\AppData\Local\funmoods-speeddial.crx
[2012/06/28 19:32:07 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2012/05/17 19:40:11 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/03/30 23:53:38 | 000,000,000 | ---- | C] () -- C:\Windows\Ransom.INI
[2012/03/16 15:02:27 | 000,000,000 | ---- | C] () -- C:\Windows\Alibi.INI
[2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/20 13:55:30 | 706,204,160 | ---- | C] () -- C:\Users\Dee\ethan.avi
[2011/12/29 08:29:36 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011/11/23 09:43:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/11/17 17:58:57 | 000,000,000 | ---- | C] () -- C:\Windows\Captive.INI
[2011/11/11 10:02:53 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011/11/11 10:02:53 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011/11/11 10:02:53 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011/11/11 10:02:53 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011/11/11 10:02:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011/11/11 10:02:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011/11/11 10:02:53 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011/11/11 10:02:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011/11/11 10:02:52 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011/11/11 10:02:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011/11/11 10:02:52 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011/11/11 10:02:52 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011/11/11 10:02:52 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011/11/11 10:02:52 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011/11/11 10:02:52 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2011/11/11 10:02:52 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011/11/11 10:02:52 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2011/11/05 05:11:52 | 000,000,632 | RHS- | C] () -- C:\Users\Dee\ntuser.pol
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/05 01:46:30 | 000,000,000 | ---- | C] () -- C:\Users\Dee\AppData\Local\{D4BCDAE4-1327-48BD-9E8C-BD9080E87BF9}
[2011/08/28 16:13:12 | 000,000,193 | ---- | C] () -- C:\Windows\wordpad.INI
[2011/08/20 04:11:09 | 000,122,404 | ---- | C] () -- C:\Program Files\save003.sav
[2011/08/20 04:11:09 | 000,122,388 | ---- | C] () -- C:\Program Files\save002.sav
[2011/08/20 04:11:09 | 000,116,856 | ---- | C] () -- C:\Program Files\save001.sav
[2011/08/20 04:11:09 | 000,111,568 | ---- | C] () -- C:\Program Files\save000.sav
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\NANSTD6.SAV
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\NANSTD5.SAV
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\NANSTD4.SAV
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\NANSTD3.SAV
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\NANSTD2.SAV
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\NANSTD1.SAV
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\NANSTD0.SAV
[2011/07/26 11:35:41 | 000,030,897 | ---- | C] () -- C:\Program Files\CONSTD.SAV
[2011/07/26 11:34:59 | 000,000,000 | ---- | C] () -- C:\Program Files\game.ini
[2011/04/12 12:20:30 | 000,103,720 | ---- | C] () -- C:\Users\Dee\GoToAssistDownloadHelper.exe
[2011/03/19 19:05:51 | 000,007,625 | ---- | C] () -- C:\Users\Dee\AppData\Local\Resmon.ResmonCfg
[2011/03/17 19:48:44 | 000,778,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/15 08:00:16 | 000,008,192 | ---- | C] () -- C:\Users\Dee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 08:17:46 | 000,000,137 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/06 08:45:33 | 000,000,710 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011/03/02 10:05:06 | 000,000,021 | ---- | C] () -- C:\Windows\FH_setup.ini
[2011/03/01 19:19:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/01 19:19:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/01 19:19:10 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/01 19:19:10 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/01 19:19:10 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 19:58:55 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Artogon
[2012/11/24 10:42:10 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\AVG2013
[2012/11/25 18:12:33 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Big Fish Games
[2011/03/29 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Blio
[2012/11/18 18:54:07 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Boolat Games
[2012/11/19 17:05:20 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\casualArts
[2012/03/04 15:21:00 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\DAEMON Tools Lite
[2012/11/03 05:53:00 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\DisplayTune
[2012/12/10 12:31:15 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\ElementalsTheMagicKey
[2011/04/19 09:06:46 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Enki Games
[2011/04/14 06:56:43 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\ERS Game Studios
[2012/12/03 20:15:55 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\GameMill
[2012/03/14 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Games
[2012/12/02 09:35:35 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\gogii
[2012/05/04 05:13:51 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\LucasArts
[2012/12/06 20:38:38 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Mystery of Mortlake Mansion
[2011/05/20 14:18:10 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Nitro PDF
[2012/07/10 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Nucleosys
[2011/03/19 19:58:39 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Orbit
[2011/03/11 12:09:56 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PeaZip
[2011/03/01 16:28:58 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PictureMover
[2011/11/06 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\PlayFirst
[2011/03/12 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\ProgSense
[2011/03/22 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\ProtectDISC
[2012/04/23 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\ScummVM
[2012/11/27 21:33:11 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SoftGrid Client
[2012/11/19 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SpinTop Games
[2012/11/18 18:23:10 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\SulusGames
[2011/09/21 13:11:40 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\WinBatch
[2011/08/17 07:54:25 | 000,000,000 | ---D | M] -- C:\Users\Dee\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Users\Dee\Documents\Verizonphoneno.png:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Dee\Documents\Project1.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Dee\Documents\Oohrah1.jpg:SummaryInformation
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:CB299F13
@Alternate Data Stream - 190 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:F610C203
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:C243D9EC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:10B970A9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2AF322BF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D31BE97C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:72A1B66A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:E91ADC66

< End of report >

Edited by ozzette50, 12 December 2012 - 12:25 PM.

  • 0

Advertisements

#2
gringo_pr
Posted 12 December 2012 - 12:28 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
ozzette50
Posted 13 December 2012 - 12:37 PM

ozzette50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Gringo!

First off, let me apologize for being so tardy in my reply after your quick response to my desperate plea. I imbibed in a little pre-Christmas cheer yesterday afternoon and didn't want to make any mistakes, LOL. To add to my logs, all is working as well as it ever has, but it would take awhile for me to see if it is still doing weird things. However, my IE 32bit is still frozen, "not responding" in any way except to open to a Google homepage, but nothing else can be done. At least I don't see funmoods in the address bar anymore! Why did it remove my ATF cleaner as well as my HP monitor program? I got that tool from this site and when I got this new computer I checked to see if it would work and it said yeah, but not as thoroughly. Since it was familiar I continue to use it when I give my puter the once over (clean, defrag). Also, what about the RK-quarantine list. Is anything on there safe? I guess they are unusable with the .vir extension, but that is where my ATF cleaner, etc. is. I can't figure out how to copy it to show it to you, though you probably already know what is on it from the report, right? Again, thanks so much for the prompt reply and I will be just as prompt from now on.

Dee



OK, here are my scan results:

Security Check program (checkup rpt):

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.5.502.135
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Dee Desktop Tools VirusRemoval12-12-12\SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


AdwCleaner:


# AdwCleaner v2.100 - Logfile created 12/13/2012 at 11:38:19
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dee - DEE-HP
# Boot Mode : Normal
# Running from : C:\Users\Dee\Desktop\Tools\VirusRemoval12-12-12\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Dee\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\searchplugins\search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Dee\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dee\AppData\Local\Conduit
Folder Deleted : C:\Users\Dee\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Dee\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Dee\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dee\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Dee\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dee\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\FCTB
Folder Deleted : C:\Users\Ethan\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Ethan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ethan\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Jared\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jared\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jared\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Jared\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jared\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Windows\SysWOW64\Save

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2412564
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000062133
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53279739-B3E6-4CCD-A28E-5294B5C9C2E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzuyCyEtAtCyDtDyEyCzztAtAtByCyDyDyCtN0D0Tzu0CtBtCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=268097960 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\prefs.js

C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.0.0.9");
Deleted : user_pref("avg.install.userSPSettings", "Search the Web");
Deleted : user_pref("extensions.funmoods.aflt", "grupo");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "4679650EF98AAACE06C51903C6C58357");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.id", "6431504683326556");
Deleted : user_pref("extensions.funmoods.instlDay", "15557");
Deleted : user_pref("extensions.funmoods.instlRef", "grupo");
Deleted : user_pref("extensions.funmoods.isDcmntCmplt", true);
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:17:33");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=grupo&chnl=grupo&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=grupo&chnl=grupo&cd=2[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:17:33");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:17:33");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10662");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "5F07C5C431C9A89F3A897BF42FABEDE1");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "64a26556000000000000643150468332");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15557");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:12:33");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Bcx1OW9&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8Bcx1OW9");
Deleted : user_pref("extensions.incredibar.upn2n", "92824830880794277");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:12:33");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10662");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "64a26556000000000000643150468332");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15557");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Bcx1OW9&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8Bcx1OW9");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824830880794277");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:12:33");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.2806055.KeywordHistory", "ribbonwick%2520candle[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 13);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 13);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1355333672250");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "hxxp%3A//www.facebook[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.runcmd.", "216050420");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "71346102B18F8A27ED3FED49430FF17A5B83[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "79658789");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "6a63685aefe9e03ea33c0c03372b507a776[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...]
Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B8c1a30ca-4ec5-4362-abc0-4a168fcc1e47%[...]

Profile name : default
File : C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\ggg9zdrn.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.0.0.9");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bf180bd6d-099a-42f2-854b-16fcf69f4c55%[...]

Profile name : default
File : C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\xuxcsqjj.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.0.0.9");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7b8cc47f-d1ad-4170-ad24-51f1620c614c%[...]

*************************

AdwCleaner[S1].txt - [22971 octets] - [13/12/2012 11:38:19]

########## EOF - C:\AdwCleaner[S1].txt - [23032 octets] ##########


RogueKiller:


RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dee [Admin rights]
Mode : Remove -- Date : 12/13/2012 13:10:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 24 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : DXM6Patch_981116 (C:\Windows\p_981116.exe /Q:A) -> DELETED
[TASK][SUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Dee\AppData\Local\Temp\IHUF811.tmp.exe -> DELETED
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Dee\AppData\Local\Temp\IHUC83E.tmp.exe -> DELETED
[TASK][SUSP PATH] {0AF6B425-EE09-47AE-A8F9-1F725B55786B} : C:\Users\Dee\Desktop\Games\SilentHill1\autorun.exe -> DELETED
[TASK][SUSP PATH] {0B5D617F-565A-477C-A873-7B255F3194C1} : C:\Users\Dee\Desktop\Games\CurseofMI\Curse\Curse\COMI.EXE -> DELETED
[TASK][SUSP PATH] {0DBCC838-E6A6-43BE-B3C8-BA40BDE26350} : C:\Users\Dee\Desktop\Games\TheBreakdown\TheBreakdown_v099_setup.exe -> DELETED
[TASK][SUSP PATH] {118C4820-E12A-4683-A125-58964A424ACF} : C:\Users\Dee\Desktop\Games\SilentHill1\Silent Hill PC v1.2.1.exe -> DELETED
[TASK][SUSP PATH] {19D01227-E169-4A41-B525-6915A25C386B} : C:\Users\Dee\Desktop\Games\BTTF pack 1-5\Epi1\bttf_101_setup.exe -> DELETED
[TASK][SUSP PATH] {2A73A76C-794B-4F58-8331-B2AC309C7A8A} : C:\Users\Dee\Desktop\GameTools\MadameFateGuide.exe -> DELETED
[TASK][SUSP PATH] {3C3F82C4-AD15-4CD6-85C9-C0F1C5083A5D} : C:\Users\Dee\Desktop\Games\AC-AndThenThereWereNone\setup.exe -> DELETED
[TASK][SUSP PATH] {3ED754C1-4EE2-43B2-B31C-642C842A8E0B} : C:\Users\Dee\Desktop\Games\CurseofMI\Curse\Curse\COMI.EXE -> DELETED
[TASK][SUSP PATH] {5A8BCE65-6A35-4EC2-8B3D-5D3F1C63683A} : C:\Users\Dee\Desktop\Games\SilentHill1\Silent Hill.exe -> DELETED
[TASK][SUSP PATH] {93ED52D5-FB24-479E-B1F1-CDED5143D035} : C:\Users\Dee\Desktop\Tools\webcam\Mini-cam Driver.exe -> DELETED
[TASK][SUSP PATH] {A09C4051-9C2E-479C-AB71-CDAF0971BA2F} : C:\Users\Dee\Desktop\Games\TheBreakdown\TheBreakdown_v099_setup.exe -> DELETED
[TASK][SUSP PATH] {BFD4CE39-1A4E-461E-B4C0-4E511BE16FD1} : C:\Users\Dee\Desktop\Tools\ATF-Cleaner.exe -> DELETED
[TASK][SUSP PATH] {CF5E8390-B261-4EFA-9481-9A7D80F6A0AE} : C:\Users\Dee\Desktop\Games\TheBreakdown\the breakdown.exe -> DELETED
[TASK][SUSP PATH] {EC74BD9F-70B4-46DD-9ABA-00EDC4A7CA18} : C:\Users\Dee\Desktop\Tools\ATF-Cleaner.exe -> DELETED
[STARTUP][SUSP PATH] HP Display LiteSaver Startup.lnk @Common : C:\Windows\HPLiteSaver.exe -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) -> REPLACED (C:\Windows\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 11658865be362ce295a3a61e94ee92ff
[BSP] 5d6f967b1f3bf42bc29eabf787fb2e26 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940197 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1925730304 | Size: 13570 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] e04f061dcd72d35dc341f6d3174807c0
[BSP] 4559dcaeb51b96385af8c9f9dc536442 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo

Finished : << RKreport[2]_D_12132012_02d1310.txt >>
RKreport[1]_S_12132012_02d1305.txt ; RKreport[2]_D_12132012_02d1310.txt
  • 0

#4
gringo_pr
Posted 13 December 2012 - 12:57 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
ozzette50
Posted 13 December 2012 - 06:03 PM

ozzette50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi.

The Past: The problems I seemed to be having were a lot of browser hijacks, redirects. Heck, I even got stuck on a page of malware and had to close and run scans before I could even get back on the internet at all, even with IE64. Like I said, scans would say it was healed, but there always seemed to be something in there that would allow it to occur again without any kind of provocation... visiting bad sites, etc. AVG was splashed all over the place at times, but the address bar said it was a lie. I even got a Mozilla update page come up, looked official as all get, but the address in the address bar said freshbrowserupdate.com. Of course I did not use any links, closed the page, and ran scans. I can't remember what came up but I am always showing infected after every episode. I am pretty sure I know how I got this stuff and have sworn off the habit. After looking at my logs I can imagine you know what it was. I thought they were kinda hard to send malicious code through, but I guess everyone is getting smarter. I also seem to acquire software out of the blue without downloading anything, but maybe I just didn't notice it. I had some kind of computer fix-it program in my program list but I did not remember ever seeing it and I do not use anything like that. Like I said, I am very ashamed of myself for letting this stuff happen for so long.

The Present: The computer is acting as usual, maybe a tad bit faster. My IE 32 bit is still not responding at all. I think it went from MSN to Google one time as I was trying it. But that was just by pushing a selection off the favorites menu bar. As soon as I touched anything within the page itself, it stops responding at all. The little blue circle going round and round. I also have a ton of programs in my program list in my control panel with no program on the computer. Any easy way to find all these nasty dead ends we have left? Seems like we left a lot of garbage behind. It will take time to see if the problem has been solved, because like I said, it seems to be like "triggered" after days. It will take more time to know how healthy it really is. Thanks!

Respectfully,
d

Combofix Log:

ComboFix 12-12-13.02 - Dee 12/13/2012 15:43:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4765 [GMT -5:00]
Running from: c:\users\Dee\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
C:\Thumbs.db
c:\users\Dee\AppData\Local\HippoGeekSA
c:\users\Dee\AppData\Local\HippoGeekSA\bin\1.0.4.0\copyright.txt
c:\users\Dee\AppData\Local\HippoGeekSA\data\hippogeekSA.dat
c:\users\Dee\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\SET7FDB.tmp
c:\windows\SysWow64\SET81A2.tmp
c:\windows\SysWow64\SET87C3.tmp
c:\windows\SysWow64\SET8E00.tmp
c:\windows\SysWow64\SET8E40.tmp
c:\windows\SysWow64\SET903A.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 20:53 . 2012-12-13 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 20:53 . 2012-12-13 20:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-12-13 20:53 . 2012-12-13 20:53 -------- d-----w- c:\users\Jared\AppData\Local\temp
2012-12-13 20:53 . 2012-12-13 20:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-13 20:53 . 2012-12-13 20:53 -------- d-----w- c:\users\Ethan\AppData\Local\temp
2012-12-12 13:47 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 13:47 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 13:47 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 13:47 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 13:47 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 13:47 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 13:47 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-10 01:44 . 2012-12-10 17:31 -------- d-----w- c:\users\Dee\AppData\Roaming\ElementalsTheMagicKey
2012-12-09 22:29 . 2012-12-09 22:29 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-12-07 01:38 . 2012-12-07 01:38 -------- d-----w- c:\users\Dee\AppData\Roaming\Mystery of Mortlake Mansion
2012-12-07 01:22 . 2012-12-07 01:25 -------- d-----w- c:\program files (x86)\Playrix Entertainment
2012-12-05 00:03 . 2012-12-05 00:03 -------- d-----w- c:\users\Dee\AppData\Local\Apple
2012-12-04 01:15 . 2012-12-04 01:15 -------- d-----w- c:\users\Dee\AppData\Roaming\GameMill
2012-12-04 01:15 . 2012-12-04 01:15 -------- d-----w- c:\programdata\GameMill
2012-12-02 20:24 . 2012-12-02 20:24 -------- d-sh--w- c:\windows\ftpcache
2012-12-02 14:35 . 2012-12-02 14:35 -------- d-----w- c:\users\Dee\AppData\Roaming\gogii
2012-12-02 14:35 . 2012-12-02 14:35 -------- d-----w- c:\programdata\gogii
2012-11-30 21:02 . 2012-11-30 21:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-30 21:02 . 2012-11-30 21:02 -------- d-----r- c:\program files (x86)\Skype
2012-11-30 15:52 . 2012-11-30 15:52 -------- d-----w- c:\program files (x86)\Private Eye
2012-11-30 15:52 . 2012-11-30 15:52 -------- d-----w- c:\windows\Private Eye
2012-11-30 15:49 . 2012-11-30 15:49 -------- d-----w- c:\programdata\BVRP Software
2012-11-25 23:12 . 2012-11-25 23:12 -------- d-----w- c:\program files (x86)\Mystery in London
2012-11-24 20:39 . 2012-11-24 20:40 -------- d-----w- c:\users\Dee\AppData\Local\SpookyManor
2012-11-24 20:39 . 2012-11-24 20:39 -------- d-----w- c:\program files (x86)\MumboJumbo
2012-11-24 15:42 . 2012-11-24 15:42 -------- d-----w- c:\users\Dee\AppData\Roaming\AVG2013
2012-11-23 15:29 . 2012-11-23 15:29 -------- d-----w- c:\users\Jared\AppData\Roaming\AVG2013
2012-11-23 14:01 . 2012-11-23 14:01 -------- d-----w- c:\users\Jared\AppData\Roaming\TuneUp Software
2012-11-23 13:58 . 2012-11-23 13:58 -------- d-----w- c:\users\Jared\AppData\Local\MFAData
2012-11-23 13:58 . 2012-11-23 13:58 -------- d-----w- c:\users\Jared\AppData\Local\Avg2013
2012-11-23 13:55 . 2012-11-23 13:55 -------- d-----w- c:\users\Jared\AppData\Local\Macromedia
2012-11-23 13:51 . 2012-11-23 13:51 -------- d-----w- c:\users\Jared\AppData\Roaming\DisplayTune
2012-11-23 13:51 . 2012-11-23 13:51 -------- d-----w- c:\users\Jared\AppData\Roaming\DAEMON Tools Lite
2012-11-19 22:26 . 2012-11-19 22:26 -------- d-----w- c:\users\Dee\AppData\Roaming\SpinTop Games
2012-11-19 22:05 . 2012-11-19 22:05 -------- d-----w- c:\users\Dee\AppData\Roaming\casualArts
2012-11-19 22:05 . 2012-11-19 22:05 -------- d-----w- c:\programdata\casualArts
2012-11-19 22:04 . 2012-11-19 22:04 -------- d-----w- c:\program files (x86)\Mystery Murders - Jack the Ripper
2012-11-19 21:54 . 2012-11-19 21:54 -------- d-----w- c:\program files (x86)\Foxy Games
2012-11-18 23:54 . 2012-11-18 23:54 -------- d-----w- c:\users\Dee\AppData\Roaming\Boolat Games
2012-11-17 20:41 . 2012-12-11 00:19 -------- d-----w- c:\program files (x86)\Home Sweet Home Christmas Edition
2012-11-16 01:40 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 01:40 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 01:40 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 01:40 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 01:33 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 01:33 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 01:33 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 01:33 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 01:33 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 01:33 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 01:33 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 00:05 . 2012-11-14 00:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-14 00:05 . 2012-11-14 00:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-14 00:05 . 2012-11-14 00:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-14 00:05 . 2012-11-14 00:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-14 00:05 . 2012-11-14 00:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-14 00:05 . 2012-11-14 00:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-14 00:05 . 2012-11-14 00:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-14 00:04 . 2012-11-14 00:05 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 16:40 . 2011-06-02 13:07 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-12-13 03:53 . 2011-03-02 00:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 01:24 . 2012-03-29 12:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:24 . 2011-05-19 12:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-02 01:34 . 2012-11-02 01:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 11:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:14 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 13:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 23:54 . 2011-03-18 12:57 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 16:13 . 2011-04-13 16:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 16:13 . 2011-03-09 00:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files (x86)\InboxDollars\Toolbar.dll" [2012-02-18 1613824]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-24 13105848]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-04-06 393216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2009-03-03 694824]
"DT HWP"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-11-01 121648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2011-3-23 237568]
MiMedia.lnk - c:\program files\MiMedia LLC\MiMedia\MiMedia.exe [N/A]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-02 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R4 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R4 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-01 834544]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-02 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-04-02 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-04-02 441344]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-27 113456]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 01:24]
.
2012-12-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2375802078-1423229213-3210898512-1001Core.job
- c:\users\Dee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-13 22:30]
.
2012-12-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2375802078-1423229213-3210898512-1001UA.job
- c:\users\Dee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-13 22:30]
.
2012-12-07 c:\windows\Tasks\HPCeeScheduleForDee.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"lxbkbmgr.exe"="c:\program files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-04-03 2727936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{5f34d357-5ffb-447d-b29e-88c0e8ccf6dd} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
ShellIconOverlayIdentifiers-{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7} - (no file)
ShellIconOverlayIdentifiers-{FAD5EA38-2D1D-485D-9B07-D35EB72B922E} - (no file)
ShellIconOverlayIdentifiers-{69DE75F6-60E6-4E55-B416-171941A5C73E} - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{5F34D357-5FFB-447D-B29E-88C0E8CCF6DD} - (no file)
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
ShellIconOverlayIdentifiers-{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7} - (no file)
ShellIconOverlayIdentifiers-{FAD5EA38-2D1D-485D-9B07-D35EB72B922E} - (no file)
ShellIconOverlayIdentifiers-{69DE75F6-60E6-4E55-B416-171941A5C73E} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DFX - c:\program files (x86)\DFX\uninstall.exe
AddRemove-NiBiRu_is1 - c:\program files (x86)\JoWood\Nibiru\unins000.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2375802078-1423229213-3210898512-1001\Software\SecuROM\License information*]
"datasecu"=hex:6c,39,6e,f6,34,6b,e7,21,83,a9,bc,ba,50,f9,de,2b,c2,06,4f,eb,cf,
1e,87,15,9e,81,ba,8d,7a,f4,a5,a0,87,8e,b0,51,f2,aa,0f,bd,7d,b6,30,a8,42,79,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-13 16:11:55
ComboFix-quarantined-files.txt 2012-12-13 21:11
.
Pre-Run: 650,594,844,672 bytes free
Post-Run: 650,927,632,384 bytes free
.
- - End Of File - - FC9A27C7C0CB5F238966EE54839C5972

Edited by ozzette50, 13 December 2012 - 06:14 PM.

  • 0

#6
gringo_pr
Posted 13 December 2012 - 06:20 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
ozzette50
Posted 15 December 2012 - 07:51 PM

ozzette50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
TDSSKiller Log 1

19:41:56.0305 4016 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:41:56.0632 4016 ============================================================
19:41:56.0632 4016 Current date / time: 2012/12/15 19:41:56.0632
19:41:56.0632 4016 SystemInfo:
19:41:56.0632 4016
19:41:56.0632 4016 OS Version: 6.1.7601 ServicePack: 1.0
19:41:56.0632 4016 Product type: Workstation
19:41:56.0632 4016 ComputerName: DEE-HP
19:41:56.0632 4016 UserName: Dee
19:41:56.0632 4016 Windows directory: C:\Windows
19:41:56.0632 4016 System windows directory: C:\Windows
19:41:56.0632 4016 Running under WOW64
19:41:56.0632 4016 Processor architecture: Intel x64
19:41:56.0632 4016 Number of processors: 4
19:41:56.0632 4016 Page size: 0x1000
19:41:56.0632 4016 Boot type: Normal boot
19:41:56.0632 4016 ============================================================
19:42:02.0631 4016 BG loaded
19:42:03.0159 4016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:42:03.0190 4016 ============================================================
19:42:03.0190 4016 \Device\Harddisk0\DR0:
19:42:03.0205 4016 MBR partitions:
19:42:03.0205 4016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:42:03.0205 4016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72C52800
19:42:03.0205 4016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72C85000, BlocksNum 0x1A81000
19:42:03.0205 4016 ============================================================
19:42:03.0283 4016 C: <-> \Device\Harddisk0\DR0\Partition2
19:42:03.0424 4016 D: <-> \Device\Harddisk0\DR0\Partition3
19:42:03.0424 4016 ============================================================
19:42:03.0424 4016 Initialize success
19:42:03.0424 4016 ============================================================
19:43:07.0865 6352 ============================================================
19:43:07.0865 6352 Scan started
19:43:07.0865 6352 Mode: Manual; SigCheck; TDLFS;
19:43:07.0865 6352 ============================================================
19:43:09.0298 6352 ================ Scan system memory ========================
19:43:09.0298 6352 System memory - ok
19:43:09.0299 6352 ================ Scan services =============================
19:43:09.0423 6352 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:43:09.0545 6352 1394ohci - ok
19:43:09.0560 6352 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:43:09.0574 6352 ACPI - ok
19:43:09.0588 6352 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:43:09.0651 6352 AcpiPmi - ok
19:43:09.0752 6352 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:43:09.0765 6352 AdobeFlashPlayerUpdateSvc - ok
19:43:09.0795 6352 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:43:09.0814 6352 adp94xx - ok
19:43:09.0833 6352 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:43:09.0847 6352 adpahci - ok
19:43:09.0857 6352 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:43:09.0870 6352 adpu320 - ok
19:43:09.0900 6352 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:43:09.0999 6352 AeLookupSvc - ok
19:43:10.0043 6352 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
19:43:10.0056 6352 Afc - ok
19:43:10.0076 6352 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:43:10.0126 6352 AFD - ok
19:43:10.0149 6352 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:43:10.0161 6352 agp440 - ok
19:43:10.0172 6352 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:43:10.0221 6352 ALG - ok
19:43:10.0246 6352 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:43:10.0256 6352 aliide - ok
19:43:10.0286 6352 [ 2FDCB3E855076CE97CCB58E2CF8F2A09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:43:10.0334 6352 AMD External Events Utility - ok
19:43:10.0387 6352 AMD FUEL Service - ok
19:43:10.0402 6352 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:43:10.0412 6352 amdide - ok
19:43:10.0428 6352 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:43:10.0437 6352 amdiox64 - ok
19:43:10.0452 6352 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:43:10.0487 6352 AmdK8 - ok
19:43:10.0651 6352 [ 9920704BF815A5B42DA5264F013AAEB7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:43:10.0750 6352 amdkmdag - ok
19:43:10.0778 6352 [ 0D1055A47A8F5DC1CAA2701831293EBB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:43:10.0806 6352 amdkmdap - ok
19:43:10.0849 6352 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:43:10.0879 6352 AmdPPM - ok
19:43:10.0916 6352 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:43:10.0928 6352 amdsata - ok
19:43:11.0008 6352 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:43:11.0021 6352 amdsbs - ok
19:43:11.0107 6352 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:43:11.0117 6352 amdxata - ok
19:43:11.0131 6352 [ 8A2B4818215D8A6FF54DC3F0D63CBB2D ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
19:43:11.0140 6352 amd_sata - ok
19:43:11.0149 6352 [ A2D8977623E13591B15F6370C6CC37B0 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
19:43:11.0158 6352 amd_xata - ok
19:43:11.0191 6352 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:43:11.0199 6352 AODDriver4.0 - ok
19:43:11.0224 6352 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:43:11.0233 6352 AODDriver4.01 - ok
19:43:11.0253 6352 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:43:11.0262 6352 AODDriver4.1 - ok
19:43:11.0300 6352 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:43:11.0348 6352 AppID - ok
19:43:11.0376 6352 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:43:11.0430 6352 AppIDSvc - ok
19:43:11.0461 6352 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:43:11.0505 6352 Appinfo - ok
19:43:11.0605 6352 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:43:11.0628 6352 Apple Mobile Device - ok
19:43:11.0665 6352 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:43:11.0676 6352 arc - ok
19:43:11.0687 6352 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:43:11.0698 6352 arcsas - ok
19:43:11.0777 6352 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:43:11.0861 6352 aspnet_state - ok
19:43:11.0930 6352 [ 1237FA2B567BB85DB46C62FE38E27EA2 ] Asset Management Daemon C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
19:43:11.0940 6352 Asset Management Daemon - ok
19:43:11.0952 6352 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:12.0002 6352 AsyncMac - ok
19:43:12.0035 6352 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:43:12.0046 6352 atapi - ok
19:43:12.0088 6352 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:43:12.0097 6352 AtiPcie - ok
19:43:12.0146 6352 [ 1FD0FA6618B31FAD14385740D0F6C333 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:43:12.0158 6352 atksgt - ok
19:43:12.0191 6352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:43:12.0250 6352 AudioEndpointBuilder - ok
19:43:12.0259 6352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:43:12.0289 6352 AudioSrv - ok
19:43:12.0610 6352 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
19:43:12.0686 6352 AVGIDSAgent - ok
19:43:12.0733 6352 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:43:12.0744 6352 AVGIDSDriver - ok
19:43:12.0809 6352 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:43:12.0820 6352 AVGIDSHA - ok
19:43:12.0832 6352 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:43:12.0843 6352 Avgldx64 - ok
19:43:12.0866 6352 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
19:43:12.0878 6352 Avgloga - ok
19:43:12.0892 6352 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:43:12.0903 6352 Avgmfx64 - ok
19:43:12.0932 6352 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:43:12.0942 6352 Avgrkx64 - ok
19:43:12.0958 6352 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:43:12.0969 6352 Avgtdia - ok
19:43:12.0985 6352 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
19:43:12.0996 6352 avgwd - ok
19:43:13.0019 6352 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:43:13.0107 6352 AxInstSV - ok
19:43:13.0149 6352 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:43:13.0198 6352 b06bdrv - ok
19:43:13.0279 6352 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:43:13.0314 6352 b57nd60a - ok
19:43:13.0382 6352 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:43:13.0394 6352 BBSvc - ok
19:43:13.0418 6352 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:43:13.0441 6352 BDESVC - ok
19:43:13.0452 6352 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:43:13.0508 6352 Beep - ok
19:43:13.0568 6352 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:43:13.0632 6352 BFE - ok
19:43:13.0662 6352 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:43:13.0715 6352 BITS - ok
19:43:13.0740 6352 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:43:13.0751 6352 blbdrive - ok
19:43:13.0779 6352 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:43:13.0789 6352 Bonjour Service - ok
19:43:13.0819 6352 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:43:13.0839 6352 bowser - ok
19:43:13.0860 6352 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:43:13.0872 6352 BrFiltLo - ok
19:43:13.0884 6352 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:43:13.0910 6352 BrFiltUp - ok
19:43:13.0928 6352 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:43:13.0975 6352 BridgeMP - ok
19:43:14.0019 6352 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:43:14.0040 6352 Browser - ok
19:43:14.0057 6352 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:43:14.0115 6352 Brserid - ok
19:43:14.0129 6352 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:43:14.0157 6352 BrSerWdm - ok
19:43:14.0174 6352 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:43:14.0187 6352 BrUsbMdm - ok
19:43:14.0194 6352 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:43:14.0205 6352 BrUsbSer - ok
19:43:14.0214 6352 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:43:14.0241 6352 BTHMODEM - ok
19:43:14.0273 6352 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:43:14.0316 6352 bthserv - ok
19:43:14.0318 6352 catchme - ok
19:43:14.0339 6352 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:43:14.0382 6352 cdfs - ok
19:43:14.0421 6352 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:43:14.0433 6352 cdrom - ok
19:43:14.0460 6352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:43:14.0500 6352 CertPropSvc - ok
19:43:14.0523 6352 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:43:14.0536 6352 circlass - ok
19:43:14.0564 6352 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
19:43:14.0602 6352 CISVC - ok
19:43:14.0618 6352 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:43:14.0632 6352 CLFS - ok
19:43:14.0675 6352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:43:14.0687 6352 clr_optimization_v2.0.50727_32 - ok
19:43:14.0730 6352 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:43:14.0752 6352 clr_optimization_v2.0.50727_64 - ok
19:43:14.0795 6352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:43:14.0934 6352 clr_optimization_v4.0.30319_32 - ok
19:43:14.0973 6352 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:43:15.0026 6352 clr_optimization_v4.0.30319_64 - ok
19:43:15.0074 6352 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:43:15.0103 6352 CmBatt - ok
19:43:15.0134 6352 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:43:15.0144 6352 cmdide - ok
19:43:15.0168 6352 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:43:15.0189 6352 CNG - ok
19:43:15.0207 6352 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:43:15.0218 6352 Compbatt - ok
19:43:15.0238 6352 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:43:15.0262 6352 CompositeBus - ok
19:43:15.0266 6352 COMSysApp - ok
19:43:15.0332 6352 [ A398ED024F739E7BE74ECFFA8A713A89 ] CpqDfw C:\Windows\system32\drivers\CpqDfw.sys
19:43:15.0342 6352 CpqDfw - ok
19:43:15.0354 6352 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:43:15.0365 6352 crcdisk - ok
19:43:15.0409 6352 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:43:15.0468 6352 CryptSvc - ok
19:43:15.0513 6352 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:43:15.0530 6352 cvhsvc - ok
19:43:15.0564 6352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:43:15.0610 6352 DcomLaunch - ok
19:43:15.0632 6352 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:43:15.0682 6352 defragsvc - ok
19:43:15.0712 6352 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:43:15.0753 6352 DfsC - ok
19:43:15.0780 6352 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:43:15.0826 6352 Dhcp - ok
19:43:15.0851 6352 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:43:15.0892 6352 discache - ok
19:43:15.0926 6352 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:43:15.0937 6352 Disk - ok
19:43:15.0949 6352 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:43:16.0004 6352 Dnscache - ok
19:43:16.0024 6352 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:43:16.0053 6352 dot3svc - ok
19:43:16.0075 6352 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:43:16.0112 6352 DPS - ok
19:43:16.0139 6352 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:43:16.0172 6352 drmkaud - ok
19:43:16.0222 6352 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:43:16.0233 6352 dtsoftbus01 - ok
19:43:16.0280 6352 [ 2A444AE3C62FA19B20C0214C6E034FDD ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
19:43:16.0289 6352 DTSRVC - ok
19:43:16.0322 6352 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:43:16.0343 6352 DXGKrnl - ok
19:43:16.0371 6352 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:43:16.0400 6352 EapHost - ok
19:43:16.0459 6352 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:43:16.0538 6352 ebdrv - ok
19:43:16.0578 6352 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:43:16.0627 6352 EFS - ok
19:43:16.0668 6352 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:43:16.0730 6352 ehRecvr - ok
19:43:16.0756 6352 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:43:16.0767 6352 ehSched - ok
19:43:16.0797 6352 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:43:16.0816 6352 elxstor - ok
19:43:16.0828 6352 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:43:16.0855 6352 ErrDev - ok
19:43:16.0886 6352 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:43:16.0932 6352 EventSystem - ok
19:43:16.0970 6352 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:43:17.0015 6352 exfat - ok
19:43:17.0052 6352 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:43:17.0082 6352 fastfat - ok
19:43:17.0135 6352 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:43:17.0187 6352 Fax - ok
19:43:17.0199 6352 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:43:17.0227 6352 fdc - ok
19:43:17.0258 6352 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:43:17.0286 6352 fdPHost - ok
19:43:17.0297 6352 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:43:17.0324 6352 FDResPub - ok
19:43:17.0338 6352 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:43:17.0348 6352 FileInfo - ok
19:43:17.0364 6352 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:43:17.0407 6352 Filetrace - ok
19:43:17.0431 6352 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:43:17.0442 6352 flpydisk - ok
19:43:17.0471 6352 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:43:17.0483 6352 FltMgr - ok
19:43:17.0521 6352 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:43:17.0554 6352 FontCache - ok
19:43:17.0602 6352 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:43:17.0632 6352 FontCache3.0.0.0 - ok
19:43:17.0650 6352 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:43:17.0663 6352 FsDepends - ok
19:43:17.0714 6352 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:43:17.0727 6352 Fs_Rec - ok
19:43:17.0754 6352 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:43:17.0768 6352 fvevol - ok
19:43:17.0786 6352 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:43:17.0799 6352 gagp30kx - ok
19:43:17.0819 6352 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:43:17.0827 6352 GEARAspiWDM - ok
19:43:17.0852 6352 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:43:17.0904 6352 gpsvc - ok
19:43:17.0926 6352 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:43:17.0972 6352 hcw85cir - ok
19:43:18.0010 6352 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:43:18.0027 6352 HdAudAddService - ok
19:43:18.0056 6352 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:43:18.0084 6352 HDAudBus - ok
19:43:18.0103 6352 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:43:18.0115 6352 HidBatt - ok
19:43:18.0123 6352 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:43:18.0149 6352 HidBth - ok
19:43:18.0172 6352 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:43:18.0221 6352 HidIr - ok
19:43:18.0246 6352 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:43:18.0294 6352 hidserv - ok
19:43:18.0319 6352 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:43:18.0329 6352 HidUsb - ok
19:43:18.0358 6352 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:43:18.0399 6352 hkmsvc - ok
19:43:18.0438 6352 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:43:18.0472 6352 HomeGroupListener - ok
19:43:18.0492 6352 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:43:18.0526 6352 HomeGroupProvider - ok
19:43:18.0591 6352 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:43:18.0603 6352 HP Support Assistant Service - ok
19:43:18.0643 6352 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:43:18.0654 6352 HPClientSvc - ok
19:43:18.0675 6352 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:43:18.0684 6352 HPDrvMntSvc.exe - ok
19:43:18.0707 6352 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:43:18.0728 6352 hpqwmiex - ok
19:43:18.0740 6352 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:43:18.0752 6352 HpSAMD - ok
19:43:18.0776 6352 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:43:18.0832 6352 HTTP - ok
19:43:18.0864 6352 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:43:18.0882 6352 hwpolicy - ok
19:43:18.0905 6352 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:43:18.0918 6352 i8042prt - ok
19:43:18.0953 6352 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:43:18.0974 6352 iaStorV - ok
19:43:19.0018 6352 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:43:19.0056 6352 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:43:19.0056 6352 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:43:19.0099 6352 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:43:19.0132 6352 idsvc - ok
19:43:19.0161 6352 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:43:19.0172 6352 iirsp - ok
19:43:19.0196 6352 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:43:19.0229 6352 IKEEXT - ok
19:43:19.0288 6352 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:43:19.0327 6352 IntcAzAudAddService - ok
19:43:19.0348 6352 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:43:19.0371 6352 intelide - ok
19:43:19.0393 6352 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:43:19.0425 6352 intelppm - ok
19:43:19.0466 6352 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:43:19.0507 6352 IPBusEnum - ok
19:43:19.0527 6352 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:19.0573 6352 IpFilterDriver - ok
19:43:19.0633 6352 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:43:19.0657 6352 iphlpsvc - ok
19:43:19.0688 6352 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:43:19.0723 6352 IPMIDRV - ok
19:43:19.0741 6352 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:43:19.0773 6352 IPNAT - ok
19:43:19.0800 6352 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:43:19.0814 6352 IRENUM - ok
19:43:19.0836 6352 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:43:19.0847 6352 isapnp - ok
19:43:19.0875 6352 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:43:19.0899 6352 iScsiPrt - ok
19:43:19.0908 6352 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:43:19.0918 6352 kbdclass - ok
19:43:19.0942 6352 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:43:19.0968 6352 kbdhid - ok
19:43:20.0008 6352 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:43:20.0018 6352 KeyIso - ok
19:43:20.0073 6352 [ 4331B0920B40BA1CFB9F53E709F00430 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:43:20.0089 6352 KMWDFILTER - ok
19:43:20.0137 6352 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:43:20.0149 6352 KSecDD - ok
19:43:20.0183 6352 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:43:20.0195 6352 KSecPkg - ok
19:43:20.0213 6352 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:43:20.0258 6352 ksthunk - ok
19:43:20.0289 6352 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:43:20.0338 6352 KtmRm - ok
19:43:20.0375 6352 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:43:20.0422 6352 LanmanServer - ok
19:43:20.0450 6352 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:43:20.0499 6352 LanmanWorkstation - ok
19:43:20.0552 6352 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:43:20.0607 6352 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:43:20.0607 6352 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:43:20.0663 6352 [ 5EA407821BB3104C31A705175AB4F309 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:43:20.0685 6352 lirsgt - ok
19:43:20.0730 6352 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:43:20.0772 6352 lltdio - ok
19:43:20.0784 6352 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:43:20.0851 6352 lltdsvc - ok
19:43:20.0856 6352 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:43:20.0915 6352 lmhosts - ok
19:43:20.0949 6352 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:43:20.0961 6352 LSI_FC - ok
19:43:20.0974 6352 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:43:20.0986 6352 LSI_SAS - ok
19:43:20.0996 6352 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:43:21.0008 6352 LSI_SAS2 - ok
19:43:21.0017 6352 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:43:21.0029 6352 LSI_SCSI - ok
19:43:21.0044 6352 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:43:21.0092 6352 luafv - ok
19:43:21.0105 6352 lxbk_device - ok
19:43:21.0129 6352 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:43:21.0142 6352 Mcx2Svc - ok
19:43:21.0152 6352 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:43:21.0163 6352 megasas - ok
19:43:21.0177 6352 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:43:21.0190 6352 MegaSR - ok
19:43:21.0201 6352 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:43:21.0242 6352 MMCSS - ok
19:43:21.0258 6352 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:43:21.0303 6352 Modem - ok
19:43:21.0312 6352 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:43:21.0341 6352 monitor - ok
19:43:21.0384 6352 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:43:21.0394 6352 mouclass - ok
19:43:21.0400 6352 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:43:21.0427 6352 mouhid - ok
19:43:21.0464 6352 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:43:21.0474 6352 mountmgr - ok
19:43:21.0543 6352 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:43:21.0568 6352 MozillaMaintenance - ok
19:43:21.0580 6352 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:43:21.0593 6352 mpio - ok
19:43:21.0610 6352 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:43:21.0641 6352 mpsdrv - ok
19:43:21.0664 6352 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:43:21.0700 6352 MpsSvc - ok
19:43:21.0719 6352 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
19:43:21.0760 6352 MQAC - ok
19:43:21.0829 6352 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
19:43:21.0866 6352 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
19:43:21.0866 6352 MREMP50 - detected UnsignedFile.Multi.Generic (1)
19:43:21.0937 6352 [ C2758DF79C83A0D12A5599A040CA1818 ] MREMP50a64 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
19:43:21.0946 6352 MREMP50a64 - ok
19:43:21.0949 6352 MREMPR5 - ok
19:43:21.0960 6352 MRENDIS5 - ok
19:43:21.0989 6352 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
19:43:22.0002 6352 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
19:43:22.0002 6352 MRESP50 - detected UnsignedFile.Multi.Generic (1)
19:43:22.0016 6352 [ 38BD5B32E0722752BE8465D2A6DA43D9 ] MRESP50a64 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
19:43:22.0025 6352 MRESP50a64 - ok
19:43:22.0056 6352 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:43:22.0090 6352 MRxDAV - ok
19:43:22.0118 6352 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:22.0157 6352 mrxsmb - ok
19:43:22.0181 6352 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:22.0208 6352 mrxsmb10 - ok
19:43:22.0236 6352 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:22.0247 6352 mrxsmb20 - ok
19:43:22.0263 6352 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:43:22.0274 6352 msahci - ok
19:43:22.0291 6352 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:43:22.0304 6352 msdsm - ok
19:43:22.0333 6352 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:43:22.0365 6352 MSDTC - ok
19:43:22.0395 6352 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:43:22.0423 6352 Msfs - ok
19:43:22.0432 6352 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:43:22.0476 6352 mshidkmdf - ok
19:43:22.0492 6352 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:43:22.0502 6352 msisadrv - ok
19:43:22.0527 6352 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:43:22.0573 6352 MSiSCSI - ok
19:43:22.0576 6352 msiserver - ok
19:43:22.0604 6352 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:43:22.0633 6352 MSKSSRV - ok
19:43:22.0665 6352 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
19:43:22.0687 6352 MSMQ - ok
19:43:22.0705 6352 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:22.0746 6352 MSPCLOCK - ok
19:43:22.0766 6352 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:43:22.0811 6352 MSPQM - ok
19:43:22.0837 6352 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:43:22.0852 6352 MsRPC - ok
19:43:22.0867 6352 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:43:22.0877 6352 mssmbios - ok
19:43:22.0898 6352 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:43:22.0928 6352 MSTEE - ok
19:43:22.0942 6352 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:43:22.0953 6352 MTConfig - ok
19:43:22.0964 6352 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:43:22.0973 6352 Mup - ok
19:43:22.0998 6352 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:43:23.0044 6352 napagent - ok
19:43:23.0073 6352 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:43:23.0102 6352 NativeWifiP - ok
19:43:23.0145 6352 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:43:23.0164 6352 NDIS - ok
19:43:23.0186 6352 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:23.0215 6352 NdisCap - ok
19:43:23.0233 6352 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:23.0261 6352 NdisTapi - ok
19:43:23.0283 6352 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:23.0310 6352 Ndisuio - ok
19:43:23.0329 6352 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:23.0376 6352 NdisWan - ok
19:43:23.0393 6352 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:43:23.0420 6352 NDProxy - ok
19:43:23.0434 6352 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:43:23.0477 6352 NetBIOS - ok
19:43:23.0503 6352 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:43:23.0542 6352 NetBT - ok
19:43:23.0621 6352 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:43:23.0631 6352 Netlogon - ok
19:43:23.0690 6352 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:43:23.0743 6352 Netman - ok
19:43:23.0857 6352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:23.0890 6352 NetMsmqActivator - ok
19:43:23.0894 6352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:23.0902 6352 NetPipeActivator - ok
19:43:23.0941 6352 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:43:23.0987 6352 netprofm - ok
19:43:24.0039 6352 [ 1982B291DF9833FB3ADC397EBD310A18 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
19:43:24.0063 6352 netr28x - ok
19:43:24.0068 6352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:24.0076 6352 NetTcpActivator - ok
19:43:24.0081 6352 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:24.0090 6352 NetTcpPortSharing - ok
19:43:24.0120 6352 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:43:24.0131 6352 nfrd960 - ok
19:43:24.0168 6352 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:43:24.0198 6352 NlaSvc - ok
19:43:24.0238 6352 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:43:24.0267 6352 Npfs - ok
19:43:24.0298 6352 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:43:24.0345 6352 nsi - ok
19:43:24.0361 6352 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:43:24.0409 6352 nsiproxy - ok
19:43:24.0465 6352 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:43:24.0511 6352 Ntfs - ok
19:43:24.0533 6352 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:43:24.0573 6352 Null - ok
19:43:24.0592 6352 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:43:24.0605 6352 nvraid - ok
19:43:24.0632 6352 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:43:24.0645 6352 nvstor - ok
19:43:24.0683 6352 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:43:24.0695 6352 nv_agp - ok
19:43:24.0718 6352 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:43:24.0730 6352 ohci1394 - ok
19:43:24.0763 6352 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:43:24.0774 6352 ose - ok
19:43:24.0869 6352 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:43:24.0980 6352 osppsvc - ok
19:43:25.0005 6352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:43:25.0042 6352 p2pimsvc - ok
19:43:25.0058 6352 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:43:25.0072 6352 p2psvc - ok
19:43:25.0094 6352 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:43:25.0128 6352 Parport - ok
19:43:25.0165 6352 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:43:25.0175 6352 partmgr - ok
19:43:25.0190 6352 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:43:25.0223 6352 PcaSvc - ok
19:43:25.0266 6352 [ 9C049ACD0CB71931AF89E055427DFAC9 ] pcCMService C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
19:43:25.0285 6352 pcCMService ( UnsignedFile.Multi.Generic ) - warning
19:43:25.0285 6352 pcCMService - detected UnsignedFile.Multi.Generic (1)
19:43:25.0317 6352 [ D8C295D4F9D0DCC03DE7FF006C1F3034 ] pcCMService64 C:\Program Files\Common Files\Motive\pcCMService.exe
19:43:25.0342 6352 pcCMService64 ( UnsignedFile.Multi.Generic ) - warning
19:43:25.0342 6352 pcCMService64 - detected UnsignedFile.Multi.Generic (1)
19:43:25.0367 6352 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:43:25.0378 6352 pci - ok
19:43:25.0390 6352 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:43:25.0400 6352 pciide - ok
19:43:25.0415 6352 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:43:25.0429 6352 pcmcia - ok
19:43:25.0439 6352 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:43:25.0450 6352 pcw - ok
19:43:25.0468 6352 pdfcDispatcher - ok
19:43:25.0509 6352 [ CCEF81EBCEF2BCB44274D01360A31AAF ] PdiPorts C:\Windows\system32\DRIVERS\PdiPorts.sys
19:43:25.0525 6352 PdiPorts - ok
19:43:25.0533 6352 [ 43F969BAA4C4E517102D16D4B2DAF2C0 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
19:43:25.0542 6352 PdiService - ok
19:43:25.0562 6352 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:43:25.0595 6352 PEAUTH - ok
19:43:25.0661 6352 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:43:25.0688 6352 PerfHost - ok
19:43:25.0741 6352 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:43:25.0781 6352 pla - ok
19:43:25.0813 6352 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:43:25.0857 6352 PlugPlay - ok
19:43:25.0873 6352 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:43:25.0903 6352 PNRPAutoReg - ok
19:43:25.0929 6352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:43:25.0942 6352 PNRPsvc - ok
19:43:25.0960 6352 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:43:26.0008 6352 PolicyAgent - ok
19:43:26.0042 6352 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:43:26.0074 6352 Power - ok
19:43:26.0094 6352 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:43:26.0122 6352 PptpMiniport - ok
19:43:26.0139 6352 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:43:26.0167 6352 Processor - ok
19:43:26.0201 6352 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:43:26.0238 6352 ProfSvc - ok
19:43:26.0251 6352 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:43:26.0261 6352 ProtectedStorage - ok
19:43:26.0288 6352 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:43:26.0327 6352 Psched - ok
19:43:26.0370 6352 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:43:26.0415 6352 ql2300 - ok
19:43:26.0429 6352 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:43:26.0440 6352 ql40xx - ok
19:43:26.0454 6352 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:43:26.0470 6352 QWAVE - ok
19:43:26.0481 6352 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:43:26.0512 6352 QWAVEdrv - ok
19:43:26.0532 6352 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:43:26.0560 6352 RasAcd - ok
19:43:26.0583 6352 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:43:26.0610 6352 RasAgileVpn - ok
19:43:26.0624 6352 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:43:26.0668 6352 RasAuto - ok
19:43:26.0686 6352 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:43:26.0730 6352 Rasl2tp - ok
19:43:26.0763 6352 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:43:26.0793 6352 RasMan - ok
19:43:26.0805 6352 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:43:26.0851 6352 RasPppoe - ok
19:43:26.0868 6352 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:43:26.0910 6352 RasSstp - ok
19:43:26.0940 6352 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:43:26.0969 6352 rdbss - ok
19:43:26.0986 6352 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:43:26.0999 6352 rdpbus - ok
19:43:27.0014 6352 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:43:27.0042 6352 RDPCDD - ok
19:43:27.0055 6352 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:43:27.0097 6352 RDPENCDD - ok
19:43:27.0102 6352 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:43:27.0130 6352 RDPREFMP - ok
19:43:27.0156 6352 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:43:27.0181 6352 RDPWD - ok
19:43:27.0205 6352 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:43:27.0227 6352 rdyboost - ok
19:43:27.0257 6352 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:43:27.0302 6352 RemoteAccess - ok
19:43:27.0353 6352 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:43:27.0403 6352 RemoteRegistry - ok
19:43:27.0498 6352 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:43:27.0523 6352 RoxioNow Service - ok
19:43:27.0548 6352 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:43:27.0599 6352 RpcEptMapper - ok
19:43:27.0645 6352 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:43:27.0683 6352 RpcLocator - ok
19:43:27.0744 6352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
19:43:27.0776 6352 RpcSs - ok
19:43:27.0799 6352 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:43:27.0854 6352 rspndr - ok
19:43:27.0885 6352 [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:43:27.0898 6352 RTL8167 - ok
19:43:27.0908 6352 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:43:27.0918 6352 SamSs - ok
19:43:27.0940 6352 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:43:27.0952 6352 sbp2port - ok
19:43:27.0968 6352 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:43:28.0005 6352 SCardSvr - ok
19:43:28.0054 6352 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:43:28.0107 6352 scfilter - ok
19:43:28.0193 6352 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:43:28.0245 6352 Schedule - ok
19:43:28.0271 6352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:43:28.0300 6352 SCPolicySvc - ok
19:43:28.0354 6352 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:43:28.0386 6352 SDRSVC - ok
19:43:28.0516 6352 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:43:28.0527 6352 SeaPort - ok
19:43:28.0558 6352 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:43:28.0619 6352 secdrv - ok
19:43:28.0646 6352 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:43:28.0688 6352 seclogon - ok
19:43:28.0731 6352 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:43:28.0782 6352 SENS - ok
19:43:28.0799 6352 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:43:28.0837 6352 SensrSvc - ok
19:43:28.0869 6352 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:43:28.0901 6352 Serenum - ok
19:43:28.0928 6352 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:43:28.0954 6352 Serial - ok
19:43:28.0993 6352 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:43:29.0018 6352 sermouse - ok
19:43:29.0048 6352 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:43:29.0101 6352 SessionEnv - ok
19:43:29.0126 6352 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:43:29.0168 6352 sffdisk - ok
19:43:29.0183 6352 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:43:29.0211 6352 sffp_mmc - ok
19:43:29.0226 6352 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:43:29.0251 6352 sffp_sd - ok
19:43:29.0257 6352 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:43:29.0282 6352 sfloppy - ok
19:43:29.0375 6352 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:43:29.0391 6352 Sftfs - ok
19:43:29.0509 6352 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:43:29.0522 6352 sftlist - ok
19:43:29.0556 6352 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:43:29.0566 6352 Sftplay - ok
19:43:29.0591 6352 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:43:29.0599 6352 Sftredir - ok
19:43:29.0627 6352 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:43:29.0635 6352 Sftvol - ok
19:43:29.0664 6352 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:43:29.0674 6352 sftvsa - ok
19:43:29.0717 6352 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:43:29.0769 6352 SharedAccess - ok
19:43:29.0817 6352 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:43:29.0859 6352 ShellHWDetection - ok
19:43:29.0891 6352 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:43:29.0903 6352 SiSRaid2 - ok
19:43:29.0915 6352 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:43:29.0927 6352 SiSRaid4 - ok
19:43:29.0976 6352 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:43:29.0985 6352 SkypeUpdate - ok
19:43:30.0009 6352 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:43:30.0054 6352 Smb - ok
19:43:30.0106 6352 [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP C:\Windows\System32\snmp.exe
19:43:30.0140 6352 SNMP - ok
19:43:30.0171 6352 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:43:30.0194 6352 SNMPTRAP - ok
19:43:30.0610 6352 [ 3B7162AC2E64623EF35778A59674E3A9 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
19:43:30.0913 6352 SNPSTD3 - ok
19:43:30.0947 6352 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:43:30.0958 6352 spldr - ok
19:43:30.0998 6352 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:43:31.0059 6352 Spooler - ok
19:43:31.0251 6352 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:43:31.0309 6352 sppsvc - ok
19:43:31.0325 6352 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:43:31.0386 6352 sppuinotify - ok
19:43:31.0459 6352 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
19:43:31.0459 6352 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
19:43:31.0485 6352 sptd ( LockedFile.Multi.Generic ) - warning
19:43:31.0485 6352 sptd - detected LockedFile.Multi.Generic (1)
19:43:31.0527 6352 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:43:31.0578 6352 srv - ok
19:43:31.0620 6352 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:43:31.0646 6352 srv2 - ok
19:43:31.0678 6352 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:43:31.0688 6352 srvnet - ok
19:43:31.0770 6352 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
19:43:31.0782 6352 sscdbus - ok
19:43:31.0836 6352 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:43:31.0855 6352 sscdmdfl - ok
19:43:31.0905 6352 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
19:43:31.0924 6352 sscdmdm - ok
19:43:31.0944 6352 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
19:43:31.0967 6352 sscdserd - ok
19:43:31.0995 6352 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:43:32.0047 6352 SSDPSRV - ok
19:43:32.0061 6352 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:43:32.0090 6352 SstpSvc - ok
19:43:32.0120 6352 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:43:32.0131 6352 stexstor - ok
19:43:32.0168 6352 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:43:32.0205 6352 stisvc - ok
19:43:32.0243 6352 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:43:32.0253 6352 swenum - ok
19:43:32.0265 6352 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:43:32.0315 6352 swprv - ok
19:43:32.0394 6352 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:43:32.0454 6352 SysMain - ok
19:43:32.0489 6352 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:43:32.0504 6352 TabletInputService - ok
19:43:32.0518 6352 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:43:32.0564 6352 TapiSrv - ok
19:43:32.0578 6352 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:43:32.0606 6352 TBS - ok
19:43:32.0730 6352 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:43:32.0794 6352 Tcpip - ok
19:43:32.0847 6352 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:43:32.0877 6352 TCPIP6 - ok
19:43:32.0893 6352 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:43:32.0902 6352 tcpipreg - ok
19:43:32.0928 6352 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:43:32.0965 6352 TDPIPE - ok
19:43:32.0988 6352 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:43:33.0017 6352 TDTCP - ok
19:43:33.0040 6352 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:43:33.0067 6352 tdx - ok
19:43:33.0085 6352 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:43:33.0095 6352 TermDD - ok
19:43:33.0116 6352 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:43:33.0149 6352 TermService - ok
19:43:33.0158 6352 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:43:33.0190 6352 Themes - ok
19:43:33.0214 6352 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:43:33.0242 6352 THREADORDER - ok
19:43:33.0250 6352 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:43:33.0279 6352 TrkWks - ok
19:43:33.0335 6352 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:43:33.0380 6352 TrustedInstaller - ok
19:43:33.0470 6352 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:43:33.0512 6352 tssecsrv - ok
19:43:33.0538 6352 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:43:33.0557 6352 TsUsbFlt - ok
19:43:33.0589 6352 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:43:33.0629 6352 tunnel - ok
19:43:33.0660 6352 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:43:33.0671 6352 uagp35 - ok
19:43:33.0688 6352 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:43:33.0732 6352 udfs - ok
19:43:33.0751 6352 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:43:33.0763 6352 UI0Detect - ok
19:43:33.0779 6352 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:43:33.0790 6352 uliagpkx - ok
19:43:33.0812 6352 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:43:33.0842 6352 umbus - ok
19:43:33.0861 6352 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:43:33.0885 6352 UmPass - ok
19:43:33.0907 6352 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:43:33.0938 6352 upnphost - ok
19:43:33.0964 6352 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:43:33.0981 6352 USBAAPL64 - ok
19:43:34.0023 6352 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:43:34.0038 6352 usbaudio - ok
19:43:34.0061 6352 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:43:34.0081 6352 usbccgp - ok
19:43:34.0104 6352 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:43:34.0118 6352 usbcir - ok
19:43:34.0142 6352 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:43:34.0152 6352 usbehci - ok
19:43:34.0178 6352 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:43:34.0186 6352 usbfilter - ok
19:43:34.0212 6352 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:43:34.0237 6352 usbhub - ok
19:43:34.0268 6352 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:43:34.0278 6352 usbohci - ok
19:43:34.0287 6352 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:43:34.0318 6352 usbprint - ok
19:43:34.0347 6352 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:43:34.0359 6352 usbscan - ok
19:43:34.0379 6352 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:43:34.0429 6352 USBSTOR - ok
19:43:34.0446 6352 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:43:34.0471 6352 usbuhci - ok
19:43:34.0490 6352 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:43:34.0518 6352 UxSms - ok
19:43:34.0527 6352 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:43:34.0536 6352 VaultSvc - ok
19:43:34.0582 6352 [ B3FC2D5F35E05E12C28F786C140D1CBD ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:43:34.0593 6352 VBoxNetAdp - ok
19:43:34.0608 6352 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:43:34.0619 6352 vdrvroot - ok
19:43:34.0666 6352 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:43:34.0698 6352 vds - ok
19:43:34.0716 6352 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:43:34.0729 6352 vga - ok
19:43:34.0739 6352 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:43:34.0787 6352 VgaSave - ok
19:43:34.0809 6352 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:43:34.0821 6352 vhdmp - ok
19:43:34.0835 6352 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:43:34.0846 6352 viaide - ok
19:43:34.0871 6352 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:43:34.0882 6352 volmgr - ok
19:43:34.0912 6352 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:43:34.0929 6352 volmgrx - ok
19:43:34.0946 6352 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:43:34.0960 6352 volsnap - ok
19:43:34.0979 6352 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:43:34.0991 6352 vsmraid - ok
19:43:35.0038 6352 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:43:35.0096 6352 VSS - ok
19:43:35.0099 6352 vToolbarUpdater11.0.2 - ok
19:43:35.0130 6352 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:43:35.0155 6352 vwifibus - ok
19:43:35.0178 6352 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:43:35.0192 6352 vwififlt - ok
19:43:35.0217 6352 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:43:35.0247 6352 W32Time - ok
19:43:35.0254 6352 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:43:35.0265 6352 WacomPen - ok
19:43:35.0276 6352 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:43:35.0321 6352 WANARP - ok
19:43:35.0324 6352 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:43:35.0350 6352 Wanarpv6 - ok
19:43:35.0413 6352 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:43:35.0454 6352 WatAdminSvc - ok
19:43:35.0491 6352 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:43:35.0552 6352 wbengine - ok
19:43:35.0580 6352 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:43:35.0595 6352 WbioSrvc - ok
19:43:35.0614 6352 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:43:35.0631 6352 wcncsvc - ok
19:43:35.0642 6352 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:43:35.0685 6352 WcsPlugInService - ok
19:43:35.0688 6352 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:43:35.0698 6352 Wd - ok
19:43:35.0726 6352 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:43:35.0736 6352 WDC_SAM ( UnsignedFile.Multi.Generic ) - warning
19:43:35.0736 6352 WDC_SAM - detected UnsignedFile.Multi.Generic (1)
19:43:35.0769 6352 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:43:35.0788 6352 Wdf01000 - ok
19:43:35.0802 6352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:43:35.0879 6352 WdiServiceHost - ok
19:43:35.0882 6352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:43:35.0897 6352 WdiSystemHost - ok
19:43:35.0929 6352 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:43:35.0962 6352 WebClient - ok
19:43:35.0984 6352 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:43:36.0033 6352 Wecsvc - ok
19:43:36.0057 6352 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:43:36.0086 6352 wercplsupport - ok
19:43:36.0104 6352 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:43:36.0133 6352 WerSvc - ok
19:43:36.0144 6352 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:36.0171 6352 WfpLwf - ok
19:43:36.0181 6352 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:43:36.0191 6352 WIMMount - ok
19:43:36.0212 6352 WinDefend - ok
19:43:36.0226 6352 WinHttpAutoProxySvc - ok
19:43:36.0272 6352 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:43:36.0301 6352 Winmgmt - ok
19:43:36.0337 6352 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:43:36.0383 6352 WinRM - ok
19:43:36.0421 6352 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:43:36.0434 6352 WinUsb - ok
19:43:36.0455 6352 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:43:36.0496 6352 Wlansvc - ok
19:43:36.0600 6352 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:43:36.0634 6352 wlidsvc - ok
19:43:36.0656 6352 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:43:36.0683 6352 WmiAcpi - ok
19:43:36.0720 6352 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:43:36.0751 6352 wmiApSrv - ok
19:43:36.0795 6352 WMPNetworkSvc - ok
19:43:36.0833 6352 [ 58540037A4A3EEEEFA47C84100E1694F ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
19:43:36.0846 6352 WMZuneComm - ok
19:43:36.0860 6352 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:43:36.0877 6352 WPCSvc - ok
19:43:36.0903 6352 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:43:36.0915 6352 WPDBusEnum - ok
19:43:36.0925 6352 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:43:36.0951 6352 ws2ifsl - ok
19:43:36.0971 6352 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:43:36.0998 6352 wscsvc - ok
19:43:37.0001 6352 WSearch - ok
19:43:37.0058 6352 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:43:37.0094 6352 wuauserv - ok
19:43:37.0126 6352 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:43:37.0188 6352 WudfPf - ok
19:43:37.0212 6352 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:43:37.0223 6352 WUDFRd - ok
19:43:37.0258 6352 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:43:37.0285 6352 wudfsvc - ok
19:43:37.0305 6352 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:43:37.0321 6352 WwanSvc - ok
19:43:37.0464 6352 [ D6EF205269C2A584AF6B56B9F95010F8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
19:43:37.0657 6352 ZuneNetworkSvc - ok
19:43:37.0711 6352 [ 7A565AFE58F3822A9E622868E5CC0E5C ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
19:43:37.0726 6352 ZuneWlanCfgSvc - ok
19:43:37.0732 6352 ================ Scan global ===============================
19:43:37.0746 6352 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:43:37.0784 6352 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:43:37.0790 6352 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:43:37.0809 6352 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:43:37.0842 6352 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:43:37.0845 6352 [Global] - ok
19:43:37.0845 6352 ================ Scan MBR ==================================
19:43:37.0853 6352 [ BB0DF5E29835D5EE03D5EA96E00E62C2 ] \Device\Harddisk0\DR0
19:43:38.0101 6352 \Device\Harddisk0\DR0 - ok
19:43:38.0101 6352 ================ Scan VBR ==================================
19:43:38.0118 6352 [ C27011D64F8BA84D7C3FE41DFC2F2823 ] \Device\Harddisk0\DR0\Partition1
19:43:38.0120 6352 \Device\Harddisk0\DR0\Partition1 - ok
19:43:38.0126 6352 [ B0CDCCD5283D3D41B053883D97AC7C94 ] \Device\Harddisk0\DR0\Partition2
19:43:38.0127 6352 \Device\Harddisk0\DR0\Partition2 - ok
19:43:38.0153 6352 [ 7569D5F4D20DAF896F492B13ECF423C2 ] \Device\Harddisk0\DR0\Partition3
19:43:38.0155 6352 \Device\Harddisk0\DR0\Partition3 - ok
19:43:38.0155 6352 ================ Scan active images ========================
19:43:38.0157 6352 [ 8A2B4818215D8A6FF54DC3F0D63CBB2D ] C:\Windows\System32\drivers\amd_sata.sys
19:43:38.0157 6352 C:\Windows\System32\drivers\amd_sata.sys - ok
19:43:38.0161 6352 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
19:43:38.0161 6352 C:\Windows\System32\drivers\crashdmp.sys - ok
19:43:38.0165 6352 [ 9BBD8B5855BC6578957F82341F9CDE5A ] C:\Windows\System32\drivers\Diskdump.sys
19:43:38.0165 6352 C:\Windows\System32\drivers\Diskdump.sys - ok
19:43:38.0169 6352 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
19:43:38.0169 6352 C:\Windows\System32\drivers\dumpfve.sys - ok
19:43:38.0173 6352 [ 46571ED73AE84469DCA53081D33CF3C8 ] C:\Windows\System32\drivers\dtsoftbus01.sys
19:43:38.0173 6352 C:\Windows\System32\drivers\dtsoftbus01.sys - ok
19:43:38.0177 6352 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
19:43:38.0177 6352 C:\Windows\System32\drivers\cdrom.sys - ok
19:43:38.0180 6352 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
19:43:38.0180 6352 C:\Windows\System32\drivers\beep.sys - ok
19:43:38.0184 6352 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
19:43:38.0184 6352 C:\Windows\System32\drivers\null.sys - ok
19:43:38.0188 6352 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
19:43:38.0188 6352 C:\Windows\System32\drivers\RDPCDD.sys - ok
19:43:38.0191 6352 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
19:43:38.0191 6352 C:\Windows\System32\drivers\RDPENCDD.sys - ok
19:43:38.0195 6352 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
19:43:38.0195 6352 C:\Windows\System32\drivers\vga.sys - ok
19:43:38.0199 6352 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
19:43:38.0199 6352 C:\Windows\System32\drivers\videoprt.sys - ok
19:43:38.0203 6352 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
19:43:38.0203 6352 C:\Windows\System32\drivers\watchdog.sys - ok
19:43:38.0206 6352 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
19:43:38.0206 6352 C:\Windows\System32\drivers\RDPREFMP.sys - ok
19:43:38.0210 6352 [ 6E634525613D48A1D1657FB21F21F3B2 ] C:\Windows\System32\drivers\avgtdia.sys
19:43:38.0210 6352 C:\Windows\System32\drivers\avgtdia.sys - ok
19:43:38.0214 6352 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
19:43:38.0214 6352 C:\Windows\System32\drivers\msfs.sys - ok
19:43:38.0218 6352 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
19:43:38.0218 6352 C:\Windows\System32\drivers\npfs.sys - ok
19:43:38.0222 6352 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
19:43:38.0222 6352 C:\Windows\System32\drivers\tdi.sys - ok
19:43:38.0225 6352 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
19:43:38.0225 6352 C:\Windows\System32\drivers\tdx.sys - ok
19:43:38.0229 6352 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
19:43:38.0229 6352 C:\Windows\System32\drivers\afd.sys - ok
19:43:38.0233 6352 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
19:43:38.0233 6352 C:\Windows\System32\drivers\netbt.sys - ok
19:43:38.0237 6352 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
19:43:38.0237 6352 C:\Windows\System32\drivers\ws2ifsl.sys - ok
19:43:38.0241 6352 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
19:43:38.0241 6352 C:\Windows\System32\drivers\netbios.sys - ok
19:43:38.0244 6352 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
19:43:38.0244 6352 C:\Windows\System32\drivers\pacer.sys - ok
19:43:38.0248 6352 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
19:43:38.0248 6352 C:\Windows\System32\drivers\termdd.sys - ok
19:43:38.0252 6352 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
19:43:38.0252 6352 C:\Windows\System32\drivers\vwififlt.sys - ok
19:43:38.0256 6352 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
19:43:38.0256 6352 C:\Windows\System32\drivers\wanarp.sys - ok
19:43:38.0260 6352 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
19:43:38.0260 6352 C:\Windows\System32\drivers\wfplwf.sys - ok
19:43:38.0264 6352 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
19:43:38.0264 6352 C:\Windows\System32\drivers\nsiproxy.sys - ok
19:43:38.0267 6352 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
19:43:38.0267 6352 C:\Windows\System32\drivers\rdbss.sys - ok
19:43:38.0271 6352 [ 5989592A91A17587799792A81E1541D4 ] C:\Windows\System32\drivers\avgldx64.sys
19:43:38.0271 6352 C:\Windows\System32\drivers\avgldx64.sys - ok
19:43:38.0275 6352 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
19:43:38.0275 6352 C:\Windows\System32\drivers\blbdrive.sys - ok
19:43:38.0278 6352 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
19:43:38.0279 6352 C:\Windows\System32\drivers\dfsc.sys - ok
19:43:38.0282 6352 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
19:43:38.0282 6352 C:\Windows\System32\drivers\discache.sys - ok
19:43:38.0286 6352 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
19:43:38.0286 6352 C:\Windows\System32\drivers\mssmbios.sys - ok
19:43:38.0290 6352 [ 388056EBD5FE6718FE669078DBE37897 ] C:\Windows\System32\drivers\avgidsdrivera.sys
19:43:38.0290 6352 C:\Windows\System32\drivers\avgidsdrivera.sys - ok
19:43:38.0294 6352 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
19:43:38.0294 6352 C:\Windows\System32\drivers\amdppm.sys - ok
19:43:38.0298 6352 [ 0D1055A47A8F5DC1CAA2701831293EBB ] C:\Windows\System32\drivers\atikmpag.sys
19:43:38.0298 6352 C:\Windows\System32\drivers\atikmpag.sys - ok
19:43:38.0301 6352 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
19:43:38.0301 6352 C:\Windows\System32\drivers\tunnel.sys - ok
19:43:38.0305 6352 [ 9920704BF815A5B42DA5264F013AAEB7 ] C:\Windows\System32\drivers\atikmdag.sys
19:43:38.0305 6352 C:\Windows\System32\drivers\atikmdag.sys - ok
19:43:38.0309 6352 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
19:43:38.0309 6352 C:\Windows\System32\ntdll.dll - ok
19:43:38.0313 6352 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
19:43:38.0313 6352 C:\Windows\System32\smss.exe - ok
19:43:38.0316 6352 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
19:43:38.0316 6352 C:\Windows\System32\drivers\dxgkrnl.sys - ok
19:43:38.0320 6352 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
19:43:38.0320 6352 C:\Windows\System32\drivers\dxgmms1.sys - ok
19:43:38.0324 6352 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
19:43:38.0324 6352 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
19:43:38.0328 6352 [ B15C021C2C9BB217A799D9532E8F04D4 ] C:\Windows\System32\drivers\Rt64win7.sys
19:43:38.0328 6352 C:\Windows\System32\drivers\Rt64win7.sys - ok
19:43:38.0333 6352 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
19:43:38.0333 6352 C:\Windows\System32\drivers\usbport.sys - ok
19:43:38.0336 6352 [ 0D0E5281784C2C526BA43C2ECD374288 ] C:\Windows\SysWOW64\drivers\afc.sys
19:43:38.0336 6352 C:\Windows\SysWOW64\drivers\afc.sys - ok
19:43:38.0340 6352 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
19:43:38.0340 6352 C:\Windows\System32\drivers\CompositeBus.sys - ok
19:43:38.0344 6352 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
19:43:38.0344 6352 C:\Windows\System32\drivers\hdaudbus.sys - ok
19:43:38.0348 6352 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
19:43:38.0348 6352 C:\Windows\System32\drivers\usbehci.sys - ok
19:43:38.0352 6352 [ 2C780746DC44A28FE67004DC58173F05 ] C:\Windows\System32\drivers\usbfilter.sys
19:43:38.0352 6352 C:\Windows\System32\drivers\usbfilter.sys - ok
19:43:38.0355 6352 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
19:43:38.0356 6352 C:\Windows\System32\drivers\usbohci.sys - ok
19:43:38.0359 6352 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
19:43:38.0359 6352 C:\Windows\System32\drivers\wmiacpi.sys - ok
19:43:38.0363 6352 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
19:43:38.0363 6352 C:\Windows\System32\drivers\agilevpn.sys - ok
19:43:38.0366 6352 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
19:43:38.0366 6352 C:\Windows\System32\drivers\ndistapi.sys - ok
19:43:38.0370 6352 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
19:43:38.0370 6352 C:\Windows\System32\drivers\ndiswan.sys - ok
19:43:38.0374 6352 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
19:43:38.0374 6352 C:\Windows\System32\drivers\rasl2tp.sys - ok
19:43:38.0377 6352 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
19:43:38.0377 6352 C:\Windows\System32\drivers\raspppoe.sys - ok
19:43:38.0381 6352 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
19:43:38.0381 6352 C:\Windows\System32\drivers\kbdclass.sys - ok
19:43:38.0385 6352 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
19:43:38.0385 6352 C:\Windows\System32\drivers\mouclass.sys - ok
19:43:38.0389 6352 [ CCEF81EBCEF2BCB44274D01360A31AAF ] C:\Windows\System32\drivers\PdiPorts.sys
19:43:38.0389 6352 C:\Windows\System32\drivers\PdiPorts.sys - ok
19:43:38.0393 6352 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
19:43:38.0393 6352 C:\Windows\System32\drivers\raspptp.sys - ok
19:43:38.0396 6352 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
19:43:38.0397 6352 C:\Windows\System32\drivers\rassstp.sys - ok
19:43:38.0400 6352 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] C:\Windows\System32\drivers\amdiox64.sys
19:43:38.0400 6352 C:\Windows\System32\drivers\amdiox64.sys - ok
19:43:38.0404 6352 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
19:43:38.0404 6352 C:\Windows\System32\drivers\ks.sys - ok
19:43:38.0408 6352 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
19:43:38.0408 6352 C:\Windows\System32\drivers\swenum.sys - ok
19:43:38.0412 6352 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
19:43:38.0412 6352 C:\Windows\System32\drivers\umbus.sys - ok
19:43:38.0416 6352 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
19:43:38.0416 6352 C:\Windows\System32\drivers\usbhub.sys - ok
19:43:38.0419 6352 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
19:43:38.0419 6352 C:\Windows\System32\drivers\ndproxy.sys - ok
19:43:38.0423 6352 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
19:43:38.0423 6352 C:\Windows\System32\drivers\drmk.sys - ok
19:43:38.0427 6352 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
19:43:38.0427 6352 C:\Windows\System32\drivers\portcls.sys - ok
19:43:38.0431 6352 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] C:\Windows\System32\drivers\RTKVHD64.sys
19:43:38.0431 6352 C:\Windows\System32\drivers\RTKVHD64.sys - ok
19:43:38.0434 6352 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
19:43:38.0434 6352 C:\Windows\System32\drivers\ksthunk.sys - ok
19:43:38.0438 6352 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
19:43:38.0438 6352 C:\Windows\System32\autochk.exe - ok
19:43:38.0442 6352 [ DC83C9F4130F447EAD187879708C8035 ] C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
19:43:38.0442 6352 C:\PROGRA~2\AVG\AVG2013\avgrsa.exe - ok
19:43:38.0445 6352 [ 19A3E3E587D4D369F6EA753DF02F33CD ] C:\Program Files (x86)\AVG\AVG2013\avgsysa.dll
19:43:38.0445 6352 C:\Program Files (x86)\AVG\AVG2013\avgsysa.dll - ok
19:43:38.0449 6352 [ 70D1A44B0D05FEC737CC2C9662D6FB70 ] C:\Program Files (x86)\AVG\AVG2013\avgntopenssla.dll
19:43:38.0449 6352 C:\Program Files (x86)\AVG\AVG2013\avgntopenssla.dll - ok
19:43:38.0453 6352 [ 4848422594D3B6A6BFF438AF0B6D030D ] C:\Program Files (x86)\AVG\AVG2013\avgloga.dll
19:43:38.0453 6352 C:\Program Files (x86)\AVG\AVG2013\avgloga.dll - ok
19:43:38.0457 6352 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
19:43:38.0457 6352 C:\Windows\System32\drivers\hidclass.sys - ok
19:43:38.0461 6352 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
19:43:38.0461 6352 C:\Windows\System32\drivers\hidparse.sys - ok
19:43:38.0464 6352 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
19:43:38.0465 6352 C:\Windows\System32\drivers\usbd.sys - ok
19:43:38.0468 6352 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
19:43:38.0468 6352 C:\Windows\System32\drivers\hidusb.sys - ok
19:43:38.0472 6352 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
19:43:38.0472 6352 C:\Windows\System32\drivers\kbdhid.sys - ok
19:43:38.0476 6352 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
19:43:38.0476 6352 C:\Windows\System32\drivers\USBSTOR.SYS - ok
19:43:38.0480 6352 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
19:43:38.0480 6352 C:\Windows\System32\drivers\mouhid.sys - ok
19:43:38.0483 6352 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] C:\Windows\System32\drivers\usbscan.sys
19:43:38.0483 6352 C:\Windows\System32\drivers\usbscan.sys - ok
19:43:38.0487 6352 [ 73188F58FB384E75C4063D29413CEE3D ] C:\Windows\System32\drivers\usbprint.sys
19:43:38.0487 6352 C:\Windows\System32\drivers\usbprint.sys - ok
19:43:38.0491 6352 [ 3972FF09D00347B843B4A2300B4E90CB ] C:\PROGRA~2\AVG\AVG2013\avgchjwa.dll
19:43:38.0491 6352 C:\PROGRA~2\AVG\AVG2013\avgchjwa.dll - ok
19:43:38.0495 6352 [ 2C19A4BC4D3C714F890A58B4C942077F ] C:\PROGRA~2\AVG\AVG2013\avgclita.dll
19:43:38.0495 6352 C:\PROGRA~2\AVG\AVG2013\avgclita.dll - ok
19:43:38.0499 6352 [ B4CF2DAC753DD785FD92076B3CD36CED ] C:\PROGRA~2\AVG\AVG2013\avgcclia.dll
19:43:38.0499 6352 C:\PROGRA~2\AVG\AVG2013\avgcclia.dll - ok
19:43:38.0503 6352 [ CF433BC29D4089D264F24A1ED371941D ] C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
19:43:38.0503 6352 C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe - ok
19:43:38.0507 6352 [ 309CF923DE809A67AD0A4FD825430FCC ] C:\Program Files (x86)\AVG\AVG2013\avgcorea.dll
19:43:38.0507 6352 C:\Program Files (x86)\AVG\AVG2013\avgcorea.dll - ok
19:43:38.0510 6352 [ C297715529E28F7283EE621CCFDB1DDB ] C:\Program Files (x86)\AVG\AVG2013\avgcerta.dll
19:43:38.0510 6352 C:\Program Files (x86)\AVG\AVG2013\avgcerta.dll - ok
19:43:38.0514 6352 [ 06F3F7E9E9B29C32F8702B541E4C2156 ] C:\Program Files (x86)\AVG\AVG2013\avgchcla.dll
19:43:38.0514 6352 C:\Program Files (x86)\AVG\AVG2013\avgchcla.dll - ok
19:43:38.0518 6352 [ 275061F56FC648ED884C38A93EAB6FC6 ] C:\Program Files (x86)\AVG\AVG2013\avgcomma.dll
19:43:38.0518 6352 C:\Program Files (x86)\AVG\AVG2013\avgcomma.dll - ok
19:43:38.0522 6352 [ AAD184F33A9A4A2AECF3CB5247651D01 ] C:\Program Files (x86)\AVG\AVG2013\avgntsqlitea.dll
19:43:38.0522 6352 C:\Program Files (x86)\AVG\AVG2013\avgntsqlitea.dll - ok
19:43:38.0526 6352 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
19:43:38.0526 6352 C:\Windows\System32\psapi.dll - ok
19:43:38.0530 6352 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
19:43:38.0530 6352 C:\Windows\System32\ole32.dll - ok
19:43:38.0533 6352 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
19:43:38.0533 6352 C:\Windows\System32\oleaut32.dll - ok
19:43:38.0537 6352 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
19:43:38.0537 6352 C:\Windows\System32\ws2_32.dll - ok
19:43:38.0541 6352 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
19:43:38.0541 6352 C:\Windows\System32\kernel32.dll - ok
19:43:38.0544 6352 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
19:43:38.0544 6352 C:\Windows\System32\advapi32.dll - ok
19:43:38.0548 6352 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
19:43:38.0548 6352 C:\Windows\System32\imm32.dll - ok
19:43:38.0552 6352 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
19:43:38.0552 6352 C:\Windows\System32\msctf.dll - ok
19:43:38.0556 6352 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
19:43:38.0556 6352 C:\Windows\System32\shlwapi.dll - ok
19:43:38.0559 6352 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
19:43:38.0559 6352 C:\Windows\System32\msvcrt.dll - ok
19:43:38.0563 6352 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
19:43:38.0563 6352 C:\Windows\System32\difxapi.dll - ok
19:43:38.0567 6352 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
19:43:38.0567 6352 C:\Windows\System32\imagehlp.dll - ok
19:43:38.0571 6352 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
19:43:38.0571 6352 C:\Windows\System32\urlmon.dll - ok
19:43:38.0574 6352 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
19:43:38.0574 6352 C:\Windows\System32\clbcatq.dll - ok
19:43:38.0578 6352 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
19:43:38.0578 6352 C:\Windows\System32\gdi32.dll - ok
19:43:38.0582 6352 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
19:43:38.0582 6352 C:\Windows\System32\usp10.dll - ok
19:43:38.0585 6352 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
19:43:38.0585 6352 C:\Windows\System32\Wldap32.dll - ok
19:43:38.0589 6352 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
19:43:38.0589 6352 C:\Windows\System32\comdlg32.dll - ok
19:43:38.0593 6352 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
19:43:38.0593 6352 C:\Windows\System32\shell32.dll - ok
19:43:38.0596 6352 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
19:43:38.0596 6352 C:\Windows\System32\wininet.dll - ok
19:43:38.0600 6352 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
19:43:38.0600 6352 C:\Windows\System32\nsi.dll - ok
19:43:38.0604 6352 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
19:43:38.0604 6352 C:\Windows\System32\rpcrt4.dll - ok
19:43:38.0608 6352 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
19:43:38.0608 6352 C:\Windows\System32\sechost.dll - ok
19:43:38.0611 6352 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
19:43:38.0611 6352 C:\Windows\System32\setupapi.dll - ok
19:43:38.0615 6352 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
19:43:38.0615 6352 C:\Windows\System32\iertutil.dll - ok
19:43:38.0618 6352 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
19:43:38.0618 6352 C:\Windows\System32\user32.dll - ok
19:43:38.0621 6352 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
19:43:38.0621 6352 C:\Windows\System32\devobj.dll - ok
19:43:38.0625 6352 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
19:43:38.0625 6352 C:\Windows\System32\lpk.dll - ok
19:43:38.0629 6352 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
19:43:38.0629 6352 C:\Windows\System32\normaliz.dll - ok
19:43:38.0633 6352 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
19:43:38.0633 6352 C:\Windows\System32\crypt32.dll - ok
19:43:38.0637 6352 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
19:43:38.0637 6352 C:\Windows\System32\cfgmgr32.dll - ok
19:43:38.0640 6352 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
19:43:38.0640 6352 C:\Windows\System32\comctl32.dll - ok
19:43:38.0644 6352 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
19:43:38.0644 6352 C:\Windows\System32\KernelBase.dll - ok
19:43:38.0648 6352 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
19:43:38.0648 6352 C:\Windows\System32\msasn1.dll - ok
19:43:38.0652 6352 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
19:43:38.0652 6352 C:\Windows\System32\wintrust.dll - ok
19:43:38.0655 6352 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
19:43:38.0655 6352 C:\Windows\SysWOW64\normaliz.dll - ok
19:43:38.0659 6352 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
19:43:38.0659 6352 C:\Windows\System32\drivers\dxapi.sys - ok
19:43:38.0663 6352 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
19:43:38.0663 6352 C:\Windows\System32\win32k.sys - ok
19:43:38.0666 6352 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
19:43:38.0666 6352 C:\Windows\System32\csrsrv.dll - ok
19:43:38.0670 6352 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
19:43:38.0670 6352 C:\Windows\System32\csrss.exe - ok
19:43:38.0674 6352 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
19:43:38.0674 6352 C:\Windows\System32\basesrv.dll - ok
19:43:38.0677 6352 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
19:43:38.0677 6352 C:\Windows\System32\winsrv.dll - ok
19:43:38.0681 6352 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
19:43:38.0681 6352 C:\Windows\System32\drivers\monitor.sys - ok
19:43:38.0685 6352 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
19:43:38.0685 6352 C:\Windows\System32\tsddd.dll - ok
19:43:38.0689 6352 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
19:43:38.0689 6352 C:\Windows\System32\sxssrv.dll - ok
19:43:38.0692 6352 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
19:43:38.0692 6352 C:\Windows\System32\wininit.exe - ok
19:43:38.0696 6352 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
19:43:38.0696 6352 C:\Windows\System32\KBDUS.DLL - ok
19:43:38.0700 6352 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
19:43:38.0700 6352 C:\Windows\System32\profapi.dll - ok
19:43:38.0703 6352 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
19:43:38.0703 6352 C:\Windows\System32\RpcRtRemote.dll - ok
19:43:38.0707 6352 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
19:43:38.0707 6352 C:\Windows\System32\cdd.dll - ok
19:43:38.0711 6352 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
19:43:38.0711 6352 C:\Windows\System32\WlS0WndH.dll - ok
19:43:38.0715 6352 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
19:43:38.0715 6352 C:\Windows\System32\sxs.dll - ok
19:43:38.0719 6352 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
19:43:38.0719 6352 C:\Windows\System32\cryptbase.dll - ok
19:43:38.0722 6352 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
19:43:38.0722 6352 C:\Windows\System32\apphelp.dll - ok
19:43:38.0726 6352 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
19:43:38.0726 6352 C:\Windows\System32\services.exe - ok
19:43:38.0729 6352 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
19:43:38.0730 6352 C:\Windows\System32\scext.dll - ok
19:43:38.0733 6352 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
19:43:38.0733 6352 C:\Windows\System32\sspicli.dll - ok
19:43:38.0737 6352 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
19:43:38.0737 6352 C:\Windows\System32\lsass.exe - ok
19:43:38.0741 6352 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
19:43:38.0741 6352 C:\Windows\System32\secur32.dll - ok
19:43:38.0745 6352 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
19:43:38.0745 6352 C:\Windows\System32\lsm.exe - ok
19:43:38.0749 6352 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
19:43:38.0749 6352 C:\Windows\System32\sspisrv.dll - ok
19:43:38.0752 6352 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
19:43:38.0752 6352 C:\Windows\System32\aelupsvc.dll - ok
19:43:38.0756 6352 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
19:43:38.0756 6352 C:\Windows\System32\lsasrv.dll - ok
19:43:38.0759 6352 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
19:43:38.0760 6352 C:\Windows\System32\scesrv.dll - ok
19:43:38.0763 6352 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
19:43:38.0763 6352 C:\Windows\System32\srvcli.dll - ok
19:43:38.0767 6352 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
19:43:38.0767 6352 C:\Windows\System32\sysntfy.dll - ok
19:43:38.0770 6352 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
19:43:38.0771 6352 C:\Windows\System32\wmsgapi.dll - ok
19:43:38.0774 6352 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
19:43:38.0774 6352 C:\Windows\System32\cryptdll.dll - ok
19:43:38.0778 6352 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
19:43:38.0778 6352 C:\Windows\System32\samsrv.dll - ok
19:43:38.0782 6352 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
19:43:38.0782 6352 C:\Windows\System32\wevtapi.dll - ok
19:43:38.0785 6352 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
19:43:38.0786 6352 C:\Windows\System32\authz.dll - ok
19:43:38.0789 6352 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
19:43:38.0789 6352 C:\Windows\System32\bcrypt.dll - ok
19:43:38.0793 6352 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
19:43:38.0793 6352 C:\Windows\System32\cngaudit.dll - ok
19:43:38.0796 6352 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
19:43:38.0796 6352 C:\Windows\System32\ncrypt.dll - ok
19:43:38.0800 6352 [ 3290D6946B5E30E70414990574883DDB ] C:\Windows\System32\alg.exe
19:43:38.0800 6352 C:\Windows\System32\alg.exe - ok
19:43:38.0804 6352 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
19:43:38.0804 6352 C:\Windows\System32\winlogon.exe - ok
19:43:38.0807 6352 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
19:43:38.0807 6352 C:\Windows\System32\winsta.dll - ok
19:43:38.0811 6352 [ 0BC381A15355A3982216F7172F545DE1 ] C:\Windows\System32\appidsvc.dll
19:43:38.0811 6352 C:\Windows\System32\appidsvc.dll - ok
19:43:38.0815 6352 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
19:43:38.0815 6352 C:\Windows\System32\msprivs.dll - ok
19:43:38.0818 6352 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
19:43:38.0818 6352 C:\Windows\System32\netjoin.dll - ok
19:43:38.0822 6352 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
19:43:38.0822 6352 C:\Windows\System32\appinfo.dll - ok
19:43:38.0826 6352 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
19:43:38.0826 6352 C:\Windows\System32\negoexts.dll - ok
19:43:38.0829 6352 [ E543D373382C3B76D3BC27585DEF3907 ] C:\Windows\System32\atmfd.dll
19:43:38.0829 6352 C:\Windows\System32\atmfd.dll - ok
19:43:38.0833 6352 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
19:43:38.0833 6352 C:\Windows\System32\cryptsp.dll - ok
19:43:38.0837 6352 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
19:43:38.0837 6352 C:\Windows\System32\kerberos.dll - ok
19:43:38.0841 6352 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
19:43:38.0841 6352 C:\Windows\System32\rascfg.dll - ok
19:43:38.0844 6352 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
19:43:38.0844 6352 C:\Windows\System32\msv1_0.dll - ok
19:43:38.0848 6352 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
19:43:38.0848 6352 C:\Windows\System32\mswsock.dll - ok
19:43:38.0852 6352 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
19:43:38.0852 6352 C:\Windows\System32\wship6.dll - ok
19:43:38.0855 6352 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
19:43:38.0855 6352 C:\Windows\System32\audiosrv.dll - ok
19:43:38.0859 6352 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
19:43:38.0859 6352 C:\Windows\System32\dnsapi.dll - ok
19:43:38.0863 6352 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
19:43:38.0863 6352 C:\Windows\System32\netlogon.dll - ok
19:43:38.0865 6352 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] C:\Windows\System32\AxInstSv.dll
19:43:38.0865 6352 C:\Windows\System32\AxInstSv.dll - ok
19:43:38.0869 6352 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
19:43:38.0869 6352 C:\Windows\System32\logoncli.dll - ok
19:43:38.0873 6352 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
19:43:38.0873 6352 C:\Windows\System32\schannel.dll - ok
19:43:38.0877 6352 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
19:43:38.0877 6352 C:\Windows\System32\rsaenh.dll - ok
19:43:38.0880 6352 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
19:43:38.0880 6352 C:\Windows\System32\TSpkg.dll - ok
19:43:38.0884 6352 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
19:43:38.0884 6352 C:\Windows\System32\wdigest.dll - ok
19:43:38.0888 6352 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
19:43:38.0888 6352 C:\Windows\System32\pku2u.dll - ok
19:43:38.0891 6352 [ FDE360167101B4E45A96F939F388AEB0 ] C:\Windows\System32\bdesvc.dll
19:43:38.0891 6352 C:\Windows\System32\bdesvc.dll - ok
19:43:38.0895 6352 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
19:43:38.0895 6352 C:\Windows\System32\LIVESSP.DLL - ok
19:43:38.0899 6352 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
19:43:38.0899 6352 C:\Windows\System32\bcryptprimitives.dll - ok
19:43:38.0903 6352 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
19:43:38.0903 6352 C:\Windows\System32\BFE.DLL - ok
19:43:38.0906 6352 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
19:43:38.0907 6352 C:\Windows\System32\efslsaext.dll - ok
19:43:38.0910 6352 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
19:43:38.0910 6352 C:\Windows\System32\credssp.dll - ok
19:43:38.0914 6352 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
19:43:38.0914 6352 C:\Windows\System32\qmgr.dll - ok
19:43:38.0917 6352 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
19:43:38.0918 6352 C:\Windows\System32\scecli.dll - ok
19:43:38.0921 6352 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
19:43:38.0921 6352 C:\Windows\System32\browser.dll - ok
19:43:38.0925 6352 [ 2D066FBE63F7026C43C662C094B98076 ] C:\Windows\System32\bridgeres.dll
19:43:38.0925 6352 C:\Windows\System32\bridgeres.dll - ok
19:43:38.0929 6352 [ 95F9C2976059462CBBF227F7AAB10DE9 ] C:\Windows\System32\bthserv.dll
19:43:38.0929 6352 C:\Windows\System32\bthserv.dll - ok
19:43:38.0932 6352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] C:\Windows\System32\certprop.dll
19:43:38.0933 6352 C:\Windows\System32\certprop.dll - ok
19:43:38.0936 6352 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] C:\Windows\System32\CISVC.EXE
19:43:38.0936 6352 C:\Windows\System32\CISVC.EXE - ok
19:43:38.0940 6352 [ FE1EC06F2253F691FE36217C592A0206 ] C:\Windows\System32\clfs.sys
19:43:38.0940 6352 C:\Windows\System32\clfs.sys - ok
19:43:38.0944 6352 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
19:43:38.0944 6352 C:\Windows\System32\comres.dll - ok
19:43:38.0947 6352 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
19:43:38.0947 6352 C:\Windows\System32\cryptsvc.dll - ok
19:43:38.0951 6352 [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
19:43:38.0951 6352 C:\Windows\System32\oleres.dll - ok
19:43:38.0955 6352 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] C:\Windows\System32\defragsvc.dll
19:43:38.0955 6352 C:\Windows\System32\defragsvc.dll - ok
19:43:38.0958 6352 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
19:43:38.0958 6352 C:\Windows\System32\dhcpcore.dll - ok
19:43:38.0962 6352 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] C:\Windows\System32\dot3svc.dll
19:43:38.0962 6352 C:\Windows\System32\dot3svc.dll - ok
19:43:38.0966 6352 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
19:43:38.0966 6352 C:\Windows\System32\dps.dll - ok
19:43:38.0969 6352 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
19:43:38.0969 6352 C:\Windows\System32\eapsvc.dll - ok
19:43:38.0973 6352 [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
19:43:38.0973 6352 C:\Windows\System32\efssvc.dll - ok
19:43:38.0976 6352 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
19:43:38.0976 6352 C:\Windows\System32\wevtsvc.dll - ok
19:43:38.0980 6352 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
19:43:38.0980 6352 C:\Windows\System32\FXSRESM.dll - ok
19:43:38.0984 6352 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
19:43:38.0984 6352 C:\Windows\System32\fdPHost.dll - ok
19:43:38.0988 6352 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
19:43:38.0988 6352 C:\Windows\System32\FDResPub.dll - ok
19:43:38.0991 6352 [ 655661BE46B5F5F3FD454E2C3095B930 ] C:\Windows\System32\drivers\fileinfo.sys
19:43:38.0991 6352 C:\Windows\System32\drivers\fileinfo.sys - ok
19:43:38.0995 6352 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] C:\Windows\System32\drivers\filetrace.sys
19:43:38.0995 6352 C:\Windows\System32\drivers\filetrace.sys - ok
19:43:38.0999 6352 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
19:43:38.0999 6352 C:\Windows\System32\drivers\fltMgr.sys - ok
19:43:39.0002 6352 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
19:43:39.0003 6352 C:\Windows\System32\FntCache.dll - ok
19:43:39.0006 6352 [ 8A1846C0817513AD18BA48B4427771FC ] C:\Windows\System32\PresentationHost.exe
19:43:39.0006 6352 C:\Windows\System32\PresentationHost.exe - ok
19:43:39.0010 6352 [ D43703496149971890703B4B1B723EAC ] C:\Windows\System32\drivers\fsdepends.sys
19:43:39.0010 6352 C:\Windows\System32\drivers\fsdepends.sys - ok
19:43:39.0014 6352 [ 1F7B25B858FA27015169FE95E54108ED ] C:\Windows\System32\drivers\fvevol.sys
19:43:39.0014 6352 C:\Windows\System32\drivers\fvevol.sys - ok
19:43:39.0017 6352 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
19:43:39.0017 6352 C:\Windows\System32\gpapi.dll - ok
19:43:39.0021 6352 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
19:43:39.0021 6352 C:\Windows\System32\hidserv.dll - ok
19:43:39.0025 6352 [ 387E72E739E15E3D37907A86D9FF98E2 ] C:\Windows\System32\KMSVC.DLL
19:43:39.0025 6352 C:\Windows\System32\KMSVC.DLL - ok
19:43:39.0028 6352 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
19:43:39.0028 6352 C:\Windows\System32\ListSvc.dll - ok
19:43:39.0032 6352 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
19:43:39.0032 6352 C:\Windows\System32\drivers\http.sys - ok
19:43:39.0036 6352 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
19:43:39.0036 6352 C:\Windows\System32\provsvc.dll - ok
19:43:39.0039 6352 [ A5462BD6884960C9DC85ED49D34FF392 ] C:\Windows\System32\drivers\hwpolicy.sys
19:43:39.0039 6352 C:\Windows\System32\drivers\hwpolicy.sys - ok
19:43:39.0044 6352 [ B9E2DAF71E44626011D70B4889171504 ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
19:43:39.0044 6352 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
19:43:39.0047 6352 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
19:43:39.0047 6352 C:\Windows\System32\IKEEXT.DLL - ok
19:43:39.0051 6352 [ 098A91C54546A3B878DAD6A7E90A455B ] C:\Windows\System32\IPBusEnum.dll
19:43:39.0051 6352 C:\Windows\System32\IPBusEnum.dll - ok
19:43:39.0055 6352 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
19:43:39.0055 6352 C:\Windows\System32\iphlpsvc.dll - ok
19:43:39.0058 6352 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] C:\Windows\System32\drivers\irenum.sys
19:43:39.0058 6352 C:\Windows\System32\drivers\irenum.sys - ok
19:43:39.0062 6352 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
19:43:39.0062 6352 C:\Windows\System32\keyiso.dll - ok
19:43:39.0066 6352 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
19:43:39.0066 6352 C:\Windows\System32\srvsvc.dll - ok
19:43:39.0069 6352 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
19:43:39.0069 6352 C:\Windows\System32\wkssvc.dll - ok
19:43:39.0073 6352 [ 7A757C41C3879CD34BDE15F0563C0CE2 ] C:\Windows\System32\lltdres.dll
19:43:39.0073 6352 C:\Windows\System32\lltdres.dll - ok
19:43:39.0077 6352 [ E5DE3FFD785B6730291AD98E491D58BA ] C:\Windows\ehome\ehres.dll
19:43:39.0077 6352 C:\Windows\ehome\ehres.dll - ok
19:43:39.0080 6352 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
19:43:39.0080 6352 C:\Windows\System32\drivers\luafv.sys - ok
19:43:39.0084 6352 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
19:43:39.0084 6352 C:\Windows\System32\lmhsvc.dll - ok
19:43:39.0088 6352 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
19:43:39.0088 6352 C:\Windows\System32\mmcss.dll - ok
19:43:39.0091 6352 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] C:\Windows\System32\drivers\mountmgr.sys
19:43:39.0091 6352 C:\Windows\System32\drivers\mountmgr.sys - ok
19:43:39.0095 6352 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
19:43:39.0095 6352 C:\Windows\System32\FirewallAPI.dll - ok
19:43:39.0099 6352 [ 6AD7B72BC49C29348D2668CCAAEC87FE ] C:\Windows\System32\mqutil.dll
19:43:39.0099 6352 C:\Windows\System32\mqutil.dll - ok
19:43:39.0103 6352 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] C:\Windows\System32\WebClnt.dll
19:43:39.0103 6352 C:\Windows\System32\WebClnt.dll - ok
19:43:39.0106 6352 [ F9D215A46A8B9753F61767FA72A20326 ] C:\Windows\System32\drivers\mshidkmdf.sys
19:43:39.0106 6352 C:\Windows\System32\drivers\mshidkmdf.sys - ok
19:43:39.0110 6352 [ E11E3F3BBEFDC5C0C160BE13B65E25E4 ] C:\Windows\System32\iscsidsc.dll
19:43:39.0110 6352 C:\Windows\System32\iscsidsc.dll - ok
19:43:39.0114 6352 [ 8EE1C893C50D1C02D4675978BAC756BA ] C:\Windows\System32\msimsg.dll
19:43:39.0114 6352 C:\Windows\System32\msimsg.dll - ok
19:43:39.0116 6352 [ F9A18612FD3526FE473C1BDA678D61C8 ] C:\Windows\System32\drivers\mup.sys
19:43:39.0116 6352 C:\Windows\System32\drivers\mup.sys - ok
19:43:39.0120 6352 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
19:43:39.0120 6352 C:\Windows\System32\QAGENTRT.DLL - ok
19:43:39.0124 6352 [ 760E38053BF56E501D562B70AD796B88 ] C:\Windows\System32\drivers\ndis.sys
19:43:39.0124 6352 C:\Windows\System32\drivers\ndis.sys - ok
19:43:39.0127 6352 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
19:43:39.0127 6352 C:\Windows\System32\netman.dll - ok
19:43:39.0131 6352 [ 5DE1EB779116F20869B732CEF1DC689A ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll
19:43:39.0131 6352 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll - ok
19:43:39.0135 6352 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
19:43:39.0135 6352 C:\Windows\System32\netprofm.dll - ok
19:43:39.0139 6352 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
19:43:39.0139 6352 C:\Windows\System32\nlasvc.dll - ok
19:43:39.0143 6352 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
19:43:39.0143 6352 C:\Windows\System32\nsisvc.dll - ok
19:43:39.0146 6352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
19:43:39.0146 6352 C:\Windows\System32\pnrpsvc.dll - ok
19:43:39.0150 6352 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
19:43:39.0150 6352 C:\Windows\System32\p2psvc.dll - ok
19:43:39.0155 6352 [ E9766131EEADE40A27DC27D2D68FBA9C ] C:\Windows\System32\drivers\partmgr.sys
19:43:39.0155 6352 C:\Windows\System32\drivers\partmgr.sys - ok
19:43:39.0158 6352 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
19:43:39.0158 6352 C:\Windows\System32\pcasvc.dll - ok
19:43:39.0162 6352 [ C7CF6A6E137463219E1259E3F0F0DD6C ] C:\Windows\System32\pla.dll
19:43:39.0162 6352 C:\Windows\System32\pla.dll - ok
19:43:39.0166 6352 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
19:43:39.0166 6352 C:\Windows\System32\umpnpmgr.dll - ok
19:43:39.0169 6352 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] C:\Windows\System32\pnrpauto.dll
19:43:39.0169 6352 C:\Windows\System32\pnrpauto.dll - ok
19:43:39.0173 6352 [ 8DEC9C6DD13C4B3B62CD8D5A0FEF1650 ] C:\Windows\System32\polstore.dll
19:43:39.0173 6352 C:\Windows\System32\polstore.dll - ok
19:43:39.0177 6352 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
19:43:39.0177 6352 C:\Windows\System32\umpo.dll - ok
19:43:39.0180 6352 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
19:43:39.0180 6352 C:\Windows\System32\profsvc.dll - ok
19:43:39.0184 6352 [ AB95FBAE4F9A5A56B177CEC427B2B35E ] C:\Windows\System32\psbase.dll
19:43:39.0184 6352 C:\Windows\System32\psbase.dll - ok
19:43:39.0188 6352 [ 906191634E99AEA92C4816150BDA3732 ] C:\Windows\System32\qwave.dll
19:43:39.0188 6352 C:\Windows\System32\qwave.dll - ok
19:43:39.0191 6352 [ 76707BB36430888D9CE9D705398ADB6C ] C:\Windows\System32\drivers\qwavedrv.sys
19:43:39.0191 6352 C:\Windows\System32\drivers\qwavedrv.sys - ok
19:43:39.0195 6352 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] C:\Windows\System32\rasauto.dll
19:43:39.0195 6352 C:\Windows\System32\rasauto.dll - ok
19:43:39.0199 6352 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
19:43:39.0199 6352 C:\Windows\System32\rasmans.dll - ok
19:43:39.0203 6352 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
19:43:39.0203 6352 C:\Windows\System32\sstpsvc.dll - ok
19:43:39.0207 6352 [ 254FB7A22D74E5511C73A3F6D802F192 ] C:\Windows\System32\mprdim.dll
19:43:39.0207 6352 C:\Windows\System32\mprdim.dll - ok
19:43:39.0210 6352 [ E4D94F24081440B5FC5AA556C7C62702 ] C:\Windows\System32\regsvc.dll
19:43:39.0210 6352 C:\Windows\System32\regsvc.dll - ok
19:43:39.0214 6352 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
19:43:39.0214 6352 C:\Windows\System32\RpcEpMap.dll - ok
19:43:39.0218 6352 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] C:\Windows\System32\Locator.exe
19:43:39.0218 6352 C:\Windows\System32\Locator.exe - ok
19:43:39.0221 6352 [ 9B7395789E3791A3B6D000FE6F8B131E ] C:\Windows\System32\SCardSvr.dll
19:43:39.0221 6352 C:\Windows\System32\SCardSvr.dll - ok
19:43:39.0225 6352 [ 253F38D0D7074C02FF8DEB9836C97D2B ] C:\Windows\System32\drivers\scfilter.sys
19:43:39.0225 6352 C:\Windows\System32\drivers\scfilter.sys - ok
19:43:39.0229 6352 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
19:43:39.0229 6352 C:\Windows\System32\schedsvc.dll - ok
19:43:39.0233 6352 [ 6EA4234DC55346E0709560FE7C2C1972 ] C:\Windows\System32\sdrsvc.dll
19:43:39.0233 6352 C:\Windows\System32\sdrsvc.dll - ok
19:43:39.0236 6352 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
19:43:39.0236 6352 C:\Windows\System32\seclogon.dll - ok
19:43:39.0240 6352 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
19:43:39.0240 6352 C:\Windows\System32\Sens.dll - ok
19:43:39.0243 6352 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] C:\Windows\System32\sensrsvc.dll
19:43:39.0243 6352 C:\Windows\System32\sensrsvc.dll - ok
19:43:39.0247 6352 [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll
19:43:39.0247 6352 C:\Windows\System32\SessEnv.dll - ok
19:43:39.0251 6352 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
19:43:39.0251 6352 C:\Windows\System32\ipnathlp.dll - ok
19:43:39.0255 6352 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
19:43:39.0255 6352 C:\Windows\System32\shsvcs.dll - ok
19:43:39.0258 6352 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
19:43:39.0258 6352 C:\Windows\System32\tcpipcfg.dll - ok
19:43:39.0262 6352 [ CA62AE004E98374BF7F082CD765EEA02 ] C:\Windows\System32\snmp.exe
19:43:39.0262 6352 C:\Windows\System32\snmp.exe - ok
19:43:39.0266 6352 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
19:43:39.0266 6352 C:\Windows\System32\snmptrap.exe - ok
19:43:39.0269 6352 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
19:43:39.0269 6352 C:\Windows\System32\spoolsv.exe - ok
19:43:39.0273 6352 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
19:43:39.0273 6352 C:\Windows\System32\sppsvc.exe - ok
19:43:39.0277 6352 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] C:\Windows\System32\sppuinotify.dll
19:43:39.0277 6352 C:\Windows\System32\sppuinotify.dll - ok
19:43:39.0281 6352 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
19:43:39.0281 6352 C:\Windows\System32\ssdpsrv.dll - ok
19:43:39.0284 6352 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
19:43:39.0284 6352 C:\Windows\System32\wiaservc.dll - ok
19:43:39.0288 6352 [ E08E46FDD841B7184194011CA1955A0B ] C:\Windows\System32\swprv.dll
19:43:39.0288 6352 C:\Windows\System32\swprv.dll - ok
19:43:39.0292 6352 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] C:\Windows\System32\TabSvc.dll
19:43:39.0292 6352 C:\Windows\System32\TabSvc.dll - ok
19:43:39.0295 6352 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
19:43:39.0296 6352 C:\Windows\System32\tapisrv.dll - ok
19:43:39.0299 6352 [ 1BE03AC720F4D302EA01D40F588162F6 ] C:\Windows\System32\tbssvc.dll
19:43:39.0299 6352 C:\Windows\System32\tbssvc.dll - ok
19:43:39.0303 6352 [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll
19:43:39.0303 6352 C:\Windows\System32\termsrv.dll - ok
19:43:39.0307 6352 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
19:43:39.0307 6352 C:\Windows\System32\themeservice.dll - ok
19:43:39.0311 6352 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
19:43:39.0311 6352 C:\Windows\System32\trkwks.dll - ok
19:43:39.0314 6352 [ 773212B2AAA24C1E31F10246B15B276C ] C:\Windows\servicing\TrustedInstaller.exe
19:43:39.0314 6352 C:\Windows\servicing\TrustedInstaller.exe - ok
19:43:39.0318 6352 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys
19:43:39.0318 6352 C:\Windows\System32\drivers\tssecsrv.sys - ok
19:43:39.0322 6352 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] C:\Windows\System32\UI0Detect.exe
19:43:39.0322 6352 C:\Windows\System32\UI0Detect.exe - ok
19:43:39.0325 6352 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
19:43:39.0325 6352 C:\Windows\System32\upnphost.dll - ok
19:43:39.0329 6352 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
19:43:39.0329 6352 C:\Windows\System32\dwm.exe - ok
19:43:39.0333 6352 [ 567BC1309E05FCFA680ADB6E02260736 ] C:\Windows\System32\vaultsvc.dll
19:43:39.0333 6352 C:\Windows\System32\vaultsvc.dll - ok
19:43:39.0336 6352 [ 8D6B481601D01A456E75C3210F1830BE ] C:\Windows\System32\vds.exe
19:43:39.0336 6352 C:\Windows\System32\vds.exe - ok
19:43:39.0340 6352 [ A255814907C89BE58B79EF2F189B843B ] C:\Windows\System32\drivers\volmgrx.sys
19:43:39.0340 6352 C:\Windows\System32\drivers\volmgrx.sys - ok
19:43:39.0344 6352 [ B60BA0BC31B0CB414593E169F6F21CC2 ] C:\Windows\System32\VSSVC.exe
19:43:39.0344 6352 C:\Windows\System32\VSSVC.exe - ok
19:43:39.0348 6352 [ 1C9D80CC3849B3788048078C26486E1A ] C:\Windows\System32\w32time.dll
19:43:39.0348 6352 C:\Windows\System32\w32time.dll - ok
19:43:39.0351 6352 [ 05E9265E2228799B68DC0F58A94E1AB8 ] C:\Windows\System32\Wat\WatUX.exe
19:43:39.0352 6352 C:\Windows\System32\Wat\WatUX.exe - ok
19:43:39.0355 6352 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] C:\Windows\System32\wbengine.exe
19:43:39.0355 6352 C:\Windows\System32\wbengine.exe - ok
19:43:39.0359 6352 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] C:\Windows\System32\wbiosrvc.dll
19:43:39.0359 6352 C:\Windows\System32\wbiosrvc.dll - ok
19:43:39.0363 6352 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] C:\Windows\System32\wcncsvc.dll
19:43:39.0363 6352 C:\Windows\System32\wcncsvc.dll - ok
19:43:39.0367 6352 [ 20F7441334B18CEE52027661DF4A6129 ] C:\Windows\System32\WcsPlugInService.dll
19:43:39.0367 6352 C:\Windows\System32\WcsPlugInService.dll - ok
19:43:39.0370 6352 [ 442783E2CB0DA19873B7A63833FF4CB4 ] C:\Windows\System32\drivers\Wdf01000.sys
19:43:39.0370 6352 C:\Windows\System32\drivers\Wdf01000.sys - ok
19:43:39.0373 6352 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
19:43:39.0373 6352 C:\Windows\System32\wdi.dll - ok
19:43:39.0377 6352 [ C749025A679C5103E575E3B48E092C43 ] C:\Windows\System32\wecsvc.dll
19:43:39.0377 6352 C:\Windows\System32\wecsvc.dll - ok
19:43:39.0380 6352 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
19:43:39.0380 6352 C:\Windows\System32\wercplsupport.dll - ok
19:43:39.0384 6352 [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
19:43:39.0384 6352 C:\Windows\System32\wersvc.dll - ok
19:43:39.0388 6352 [ 2DA738A0A6BEE483A5647A76695AF3B0 ] C:\Program Files\Windows Defender\MsMpRes.dll
19:43:39.0388 6352 C:\Program Files\Windows Defender\MsMpRes.dll - ok
19:43:39.0391 6352 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
19:43:39.0391 6352 C:\Windows\System32\winhttp.dll - ok
19:43:39.0395 6352 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
19:43:39.0395 6352 C:\Windows\System32\wbem\WMIsvc.dll - ok
19:43:39.0398 6352 [ BCB1310604AA415C4508708975B3931E ] C:\Windows\System32\WsmSvc.dll
19:43:39.0398 6352 C:\Windows\System32\WsmSvc.dll - ok
19:43:39.0402 6352 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
19:43:39.0402 6352 C:\Windows\System32\wlansvc.dll - ok
19:43:39.0406 6352 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] C:\Windows\System32\wbem\WmiApSrv.exe
19:43:39.0406 6352 C:\Windows\System32\wbem\WmiApSrv.exe - ok
19:43:39.0409 6352 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] C:\Windows\System32\wpcsvc.dll
19:43:39.0409 6352 C:\Windows\System32\wpcsvc.dll - ok
19:43:39.0413 6352 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
19:43:39.0413 6352 C:\Windows\System32\wpdbusenum.dll - ok
19:43:39.0416 6352 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
19:43:39.0416 6352 C:\Windows\System32\wscsvc.dll - ok
19:43:39.0420 6352 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
19:43:39.0420 6352 C:\Windows\System32\SearchIndexer.exe - ok
19:43:39.0423 6352 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
19:43:39.0424 6352 C:\Windows\System32\wuaueng.dll - ok
19:43:39.0427 6352 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
19:43:39.0427 6352 C:\Windows\System32\drivers\WUDFPf.sys - ok
19:43:39.0431 6352 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
19:43:39.0431 6352 C:\Windows\System32\WUDFSvc.dll - ok
19:43:39.0435 6352 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] C:\Windows\System32\wwansvc.dll
19:43:39.0435 6352 C:\Windows\System32\wwansvc.dll - ok
19:43:39.0438 6352 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
19:43:39.0439 6352 C:\Windows\System32\ubpm.dll - ok
19:43:39.0442 6352 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
19:43:39.0442 6352 C:\Windows\System32\svchost.exe - ok
19:43:39.0446 6352 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
19:43:39.0446 6352 C:\Windows\System32\devrtl.dll - ok
19:43:39.0450 6352 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
19:43:39.0450 6352 C:\Windows\System32\SPInf.dll - ok
19:43:39.0453 6352 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
19:43:39.0453 6352 C:\Windows\System32\pcwum.dll - ok
19:43:39.0457 6352 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
19:43:39.0457 6352 C:\Windows\System32\userenv.dll - ok
19:43:39.0461 6352 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
19:43:39.0461 6352 C:\Windows\System32\powrprof.dll - ok
19:43:39.0464 6352 [ 8F571F016FA1976F445147E9E6C8AE9B ] C:\Windows\System32\drivers\Sftvollh.sys
19:43:39.0464 6352 C:\Windows\System32\drivers\Sftvollh.sys - ok
19:43:39.0468 6352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
19:43:39.0468 6352 C:\Windows\System32\rpcss.dll - ok
19:43:39.0472 6352 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
19:43:39.0472 6352 C:\Windows\System32\WSHTCPIP.DLL - ok
19:43:39.0476 6352 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
19:43:39.0476 6352 C:\Windows\System32\wshqos.dll - ok
19:43:39.0479 6352 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
19:43:39.0479 6352 C:\Windows\System32\version.dll - ok
19:43:39.0483 6352 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
19:43:39.0483 6352 C:\Windows\System32\LogonUI.exe - ok
19:43:39.0487 6352 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
19:43:39.0487 6352 C:\Windows\System32\authui.dll - ok
19:43:39.0490 6352 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
19:43:39.0490 6352 C:\Windows\System32\cryptui.dll - ok
19:43:39.0494 6352 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
19:43:39.0494 6352 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
19:43:39.0498 6352 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
19:43:39.0498 6352 C:\Windows\System32\samlib.dll - ok
19:43:39.0502 6352 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
19:43:39.0502 6352 C:\Windows\System32\shacct.dll - ok
19:43:39.0505 6352 [ 2FDCB3E855076CE97CCB58E2CF8F2A09 ] C:\Windows\System32\atiesrxx.exe
19:43:39.0505 6352 C:\Windows\System32\atiesrxx.exe - ok
19:43:39.0509 6352 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
19:43:39.0509 6352 C:\Windows\System32\propsys.dll - ok
19:43:39.0513 6352 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
19:43:39.0513 6352 C:\Windows\System32\uxtheme.dll - ok
19:43:39.0517 6352 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
19:43:39.0517 6352 C:\Windows\System32\wtsapi32.dll - ok
19:43:39.0521 6352 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
19:43:39.0521 6352 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
19:43:39.0525 6352 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
19:43:39.0525 6352 C:\Windows\System32\dui70.dll - ok
19:43:39.0528 6352 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
19:43:39.0528 6352 C:\Windows\System32\duser.dll - ok
19:43:39.0532 6352 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
19:43:39.0532 6352 C:\Windows\System32\dwmapi.dll - ok
19:43:39.0536 6352 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
19:43:39.0536 6352 C:\Windows\System32\hid.dll - ok
19:43:39.0539 6352 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
19:43:39.0539 6352 C:\Windows\System32\MMDevAPI.dll - ok
19:43:39.0543 6352 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
19:43:39.0543 6352 C:\Windows\System32\SndVolSSO.dll - ok
19:43:39.0547 6352 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
19:43:39.0547 6352 C:\Windows\System32\xmllite.dll - ok
19:43:39.0551 6352 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
19:43:39.0551 6352 C:\Windows\System32\WindowsCodecs.dll - ok
19:43:39.0555 6352 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
19:43:39.0555 6352 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
19:43:39.0558 6352 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
19:43:39.0559 6352 C:\Windows\System32\VaultCredProvider.dll - ok
19:43:39.0562 6352 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
19:43:39.0562 6352 C:\Windows\System32\winbrand.dll - ok
19:43:39.0566 6352 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
19:43:39.0566 6352 C:\Windows\System32\adtschema.dll - ok
19:43:39.0570 6352 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
19:43:39.0570 6352 C:\Windows\System32\avrt.dll - ok
19:43:39.0573 6352 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
19:43:39.0573 6352 C:\Windows\System32\BioCredProv.dll - ok
19:43:39.0577 6352 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
19:43:39.0577 6352 C:\Windows\System32\credui.dll - ok
19:43:39.0581 6352 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
19:43:39.0581 6352 C:\Windows\System32\winbio.dll - ok
19:43:39.0585 6352 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
19:43:39.0585 6352 C:\Windows\System32\certCredProvider.dll - ok
19:43:39.0589 6352 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
19:43:39.0589 6352 C:\Windows\System32\netapi32.dll - ok
19:43:39.0592 6352 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
19:43:39.0592 6352 C:\Windows\System32\netutils.dll - ok
19:43:39.0596 6352 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
19:43:39.0596 6352 C:\Windows\System32\samcli.dll - ok
19:43:39.0600 6352 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
19:43:39.0600 6352 C:\Windows\System32\vaultcli.dll - ok
19:43:39.0604 6352 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
19:43:39.0604 6352 C:\Windows\System32\wkscli.dll - ok
19:43:39.0607 6352 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
19:43:39.0607 6352 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
19:43:39.0611 6352 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
19:43:39.0611 6352 C:\Windows\System32\rasapi32.dll - ok
19:43:39.0615 6352 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
19:43:39.0615 6352 C:\Windows\System32\rasplap.dll - ok
19:43:39.0617 6352 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
19:43:39.0617 6352 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
19:43:39.0622 6352 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
19:43:39.0622 6352 C:\Windows\System32\rasman.dll - ok
19:43:39.0625 6352 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
19:43:39.0625 6352 C:\Windows\System32\rtutils.dll - ok
19:43:39.0629 6352 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
19:43:39.0629 6352 C:\Windows\System32\WUDFPlatform.dll - ok
19:43:39.0633 6352 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
19:43:39.0633 6352 C:\Windows\System32\MPSSVC.dll - ok
19:43:39.0636 6352 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
19:43:39.0636 6352 C:\Windows\System32\PSHED.DLL - ok
19:43:39.0640 6352 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
19:43:39.0640 6352 C:\Windows\System32\audiodg.exe - ok
19:43:39.0644 6352 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
19:43:39.0644 6352 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
19:43:39.0648 6352 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
19:43:39.0648 6352 C:\Windows\System32\ntmarta.dll - ok
19:43:39.0652 6352 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
19:43:39.0652 6352 C:\Windows\System32\atl.dll - ok
19:43:39.0655 6352 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
19:43:39.0655 6352 C:\Windows\System32\gpsvc.dll - ok
19:43:39.0659 6352 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
19:43:39.0659 6352 C:\Windows\System32\nlaapi.dll - ok
19:43:39.0663 6352 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
19:43:39.0663 6352 C:\Windows\System32\wdmaud.drv - ok
19:43:39.0666 6352 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
19:43:39.0666 6352 C:\Windows\System32\winmm.dll - ok
19:43:39.0670 6352 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
19:43:39.0670 6352 C:\Windows\System32\AudioSes.dll - ok
19:43:39.0674 6352 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
19:43:39.0674 6352 C:\Windows\System32\dsrole.dll - ok
19:43:39.0678 6352 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
19:43:39.0678 6352 C:\Windows\System32\ksuser.dll - ok
19:43:39.0681 6352 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
19:43:39.0681 6352 C:\Windows\System32\msacm32.drv - ok
19:43:39.0685 6352 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
19:43:39.0685 6352 C:\Windows\System32\slc.dll - ok
19:43:39.0689 6352 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
19:43:39.0689 6352 C:\Windows\System32\es.dll - ok
19:43:39.0692 6352 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
19:43:39.0692 6352 C:\Windows\System32\midimap.dll - ok
19:43:39.0696 6352 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
19:43:39.0696 6352 C:\Windows\System32\msacm32.dll - ok
19:43:39.0700 6352 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
19:43:39.0700 6352 C:\Windows\System32\AudioEng.dll - ok
19:43:39.0704 6352 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
19:43:39.0704 6352 C:\Windows\System32\AUDIOKSE.dll - ok
19:43:39.0707 6352 [ 853A17F7CED7ADE5A177520D5EAEC895 ] C:\Windows\System32\RtkAPO64.dll
19:43:39.0707 6352 C:\Windows\System32\RtkAPO64.dll - ok
19:43:39.0711 6352 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
19:43:39.0711 6352 C:\Windows\System32\uxsms.dll - ok
19:43:39.0715 6352 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
19:43:39.0715 6352 C:\Windows\System32\drivers\lltdio.sys - ok
19:43:39.0719 6352 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
19:43:39.0719 6352 C:\Windows\System32\drivers\ndisuio.sys - ok
19:43:39.0722 6352 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
19:43:39.0722 6352 C:\Windows\System32\drivers\nwifi.sys - ok
19:43:39.0726 6352 [ 427E817E414160685FFCFA7F7DF6557E ] C:\Windows\System32\atieclxx.exe
19:43:39.0726 6352 C:\Windows\System32\atieclxx.exe - ok
19:43:39.0730 6352 [ 7D9DDE61A8B475AB0097D76797796CB1 ] C:\Windows\System32\atiadlxx.dll
19:43:39.0730 6352 C:\Windows\System32\atiadlxx.dll - ok
19:43:39.0733 6352 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
19:43:39.0733 6352 C:\Windows\System32\drivers\rspndr.sys - ok
19:43:39.0737 6352 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
19:43:39.0737 6352 C:\Windows\System32\UXInit.dll - ok
19:43:39.0740 6352 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
19:43:39.0740 6352 C:\Windows\System32\WMALFXGFXDSP.dll - ok
19:43:39.0744 6352 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
19:43:39.0744 6352 C:\Windows\System32\IPHLPAPI.DLL - ok
19:43:39.0748 6352 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
19:43:39.0748 6352 C:\Windows\System32\mfplat.dll - ok
19:43:39.0752 6352 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
19:43:39.0752 6352 C:\Windows\System32\nrpsrv.dll - ok
19:43:39.0755 6352 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
19:43:39.0755 6352 C:\Windows\System32\winnsi.dll - ok
19:43:39.0759 6352 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
19:43:39.0759 6352 C:\Windows\System32\dhcpcore6.dll - ok
19:43:39.0762 6352 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
19:43:39.0763 6352 C:\Windows\System32\dhcpcsvc.dll - ok
19:43:39.0766 6352 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
19:43:39.0766 6352 C:\Windows\System32\dhcpcsvc6.dll - ok
19:43:39.0770 6352 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
19:43:39.0770 6352 C:\Windows\System32\dnsrslvr.dll - ok
19:43:39.0774 6352 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
19:43:39.0774 6352 C:\Windows\System32\eapphost.dll - ok
19:43:39.0778 6352 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
19:43:39.0778 6352 C:\Windows\System32\FWPUCLNT.DLL - ok
19:43:39.0781 6352 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
19:43:39.0781 6352 C:\Windows\System32\dnsext.dll - ok
19:43:39.0785 6352 [ 7373DE70D405FF08DC53336B83989138 ] C:\Windows\System32\rastls.dll
19:43:39.0785 6352 C:\Windows\System32\rastls.dll - ok
19:43:39.0789 6352 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
19:43:39.0789 6352 C:\Windows\System32\raschap.dll - ok
19:43:39.0792 6352 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
19:43:39.0792 6352 C:\Windows\System32\umb.dll - ok
19:43:39.0796 6352 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
19:43:39.0796 6352 C:\Windows\System32\wlanmsm.dll - ok
19:43:39.0800 6352 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
19:43:39.0800 6352 C:\Windows\System32\wlansec.dll - ok
19:43:39.0803 6352 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
19:43:39.0803 6352 C:\Windows\System32\onex.dll - ok
19:43:39.0807 6352 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
19:43:39.0807 6352 C:\Windows\System32\eappprxy.dll - ok
19:43:39.0811 6352 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
19:43:39.0811 6352 C:\Windows\System32\eappcfg.dll - ok
19:43:39.0814 6352 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
19:43:39.0814 6352 C:\Windows\System32\wlgpclnt.dll - ok
19:43:39.0818 6352 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
19:43:39.0818 6352 C:\Windows\System32\l2gpstore.dll - ok
19:43:39.0822 6352 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
19:43:39.0822 6352 C:\Windows\System32\wlanutil.dll - ok
19:43:39.0825 6352 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
19:43:39.0825 6352 C:\Windows\System32\msxml6.dll - ok
19:43:39.0829 6352 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
19:43:39.0829 6352 C:\Windows\System32\WinSCard.dll - ok
19:43:39.0833 6352 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
19:43:39.0833 6352 C:\Windows\System32\imageres.dll - ok
19:43:39.0836 6352 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
19:43:39.0836 6352 C:\Windows\System32\ktmw32.dll - ok
19:43:39.0840 6352 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
19:43:39.0840 6352 C:\Windows\System32\fveapi.dll - ok
19:43:39.0844 6352 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
19:43:39.0844 6352 C:\Windows\System32\tbs.dll - ok
19:43:39.0847 6352 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
19:43:39.0847 6352 C:\Windows\System32\fvecerts.dll - ok
19:43:39.0851 6352 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
19:43:39.0851 6352 C:\Windows\System32\taskcomp.dll - ok
19:43:39.0854 6352 [ C07D5582F2107ACAB4564E1DAE977C64 ] C:\Windows\ehome\ehprivjob.exe
19:43:39.0854 6352 C:\Windows\ehome\ehprivjob.exe - ok
19:43:39.0858 6352 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
19:43:39.0858 6352 C:\Windows\System32\wiarpc.dll - ok
19:43:39.0861 6352 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
19:43:39.0861 6352 C:\Windows\System32\conhost.exe - ok
19:43:39.0865 6352 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
19:43:39.0865 6352 C:\Windows\System32\drivers\bowser.sys - ok
19:43:39.0867 6352 [ 9E0FF5DDD8B908DA5611445C35D6CD24 ] C:\Windows\System32\slcext.dll
19:43:39.0868 6352 C:\Windows\System32\slcext.dll - ok
19:43:39.0871 6352 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
19:43:39.0871 6352 C:\Windows\System32\sppc.dll - ok
19:43:39.0875 6352 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
19:43:39.0875 6352 C:\Windows\System32\drivers\mpsdrv.sys - ok
19:43:39.0878 6352 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
19:43:39.0878 6352 C:\Windows\System32\drivers\mrxsmb.sys - ok
19:43:39.0882 6352 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
19:43:39.0882 6352 C:\Windows\System32\drivers\mrxsmb10.sys - ok
19:43:39.0886 6352 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
19:43:39.0886 6352 C:\Windows\System32\drivers\mrxsmb20.sys - ok
19:43:39.0889 6352 [ 6F5BE3F67D7F66FFA861ABBFC6A8C973 ] C:\Windows\System32\sppcext.dll
19:43:39.0890 6352 C:\Windows\System32\sppcext.dll - ok
19:43:39.0893 6352 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
19:43:39.0893 6352 C:\Windows\System32\webio.dll - ok
19:43:39.0897 6352 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
19:43:39.0897 6352 C:\Windows\System32\wfapigp.dll - ok
19:43:39.0901 6352 [ 1A468DCA65D7807F7CCD3E879EBD3E4E ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
19:43:39.0901 6352 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe - ok
19:43:39.0905 6352 [ 3BDCBB29D727C49DC3E3256253467281 ] C:\Windows\System32\wmdrmsdk.dll
19:43:39.0905 6352 C:\Windows\System32\wmdrmsdk.dll - ok
19:43:39.0908 6352 [ D029339C0F59CF662094EDDF8C42B2B5 ] C:\Windows\System32\msvcp100.dll
19:43:39.0909 6352 C:\Windows\System32\msvcp100.dll - ok
19:43:39.0912 6352 [ 366FD6F3A451351B5DF2D7C4ECF4C73A ] C:\Windows\System32\msvcr100.dll
19:43:39.0912 6352 C:\Windows\System32\msvcr100.dll - ok
19:43:39.0916 6352 [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll
19:43:39.0916 6352 C:\Windows\ehome\ehtrace.dll - ok
19:43:39.0920 6352 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
19:43:39.0920 6352 C:\Windows\System32\mscms.dll - ok
19:43:39.0923 6352 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
19:43:39.0923 6352 C:\Windows\System32\taskschd.dll - ok
19:43:39.0927 6352 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\AMD64\aoddriver2.sys
19:43:39.0927 6352 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\AMD64\aoddriver2.sys - ok
19:43:39.0931 6352 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
19:43:39.0931 6352 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
19:43:39.0935 6352 [ 5A9C7C58D6ED2E943BF720D84A8315B2 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.AFCM.dll
19:43:39.0935 6352 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.AFCM.dll - ok
19:43:39.0939 6352 [ 3DCD3C6B53AB747B7AD1DDA249D678DF ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
19:43:39.0939 6352 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll - ok
19:43:39.0943 6352 [ E2DEA77BAAAED15CA1CE0C8E017C7F2F ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll
19:43:39.0943 6352 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\device.dll - ok
19:43:39.0947 6352 [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
19:43:39.0947 6352 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
19:43:39.0952 6352 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
19:43:39.0952 6352 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
19:43:39.0956 6352 [ 9C963A14F955AF99F6DF0C1F5FC5AF9B ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll
19:43:39.0956 6352 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\platform.dll - ok
19:43:39.0960 6352 [ 1237FA2B567BB85DB46C62FE38E27EA2 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
19:43:39.0960 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe - ok
19:43:39.0964 6352 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
19:43:39.0964 6352 C:\Windows\SysWOW64\ntdll.dll - ok
19:43:39.0968 6352 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
19:43:39.0968 6352 C:\Windows\System32\wow64.dll - ok
19:43:39.0972 6352 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
19:43:39.0972 6352 C:\Windows\System32\wow64cpu.dll - ok
19:43:39.0975 6352 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
19:43:39.0975 6352 C:\Windows\System32\wow64win.dll - ok
19:43:39.0979 6352 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
19:43:39.0979 6352 C:\Windows\SysWOW64\kernel32.dll - ok
19:43:39.0983 6352 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
19:43:39.0983 6352 C:\Windows\SysWOW64\KernelBase.dll - ok
19:43:39.0987 6352 [ 5502E1AD71F7EC115B37A2E1EA5E5092 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\qt-mt332.dll
19:43:39.0987 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\qt-mt332.dll - ok
19:43:39.0991 6352 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
19:43:39.0991 6352 C:\Windows\SysWOW64\gdi32.dll - ok
19:43:39.0995 6352 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
19:43:39.0995 6352 C:\Windows\SysWOW64\user32.dll - ok
19:43:39.0999 6352 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
19:43:39.0999 6352 C:\Windows\SysWOW64\advapi32.dll - ok
19:43:40.0003 6352 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
19:43:40.0003 6352 C:\Windows\SysWOW64\lpk.dll - ok
19:43:40.0006 6352 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
19:43:40.0006 6352 C:\Windows\SysWOW64\msvcrt.dll - ok
19:43:40.0010 6352 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
19:43:40.0010 6352 C:\Windows\SysWOW64\rpcrt4.dll - ok
19:43:40.0013 6352 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
19:43:40.0013 6352 C:\Windows\SysWOW64\sechost.dll - ok
19:43:40.0017 6352 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
19:43:40.0017 6352 C:\Windows\SysWOW64\usp10.dll - ok
19:43:40.0020 6352 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
19:43:40.0020 6352 C:\Windows\SysWOW64\cryptbase.dll - ok
19:43:40.0024 6352 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
19:43:40.0024 6352 C:\Windows\SysWOW64\shell32.dll - ok
19:43:40.0028 6352 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
19:43:40.0028 6352 C:\Windows\SysWOW64\sspicli.dll - ok
19:43:40.0031 6352 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
19:43:40.0031 6352 C:\Windows\SysWOW64\shlwapi.dll - ok
19:43:40.0035 6352 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
19:43:40.0035 6352 C:\Windows\SysWOW64\imm32.dll - ok
19:43:40.0038 6352 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
19:43:40.0039 6352 C:\Windows\SysWOW64\msctf.dll - ok
19:43:40.0042 6352 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
19:43:40.0042 6352 C:\Windows\SysWOW64\ole32.dll - ok
19:43:40.0046 6352 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
19:43:40.0046 6352 C:\Windows\SysWOW64\winspool.drv - ok
19:43:40.0049 6352 [ D04F7AACA2319A3BCDB2C5D5DD6F6026 ] C:\Windows\msvcp70.dll
19:43:40.0049 6352 C:\Windows\msvcp70.dll - ok
19:43:40.0053 6352 [ 9972A6ED4F2388DBFA8E0A96F6F3FDF1 ] C:\Windows\msvcr70.dll
19:43:40.0053 6352 C:\Windows\msvcr70.dll - ok
19:43:40.0057 6352 [ 20FAEFF34841BDDF8859826159EFAB26 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\ssleay32.dll
19:43:40.0057 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\ssleay32.dll - ok
19:43:40.0061 6352 [ EF21F493463CF08701787E85F39D4C00 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\libeay32.dll
19:43:40.0062 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\libeay32.dll - ok
19:43:40.0065 6352 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
19:43:40.0065 6352 C:\Windows\SysWOW64\wsock32.dll - ok
19:43:40.0069 6352 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
19:43:40.0069 6352 C:\Windows\SysWOW64\nsi.dll - ok
19:43:40.0072 6352 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
19:43:40.0073 6352 C:\Windows\SysWOW64\ws2_32.dll - ok
19:43:40.0076 6352 [ 1FD0FA6618B31FAD14385740D0F6C333 ] C:\Windows\System32\drivers\atksgt.sys
19:43:40.0076 6352 C:\Windows\System32\drivers\atksgt.sys - ok
19:43:40.0080 6352 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
19:43:40.0080 6352 C:\Windows\SysWOW64\mswsock.dll - ok
19:43:40.0084 6352 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
19:43:40.0084 6352 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
19:43:40.0088 6352 [ 56C73C5BC1656656CAC38A23B4310466 ] C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
19:43:40.0088 6352 C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe - ok
19:43:40.0091 6352 [ 42836D10270B1940F9A2FF77AE679537 ] C:\Program Files (x86)\AVG\AVG2013\avgntopensslx.dll
19:43:40.0091 6352 C:\Program Files (x86)\AVG\AVG2013\avgntopensslx.dll - ok
19:43:40.0095 6352 [ 40D70FDA37369916B6078EC4DF4BE49F ] C:\Program Files (x86)\AVG\AVG2013\avgsysx.dll
19:43:40.0095 6352 C:\Program Files (x86)\AVG\AVG2013\avgsysx.dll - ok
19:43:40.0099 6352 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
19:43:40.0099 6352 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
19:43:40.0103 6352 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\SysWOW64\msvcp100.dll
19:43:40.0103 6352 C:\Windows\SysWOW64\msvcp100.dll - ok
19:43:40.0106 6352 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\SysWOW64\msvcr100.dll
19:43:40.0106 6352 C:\Windows\SysWOW64\msvcr100.dll - ok
19:43:40.0110 6352 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
19:43:40.0110 6352 C:\Windows\SysWOW64\winnsi.dll - ok
19:43:40.0114 6352 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
19:43:40.0114 6352 C:\Windows\SysWOW64\iertutil.dll - ok
19:43:40.0118 6352 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
19:43:40.0118 6352 C:\Windows\SysWOW64\psapi.dll - ok
19:43:40.0120 6352 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
19:43:40.0120 6352 C:\Windows\SysWOW64\version.dll - ok
19:43:40.0124 6352 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
19:43:40.0124 6352 C:\Windows\SysWOW64\wininet.dll - ok
19:43:40.0128 6352 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
19:43:40.0128 6352 C:\Windows\SysWOW64\oleaut32.dll - ok
19:43:40.0131 6352 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
19:43:40.0131 6352 C:\Windows\SysWOW64\urlmon.dll - ok
19:43:40.0135 6352 [ F036DB9CF05B3C21405403FF074A78D9 ] C:\Program Files (x86)\AVG\AVG2013\avgopensslx.dll
19:43:40.0135 6352 C:\Program Files (x86)\AVG\AVG2013\avgopensslx.dll - ok
19:43:40.0139 6352 [ 1C2E1FC9F8ED794CC191E92F27D1391C ] C:\Program Files (x86)\AVG\AVG2013\avglogx.dll
19:43:40.0139 6352 C:\Program Files (x86)\AVG\AVG2013\avglogx.dll - ok
19:43:40.0143 6352 [ A6251155B7017D4B4A77A3531A8DA6D8 ] C:\Program Files (x86)\AVG\AVG2013\avgcommx.dll
19:43:40.0143 6352 C:\Program Files (x86)\AVG\AVG2013\avgcommx.dll - ok
19:43:40.0147 6352 [ F59BEDB7C098DAE90DC5C9EB5296621A ] C:\Program Files (x86)\AVG\AVG2013\avgcfgx.dll
19:43:40.0147 6352 C:\Program Files (x86)\AVG\AVG2013\avgcfgx.dll - ok
19:43:40.0151 6352 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
19:43:40.0151 6352 C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe - ok
19:43:40.0155 6352 [ F2060A34C8A75BC24A9222EB4F8C07BD ] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:43:40.0155 6352 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - ok
19:43:40.0159 6352 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
19:43:40.0159 6352 C:\Windows\SysWOW64\netapi32.dll - ok
19:43:40.0162 6352 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
19:43:40.0162 6352 C:\Windows\SysWOW64\netutils.dll - ok
19:43:40.0166 6352 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
19:43:40.0166 6352 C:\Windows\SysWOW64\powrprof.dll - ok
19:43:40.0170 6352 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
19:43:40.0170 6352 C:\Windows\SysWOW64\setupapi.dll - ok
19:43:40.0174 6352 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
19:43:40.0174 6352 C:\Windows\SysWOW64\srvcli.dll - ok
19:43:40.0177 6352 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
19:43:40.0177 6352 C:\Windows\SysWOW64\wkscli.dll - ok
19:43:40.0181 6352 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
19:43:40.0181 6352 C:\Windows\SysWOW64\cfgmgr32.dll - ok
19:43:40.0185 6352 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
19:43:40.0185 6352 C:\Windows\SysWOW64\devobj.dll - ok
19:43:40.0188 6352 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
19:43:40.0188 6352 C:\Windows\SysWOW64\cryptsp.dll - ok
19:43:40.0192 6352 [ 76FFA2433FEB42E78FB5421A50C8FBE3 ] C:\Program Files (x86)\AVG\AVG2013\avgclitx.dll
19:43:40.0192 6352 C:\Program Files (x86)\AVG\AVG2013\avgclitx.dll - ok
19:43:40.0196 6352 [ FF2B106909EED48C536DA04742C0324A ] C:\Windows\System32\Query.dll
19:43:40.0196 6352 C:\Windows\System32\Query.dll - ok
19:43:40.0200 6352 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
19:43:40.0200 6352 C:\Windows\SysWOW64\profapi.dll - ok
19:43:40.0204 6352 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
19:43:40.0204 6352 C:\Windows\SysWOW64\rsaenh.dll - ok
19:43:40.0207 6352 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
19:43:40.0207 6352 C:\Windows\SysWOW64\dnsapi.dll - ok
19:43:40.0211 6352 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
19:43:40.0211 6352 C:\Windows\SysWOW64\wship6.dll - ok
19:43:40.0215 6352 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
19:43:40.0215 6352 C:\Windows\System32\cryptnet.dll - ok
19:43:40.0218 6352 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
19:43:40.0219 6352 C:\Windows\System32\vssapi.dll - ok
19:43:40.0222 6352 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
19:43:40.0222 6352 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
19:43:40.0226 6352 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
19:43:40.0226 6352 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
19:43:40.0230 6352 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
19:43:40.0230 6352 C:\Windows\System32\vsstrace.dll - ok
19:43:40.0234 6352 [ 2A444AE3C62FA19B20C0214C6E034FDD ] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
19:43:40.0234 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe - ok
19:43:40.0238 6352 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
19:43:40.0238 6352 C:\Windows\SysWOW64\userenv.dll - ok
19:43:40.0241 6352 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
19:43:40.0241 6352 C:\Windows\SysWOW64\wtsapi32.dll - ok
19:43:40.0245 6352 [ 10D5823CD673836BC9961F3FE0D87B9F ] C:\Program Files (x86)\AVG\AVG2013\avgcorex.dll
19:43:40.0245 6352 C:\Program Files (x86)\AVG\AVG2013\avgcorex.dll - ok
19:43:40.0249 6352 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
19:43:40.0249 6352 C:\Windows\System32\WSDApi.dll - ok
19:43:40.0253 6352 [ 3DC11A802353401332D49C3CBFBBE5FC ] C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:43:40.0253 6352 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe - ok
19:43:40.0256 6352 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
19:43:40.0256 6352 C:\Windows\System32\webservices.dll - ok
19:43:40.0260 6352 [ 95EFDCB44DD093EDAD447F1D21C8A3F7 ] C:\Program Files (x86)\AVG\AVG2013\avgcertx.dll
19:43:40.0260 6352 C:\Program Files (x86)\AVG\AVG2013\avgcertx.dll - ok
19:43:40.0264 6352 [ 6F19639188F792BBB234B2A3FCB0C8C9 ] C:\Program Files (x86)\AVG\AVG2013\avgchclx.dll
19:43:40.0264 6352 C:\Program Files (x86)\AVG\AVG2013\avgchclx.dll - ok
19:43:40.0268 6352 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
19:43:40.0268 6352 C:\Windows\System32\fundisc.dll - ok
19:43:40.0272 6352 [ 4BD79D03984226DB22D19BBE79369E0E ] C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll
19:43:40.0272 6352 C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll - ok
19:43:40.0277 6352 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
19:43:40.0277 6352 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
19:43:40.0280 6352 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
19:43:40.0280 6352 C:\Windows\System32\msimg32.dll - ok
19:43:40.0284 6352 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
19:43:40.0284 6352 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
19:43:40.0288 6352 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
19:43:40.0289 6352 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
19:43:40.0292 6352 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
19:43:40.0292 6352 C:\Windows\SysWOW64\crypt32.dll - ok
19:43:40.0296 6352 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
19:43:40.0296 6352 C:\Windows\SysWOW64\msasn1.dll - ok
19:43:40.0300 6352 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
19:43:40.0300 6352 C:\Windows\SysWOW64\wintrust.dll - ok
19:43:40.0303 6352 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
19:43:40.0303 6352 C:\Windows\SysWOW64\secur32.dll - ok
19:43:40.0307 6352 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
19:43:40.0307 6352 C:\Windows\SysWOW64\sfc.dll - ok
19:43:40.0310 6352 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
19:43:40.0310 6352 C:\Windows\SysWOW64\sfc_os.dll - ok
19:43:40.0314 6352 [ F820B93E4ABCCABD698A175FD5FC83FE ] C:\Program Files (x86)\AVG\AVG2013\avgntsqlitex.dll
19:43:40.0314 6352 C:\Program Files (x86)\AVG\AVG2013\avgntsqlitex.dll - ok
19:43:40.0318 6352 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
19:43:40.0318 6352 C:\Windows\System32\httpapi.dll - ok
19:43:40.0322 6352 [ D918AF3EA07D248F911F7C6B801AA1E3 ] C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90ENU.DLL
19:43:40.0322 6352 C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90ENU.DLL - ok
19:43:40.0326 6352 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:43:40.0326 6352 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe - ok
19:43:40.0330 6352 [ 5EA407821BB3104C31A705175AB4F309 ] C:\Windows\System32\drivers\lirsgt.sys
19:43:40.0330 6352 C:\Windows\System32\drivers\lirsgt.sys - ok
19:43:40.0334 6352 [ 1864FB6E80AF1960A77079D93212D8BD ] C:\Windows\System32\lxbkcoms.exe
19:43:40.0334 6352 C:\Windows\System32\lxbkcoms.exe - ok
19:43:40.0338 6352 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
19:43:40.0338 6352 C:\Windows\System32\vpnikeapi.dll - ok
19:43:40.0342 6352 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
19:43:40.0342 6352 C:\Windows\System32\winspool.drv - ok
19:43:40.0346 6352 [ 1658E808E4D4889C66DE47EC87F1DED1 ] C:\Windows\System32\msvcp60.dll
19:43:40.0346 6352 C:\Windows\System32\msvcp60.dll - ok
19:43:40.0350 6352 [ CD22D2563039DDA6793F7624719363A7 ] C:\Windows\System32\drivers\mqac.sys
19:43:40.0350 6352 C:\Windows\System32\drivers\mqac.sys - ok
19:43:40.0353 6352 [ 56EE39ACF4CB58C5B9557118761272E0 ] C:\Windows\System32\lxbkserv.dll
19:43:40.0353 6352 C:\Windows\System32\lxbkserv.dll - ok
19:43:40.0357 6352 [ E74B1FF18DC411DDB3089431CB3B519C ] C:\Windows\System32\lxbkiesc.dll
19:43:40.0358 6352 C:\Windows\System32\lxbkiesc.dll - ok
19:43:40.0363 6352 [ 6398753A5E4E287C977536689B627CA1 ] C:\Windows\System32\lxbkinpa.dll
19:43:40.0363 6352 C:\Windows\System32\lxbkinpa.dll - ok
19:43:40.0367 6352 [ 9F4425B77A3EB5102CFE147E0E64E10E ] C:\Windows\System32\lxbkusb1.dll
19:43:40.0367 6352 C:\Windows\System32\lxbkusb1.dll - ok
19:43:40.0370 6352 [ FAAEAEF99E53561BEEE58F946CA56F0D ] C:\Windows\System32\mqsvc.exe
19:43:40.0370 6352 C:\Windows\System32\mqsvc.exe - ok
19:43:40.0373 6352 [ 9470D074D49F353D3A151676EAFF8367 ] C:\Windows\System32\mqqm.dll
19:43:40.0373 6352 C:\Windows\System32\mqqm.dll - ok
19:43:40.0377 6352 [ 011F0B067E47612F57C4ECE377D9C9DF ] C:\Windows\System32\activeds.dll
19:43:40.0377 6352 C:\Windows\System32\activeds.dll - ok
19:43:40.0381 6352 [ 05F620B4B2E7DEB9409C0C6A4FEDD2A4 ] C:\Windows\System32\adsldpc.dll
19:43:40.0381 6352 C:\Windows\System32\adsldpc.dll - ok
19:43:40.0385 6352 [ 8CEE2B2FF67436E70CE12DB36D045E82 ] C:\Windows\System32\lxbkhbn3.dll
19:43:40.0385 6352 C:\Windows\System32\lxbkhbn3.dll - ok
19:43:40.0388 6352 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
19:43:40.0389 6352 C:\Windows\System32\ntdsapi.dll - ok
19:43:40.0392 6352 [ 208C04DF344921B93382460AD2EC0A99 ] C:\Windows\System32\LXBKhcp.dll
19:43:40.0392 6352 C:\Windows\System32\LXBKhcp.dll - ok
19:43:40.0396 6352 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
19:43:40.0396 6352 C:\Windows\System32\NapiNSP.dll - ok
19:43:40.0400 6352 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
19:43:40.0400 6352 C:\Windows\System32\wsock32.dll - ok
19:43:40.0404 6352 [ B6E94E5F902FE19E72992711C93F64C5 ] C:\Windows\System32\mqsec.dll
19:43:40.0404 6352 C:\Windows\System32\mqsec.dll - ok
19:43:40.0407 6352 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
19:43:40.0407 6352 C:\Windows\System32\pnrpnsp.dll - ok
19:43:40.0411 6352 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
19:43:40.0411 6352 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
19:43:40.0415 6352 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
19:43:40.0415 6352 C:\Windows\System32\winrnr.dll - ok
19:43:40.0419 6352 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
19:43:40.0419 6352 C:\Windows\System32\aepic.dll - ok
19:43:40.0422 6352 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
19:43:40.0422 6352 C:\Windows\System32\ncsi.dll - ok
19:43:40.0426 6352 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
19:43:40.0426 6352 C:\Windows\System32\sfc.dll - ok
19:43:40.0429 6352 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
19:43:40.0429 6352 C:\Windows\System32\sfc_os.dll - ok
19:43:40.0433 6352 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
19:43:40.0433 6352 C:\Windows\System32\clusapi.dll - ok
19:43:40.0437 6352 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
19:43:40.0437 6352 C:\Windows\System32\ssdpapi.dll - ok
19:43:40.0441 6352 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
19:43:40.0441 6352 C:\Windows\System32\rasadhlp.dll - ok
19:43:40.0444 6352 [ 9C049ACD0CB71931AF89E055427DFAC9 ] C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
19:43:40.0445 6352 C:\Program Files (x86)\Common Files\Motive\pcCMService.exe - ok
19:43:40.0448 6352 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
19:43:40.0448 6352 C:\Windows\SysWOW64\imagehlp.dll - ok
19:43:40.0452 6352 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
19:43:40.0452 6352 C:\Windows\System32\dssenh.dll - ok
19:43:40.0456 6352 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
19:43:40.0456 6352 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
19:43:40.0460 6352 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
19:43:40.0460 6352 C:\Windows\SysWOW64\ntmarta.dll - ok
19:43:40.0464 6352 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
19:43:40.0464 6352 C:\Windows\SysWOW64\clbcatq.dll - ok
19:43:40.0467 6352 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
19:43:40.0467 6352 C:\Windows\SysWOW64\Wldap32.dll - ok
19:43:40.0471 6352 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
19:43:40.0471 6352 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
19:43:40.0475 6352 [ D8C295D4F9D0DCC03DE7FF006C1F3034 ] C:\Program Files\Common Files\Motive\pcCMService.exe
19:43:40.0475 6352 C:\Program Files\Common Files\Motive\pcCMService.exe - ok
19:43:40.0478 6352 [ 203AFD760D58EF377716A88716B329A3 ] C:\Windows\System32\mqlogmgr.dll
19:43:40.0478 6352 C:\Windows\System32\mqlogmgr.dll - ok
19:43:40.0482 6352 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
19:43:40.0482 6352 C:\Windows\System32\aeevts.dll - ok
19:43:40.0486 6352 [ 12B7C7668E6441529E087D1D0E1E032A ] C:\Program Files (x86)\PDF Complete\pdfsvc.exe
19:43:40.0486 6352 C:\Program Files (x86)\PDF Complete\pdfsvc.exe - ok
19:43:40.0490 6352 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
19:43:40.0490 6352 C:\Windows\SysWOW64\mpr.dll - ok
19:43:40.0494 6352 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
19:43:40.0494 6352 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
19:43:40.0498 6352 [ 43F969BAA4C4E517102D16D4B2DAF2C0 ] C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
19:43:40.0498 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe - ok
19:43:40.0502 6352 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
19:43:40.0502 6352 C:\Windows\SysWOW64\hid.dll - ok
19:43:40.0505 6352 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
19:43:40.0505 6352 C:\Windows\System32\drivers\PEAuth.sys - ok
19:43:40.0509 6352 [ C1568E17039B2EC2B73A4F880DDD51E5 ] C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:43:40.0509 6352 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe - ok
19:43:40.0513 6352 [ CC781378E7EDA615D2CDCA3B17829FA4 ] C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:43:40.0513 6352 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE - ok
19:43:40.0517 6352 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
19:43:40.0517 6352 C:\Windows\SysWOW64\webio.dll - ok
19:43:40.0520 6352 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
19:43:40.0520 6352 C:\Windows\SysWOW64\winhttp.dll - ok
19:43:40.0524 6352 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
19:43:40.0524 6352 C:\Windows\SysWOW64\SensApi.dll - ok
19:43:40.0528 6352 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\SysWOW64\msxml6.dll
19:43:40.0528 6352 C:\Windows\SysWOW64\msxml6.dll - ok
19:43:40.0531 6352 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
19:43:40.0531 6352 C:\Windows\System32\drivers\secdrv.sys - ok
19:43:40.0535 6352 [ C6CC9297BD53E5229653303E556AA539 ] C:\Windows\System32\drivers\Sftfslh.sys
19:43:40.0535 6352 C:\Windows\System32\drivers\Sftfslh.sys - ok
19:43:40.0539 6352 [ 390AA7BC52CEE43F6790CDEA1E776703 ] C:\Windows\System32\drivers\Sftplaylh.sys
19:43:40.0539 6352 C:\Windows\System32\drivers\Sftplaylh.sys - ok
19:43:40.0543 6352 [ C3CDDD18F43D44AB713CF8C4916F7696 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:43:40.0543 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - ok
19:43:40.0547 6352 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
19:43:40.0547 6352 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
19:43:40.0551 6352 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
19:43:40.0551 6352 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
19:43:40.0555 6352 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
19:43:40.0555 6352 C:\Windows\SysWOW64\credssp.dll - ok
19:43:40.0559 6352 [ 8F2AE8122F98E20549165F9D526E4430 ] C:\Program Files (x86)\AVG\AVG2013\avgwd.dll
19:43:40.0559 6352 C:\Program Files (x86)\AVG\AVG2013\avgwd.dll - ok
19:43:40.0562 6352 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
19:43:40.0563 6352 C:\Windows\SysWOW64\winsta.dll - ok
19:43:40.0566 6352 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] C:\Program Files (x86)\Skype\Updater\Updater.exe
19:43:40.0566 6352 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
19:43:40.0570 6352 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
19:43:40.0570 6352 C:\Windows\System32\snmpapi.dll - ok
19:43:40.0574 6352 [ 39108FC94EE1FEA6ED043CC8FD3F1BC0 ] C:\Program Files (x86)\AVG\AVG2013\avgsecapix.dll
19:43:40.0574 6352 C:\Program Files (x86)\AVG\AVG2013\avgsecapix.dll - ok
19:43:40.0578 6352 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
19:43:40.0578 6352 C:\Windows\System32\drivers\srvnet.sys - ok
19:43:40.0581 6352 [ C68646093AB79AC5D794E5CED965BAE7 ] C:\Windows\System32\wow64mib.dll
19:43:40.0581 6352 C:\Windows\System32\wow64mib.dll - ok
19:43:40.0585 6352 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
19:43:40.0585 6352 C:\Windows\System32\drivers\tcpipreg.sys - ok
19:43:40.0589 6352 [ 8F5171C837E64FF0AC48F0A29DD9E180 ] C:\Windows\SysWOW64\snmp.exe
19:43:40.0589 6352 C:\Windows\SysWOW64\snmp.exe - ok
19:43:40.0593 6352 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
19:43:40.0593 6352 C:\Windows\System32\sysmain.dll - ok
19:43:40.0596 6352 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
19:43:40.0596 6352 C:\Windows\System32\wbemcomn.dll - ok
19:43:40.0600 6352 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
19:43:40.0600 6352 C:\Windows\System32\wiatrace.dll - ok
19:43:40.0604 6352 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
19:43:40.0604 6352 C:\Windows\System32\wbem\WinMgmtR.dll - ok
19:43:40.0607 6352 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
19:43:40.0608 6352 C:\Windows\System32\wbem\fastprox.dll - ok
19:43:40.0611 6352 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
19:43:40.0611 6352 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
19:43:40.0615 6352 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:43:40.0615 6352 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
19:43:40.0619 6352 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
19:43:40.0619 6352 C:\Windows\System32\wbem\wbemprox.dll - ok
19:43:40.0622 6352 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\SysWOW64\snmpapi.dll
19:43:40.0622 6352 C:\Windows\SysWOW64\snmpapi.dll - ok
19:43:40.0625 6352 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
19:43:40.0625 6352 C:\Windows\System32\SensApi.dll - ok
19:43:40.0629 6352 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
19:43:40.0629 6352 C:\Windows\System32\fdPnp.dll - ok
19:43:40.0633 6352 [ 4C1244FEF74C60A4B1B151C76609CBE2 ] C:\Windows\System32\wsdchngr.dll
19:43:40.0633 6352 C:\Windows\System32\wsdchngr.dll - ok
19:43:40.0637 6352 [ AE30117031222A043FA51BCDA13AF543 ] C:\Windows\System32\wiafbdrv.dll
19:43:40.0637 6352 C:\Windows\System32\wiafbdrv.dll - ok
19:43:40.0640 6352 [ F8691BE29692D6EF1D3A29DC5E2BC8AB ] C:\Windows\System32\lxbkdrs.dll
19:43:40.0640 6352 C:\Windows\System32\lxbkdrs.dll - ok
19:43:40.0644 6352 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
19:43:40.0644 6352 C:\Windows\System32\wbem\wbemcore.dll - ok
19:43:40.0648 6352 [ BB9B57B6E63FE0931BE4A8EA17C14455 ] C:\Windows\System32\LXBKcfg.dll
19:43:40.0648 6352 C:\Windows\System32\LXBKcfg.dll - ok
19:43:40.0652 6352 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
19:43:40.0652 6352 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
19:43:40.0655 6352 [ 52FCEDC08CD2EE401D4BC1049179A274 ] C:\Windows\System32\rtscan.dll
19:43:40.0655 6352 C:\Windows\System32\rtscan.dll - ok
19:43:40.0659 6352 [ 94188F39287C6FD53716FA450F997535 ] C:\Windows\System32\lxbkcnv4.dll
19:43:40.0659 6352 C:\Windows\System32\lxbkcnv4.dll - ok
19:43:40.0662 6352 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
19:43:40.0662 6352 C:\Windows\System32\wer.dll - ok
19:43:40.0666 6352 [ 8BEA0348E53222D9D09FEDB6B074C554 ] C:\Program Files (x86)\AVG\AVG2013\avgxpl.dll
19:43:40.0666 6352 C:\Program Files (x86)\AVG\AVG2013\avgxpl.dll - ok
19:43:40.0670 6352 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
19:43:40.0670 6352 C:\Windows\System32\wbem\esscli.dll - ok
19:43:40.0673 6352 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
19:43:40.0673 6352 C:\Windows\System32\sqmapi.dll - ok
19:43:40.0677 6352 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
19:43:40.0677 6352 C:\Windows\System32\wbem\wbemsvc.dll - ok
19:43:40.0681 6352 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
19:43:40.0681 6352 C:\Windows\SysWOW64\wevtapi.dll - ok
19:43:40.0685 6352 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
19:43:40.0685 6352 C:\Windows\System32\wdscore.dll - ok
19:43:40.0688 6352 [ 13693B6354DD6E72DC5131DA7D764B90 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:43:40.0688 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - ok
19:43:40.0692 6352 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
19:43:40.0692 6352 C:\Windows\System32\rastapi.dll - ok
19:43:40.0696 6352 [ 6177E1A8F215576A56D437B48A00848B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll
19:43:40.0696 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll - ok
19:43:40.0700 6352 [ 12D2AAA2C2BC973E7FE3F7B5AC10A693 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
19:43:40.0700 6352 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
19:43:40.0704 6352 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
19:43:40.0704 6352 C:\Windows\System32\msxml3.dll - ok
19:43:40.0708 6352 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
19:43:40.0708 6352 C:\Windows\System32\tapi32.dll - ok
19:43:40.0711 6352 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
19:43:40.0711 6352 C:\Windows\System32\wbem\wmiutils.dll - ok
19:43:40.0715 6352 [ 295E1F2BC1AFDAFD98FF426BCE524BA9 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll
19:43:40.0715 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll - ok
19:43:40.0719 6352 [ EE4309C3BEBB9CA54E5A84E412023E0F ] C:\Program Files (x86)\AVG\AVG2013\avgwdwsc.dll
19:43:40.0719 6352 C:\Program Files (x86)\AVG\AVG2013\avgwdwsc.dll - ok
19:43:40.0723 6352 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
19:43:40.0723 6352 C:\Windows\System32\unimdm.tsp - ok
19:43:40.0726 6352 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
19:43:40.0726 6352 C:\Windows\System32\netcfgx.dll - ok
19:43:40.0730 6352 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
19:43:40.0730 6352 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
19:43:40.0734 6352 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll
19:43:40.0734 6352 C:\Windows\SysWOW64\wscapi.dll - ok
19:43:40.0737 6352 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
19:43:40.0737 6352 C:\Windows\System32\hnetcfg.dll - ok
19:43:40.0741 6352 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
19:43:40.0741 6352 C:\Windows\System32\uniplat.dll - ok
19:43:40.0745 6352 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
19:43:40.0745 6352 C:\Windows\SysWOW64\wbemcomn.dll - ok
19:43:40.0749 6352 [ A733CC986EB51F8FBF598B981DC19FBA ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll
19:43:40.0749 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll - ok
19:43:40.0752 6352 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
19:43:40.0752 6352 C:\Windows\System32\kmddsp.tsp - ok
19:43:40.0756 6352 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
19:43:40.0756 6352 C:\Windows\System32\wbem\repdrvfs.dll - ok
19:43:40.0760 6352 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
19:43:40.0760 6352 C:\Windows\System32\hidphone.tsp - ok
19:43:40.0764 6352 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
19:43:40.0764 6352 C:\Windows\System32\nci.dll - ok
19:43:40.0767 6352 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
19:43:40.0767 6352 C:\Windows\System32\ndptsp.tsp - ok
19:43:40.0771 6352 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
19:43:40.0771 6352 C:\Windows\SysWOW64\apphelp.dll - ok
19:43:40.0775 6352 [ 2FC6C98A23864B2E50E53B4848939EAF ] C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
19:43:40.0775 6352 C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe - ok
19:43:40.0778 6352 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
19:43:40.0778 6352 C:\Windows\System32\rasppp.dll - ok
19:43:40.0782 6352 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
19:43:40.0782 6352 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
19:43:40.0786 6352 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
19:43:40.0786 6352 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
19:43:40.0789 6352 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
19:43:40.0789 6352 C:\Windows\System32\vpnike.dll - ok
19:43:40.0793 6352 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
19:43:40.0793 6352 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
19:43:40.0797 6352 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
19:43:40.0797 6352 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
19:43:40.0801 6352 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
19:43:40.0801 6352 C:\Windows\SysWOW64\ntdsapi.dll - ok
19:43:40.0805 6352 [ 32BFCF1CA719F2A3A31C721BD5F90303 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll
19:43:40.0805 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll - ok
19:43:40.0808 6352 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
19:43:40.0808 6352 C:\Windows\System32\ncobjapi.dll - ok
19:43:40.0812 6352 [ DD2751B165C7DC4EC44E70C05D96523B ] C:\Program Files (x86)\AVG\AVG2013\avgcfga.dll
19:43:40.0812 6352 C:\Program Files (x86)\AVG\AVG2013\avgcfga.dll - ok
19:43:40.0816 6352 [ FF0602E28D69B977F889D435F902545E ] C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
19:43:40.0816 6352 C:\Program Files (x86)\AVG\AVG2013\avgemca.exe - ok
19:43:40.0820 6352 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
19:43:40.0820 6352 C:\Windows\System32\wbem\wbemess.dll - ok
19:43:40.0824 6352 [ 8622AE563E2AC2F8BF9FAFEE726FC7B8 ] C:\Program Files (x86)\AVG\AVG2013\avgsched.dll
19:43:40.0824 6352 C:\Program Files (x86)\AVG\AVG2013\avgsched.dll - ok
19:43:40.0828 6352 [ 40EE4E67311F4019CCA2120D88C60576 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll
19:43:40.0828 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll - ok
19:43:40.0832 6352 [ 09AB81CEE443569D9A3CC151DDF70444 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll
19:43:40.0832 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll - ok
19:43:40.0836 6352 [ FF9AFBD2864BBEA6A9E7F90F8C94F6B7 ] C:\Program Files (x86)\AVG\AVG2013\avgidpsdkx.dll
19:43:40.0836 6352 C:\Program Files (x86)\AVG\AVG2013\avgidpsdkx.dll - ok
19:43:40.0840 6352 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
19:43:40.0840 6352 C:\Windows\SysWOW64\logoncli.dll - ok
19:43:40.0843 6352 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
19:43:40.0843 6352 C:\Windows\SysWOW64\msi.dll - ok
19:43:40.0847 6352 [ F4E1314516A67A8A53F73406E867A09C ] C:\Program Files (x86)\AVG\AVG2013\avgkrnlapia.dll
19:43:40.0847 6352 C:\Program Files (x86)\AVG\AVG2013\avgkrnlapia.dll - ok
19:43:40.0851 6352 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
19:43:40.0851 6352 C:\Windows\System32\drivers\srv2.sys - ok
19:43:40.0854 6352 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
19:43:40.0854 6352 C:\Windows\System32\drivers\srv.sys - ok
19:43:40.0858 6352 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
19:43:40.0858 6352 C:\Windows\System32\mprapi.dll - ok
19:43:40.0862 6352 [ 2E420EA0DE469FD45DCC75961FB4DA4E ] C:\Program Files (x86)\AVG\AVG2013\avgsecapia.dll
19:43:40.0862 6352 C:\Program Files (x86)\AVG\AVG2013\avgsecapia.dll - ok
19:43:40.0866 6352 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
19:43:40.0866 6352 C:\Windows\SysWOW64\fltLib.dll - ok
19:43:40.0870 6352 [ 617E29A0B0A2807466560D4C4E338D3E ] C:\Windows\System32\drivers\Sftredirlh.sys
19:43:40.0870 6352 C:\Windows\System32\drivers\Sftredirlh.sys - ok
19:43:40.0872 6352 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
19:43:40.0872 6352 C:\Windows\SysWOW64\devrtl.dll - ok
19:43:40.0876 6352 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\SysWOW64\schannel.dll
19:43:40.0876 6352 C:\Windows\SysWOW64\schannel.dll - ok
19:43:40.0880 6352 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
19:43:40.0880 6352 C:\Windows\System32\netshell.dll - ok
19:43:40.0884 6352 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
19:43:40.0884 6352 C:\Windows\System32\netmsg.dll - ok
19:43:40.0888 6352 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
19:43:40.0888 6352 C:\Windows\System32\sscore.dll - ok
19:43:40.0891 6352 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
19:43:40.0891 6352 C:\Windows\System32\resutils.dll - ok
19:43:40.0895 6352 [ CF2C95D5FF3E37A535D0C9F2E7A1E0A2 ] C:\Windows\System32\evntagnt.dll
19:43:40.0895 6352 C:\Windows\System32\evntagnt.dll - ok
19:43:40.0899 6352 [ 90CC31E54E79E9E5800FFF3CCF2FC5DB ] C:\Windows\System32\inetmib1.dll
19:43:40.0899 6352 C:\Windows\System32\inetmib1.dll - ok
19:43:40.0903 6352 [ C55A9A7FDDDD58347F320E08BBA76FD3 ] C:\Windows\System32\snmpmib.dll
19:43:40.0903 6352 C:\Windows\System32\snmpmib.dll - ok
19:43:40.0907 6352 [ 85C81F2367126BAD531C86998CB4418A ] C:\Windows\System32\hostmib.dll
19:43:40.0907 6352 C:\Windows\System32\hostmib.dll - ok
19:43:40.0911 6352 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
19:43:40.0911 6352 C:\Windows\System32\localspl.dll - ok
19:43:40.0914 6352 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
19:43:40.0914 6352 C:\Windows\System32\spoolss.dll - ok
19:43:40.0918 6352 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
19:43:40.0918 6352 C:\Windows\System32\FXSMON.dll - ok
19:43:40.0922 6352 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
19:43:40.0922 6352 C:\Windows\System32\PrintIsolationProxy.dll - ok
19:43:40.0925 6352 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
19:43:40.0925 6352 C:\Windows\System32\tcpmon.dll - ok
19:43:40.0929 6352 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
19:43:40.0929 6352 C:\Windows\System32\wsnmp32.dll - ok
19:43:40.0933 6352 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
19:43:40.0933 6352 C:\Windows\System32\usbmon.dll - ok
19:43:40.0936 6352 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
19:43:40.0936 6352 C:\Windows\System32\WSDMon.dll - ok
19:43:40.0940 6352 [ 6EDC7EE901F8858B98957FA7233F9D7E ] C:\Windows\System32\lxbkcomc.dll
19:43:40.0940 6352 C:\Windows\System32\lxbkcomc.dll - ok
19:43:40.0944 6352 [ EED01A97DF560B6A4A129A689D89AB97 ] C:\Windows\System32\lxbklmpm.dll
19:43:40.0944 6352 C:\Windows\System32\lxbklmpm.dll - ok
19:43:40.0948 6352 [ 72794D112CBAFF3BC0C29BF7350D4741 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
19:43:40.0948 6352 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE - ok
19:43:40.0952 6352 [ C797D1677BA81306AFBB9FA8A9A8F483 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL
19:43:40.0952 6352 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL - ok
19:43:40.0956 6352 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
19:43:40.0956 6352 C:\Windows\SysWOW64\dbghelp.dll - ok
19:43:40.0960 6352 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
19:43:40.0960 6352 C:\Windows\SysWOW64\credui.dll - ok
19:43:40.0963 6352 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
19:43:40.0963 6352 C:\Windows\SysWOW64\oleacc.dll - ok
19:43:40.0968 6352 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
19:43:40.0968 6352 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
19:43:40.0971 6352 [ 565A30B70BE8A9B171839003F2D69683 ] C:\Windows\SysWOW64\hlink.dll
19:43:40.0971 6352 C:\Windows\SysWOW64\hlink.dll - ok
19:43:40.0975 6352 [ 74AF1FFCAFD60DA88A386AE161F56438 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll
19:43:40.0975 6352 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll - ok
19:43:40.0980 6352 [ B08E3476F0874DBAD672D0AC4FB2580B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll
19:43:40.0980 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll - ok
19:43:40.0984 6352 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\SysWOW64\msv1_0.dll
19:43:40.0984 6352 C:\Windows\SysWOW64\msv1_0.dll - ok
19:43:40.0987 6352 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\SysWOW64\cryptdll.dll
19:43:40.0987 6352 C:\Windows\SysWOW64\cryptdll.dll - ok
19:43:40.0991 6352 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\SysWOW64\msxml3.dll
19:43:40.0991 6352 C:\Windows\SysWOW64\msxml3.dll - ok
19:43:40.0994 6352 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
19:43:40.0994 6352 C:\Windows\System32\dllhost.exe - ok
19:43:40.0998 6352 [ F0DEFD8284C332D4ED6C56BA666AAF22 ] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
19:43:40.0998 6352 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll - ok
19:43:41.0002 6352 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
19:43:41.0002 6352 C:\Windows\System32\wlanapi.dll - ok
19:43:41.0006 6352 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
19:43:41.0006 6352 C:\Windows\System32\bitsperf.dll - ok
19:43:41.0010 6352 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
19:43:41.0010 6352 C:\Windows\System32\diagperf.dll - ok
19:43:41.0013 6352 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
19:43:41.0013 6352 C:\Windows\System32\IDStore.dll - ok
19:43:41.0017 6352 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
19:43:41.0017 6352 C:\Windows\System32\bitsigd.dll - ok
19:43:41.0021 6352 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
19:43:41.0021 6352 C:\Windows\System32\upnp.dll - ok
19:43:41.0025 6352 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
19:43:41.0025 6352 C:\Windows\System32\taskhost.exe - ok
19:43:41.0028 6352 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
19:43:41.0028 6352 C:\Windows\System32\AtBroker.exe - ok
19:43:41.0032 6352 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
19:43:41.0032 6352 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
19:43:41.0036 6352 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
19:43:41.0036 6352 C:\Windows\System32\mpr.dll - ok
19:43:41.0039 6352 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
19:43:41.0039 6352 C:\Windows\System32\PortableDeviceApi.dll - ok
19:43:41.0043 6352 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
19:43:41.0043 6352 C:\Windows\System32\userinit.exe - ok
19:43:41.0047 6352 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
19:43:41.0047 6352 C:\Windows\System32\perftrack.dll - ok
19:43:41.0050 6352 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
19:43:41.0050 6352 C:\Windows\explorer.exe - ok
19:43:41.0054 6352 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
19:43:41.0054 6352 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
19:43:41.0058 6352 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
19:43:41.0058 6352 C:\Windows\System32\rundll32.exe - ok
19:43:41.0062 6352 [ F883C5D384510B69B1EC30F1BB592704 ] C:\Windows\System32\spool\prtprocs\x64\lxbkpp6c.dll
19:43:41.0062 6352 C:\Windows\System32\spool\prtprocs\x64\lxbkpp6c.dll - ok
19:43:41.0066 6352 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
19:43:41.0066 6352 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
19:43:41.0070 6352 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
19:43:41.0070 6352 C:\Windows\System32\drivers\WUDFRd.sys - ok
19:43:41.0074 6352 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
19:43:41.0074 6352 C:\Windows\System32\PlaySndSrv.dll - ok
19:43:41.0078 6352 [ 674B9AD48FB33A39D2550B2874BB768F ] C:\Windows\System32\hotplug.dll
19:43:41.0078 6352 C:\Windows\System32\hotplug.dll - ok
19:43:41.0081 6352 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
19:43:41.0081 6352 C:\Windows\System32\wbem\cimwin32.dll - ok
19:43:41.0085 6352 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
19:43:41.0085 6352 C:\Windows\System32\WUDFHost.exe - ok
19:43:41.0089 6352 [ 2110CE8CB4C6937200A973AD0B70F33D ] C:\Windows\AppPatch\AcRes.dll
19:43:41.0089 6352 C:\Windows\AppPatch\AcRes.dll - ok
19:43:41.0093 6352 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
19:43:41.0093 6352 C:\Windows\System32\HotStartUserAgent.dll - ok
19:43:41.0096 6352 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
19:43:41.0096 6352 C:\Windows\System32\MsCtfMonitor.dll - ok
19:43:41.0100 6352 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
19:43:41.0100 6352 C:\Windows\System32\msutb.dll - ok
19:43:41.0104 6352 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
19:43:41.0104 6352 C:\Windows\System32\npmproxy.dll - ok
19:43:41.0107 6352 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
19:43:41.0107 6352 C:\Windows\System32\WUDFx.dll - ok
19:43:41.0111 6352 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
19:43:41.0111 6352 C:\Windows\System32\dimsjob.dll - ok
19:43:41.0115 6352 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
19:43:41.0115 6352 C:\Windows\System32\dwmredir.dll - ok
19:43:41.0119 6352 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
19:43:41.0119 6352 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
19:43:41.0122 6352 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
19:43:41.0122 6352 C:\Windows\System32\dwmcore.dll - ok
19:43:41.0125 6352 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
19:43:41.0125 6352 C:\Windows\System32\pautoenr.dll - ok
19:43:41.0128 6352 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
19:43:41.0128 6352 C:\Windows\System32\certcli.dll - ok
19:43:41.0132 6352 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
19:43:41.0132 6352 C:\Windows\System32\d3d10_1.dll - ok
19:43:41.0136 6352 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
19:43:41.0136 6352 C:\Windows\System32\d3d10_1core.dll - ok
19:43:41.0139 6352 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
19:43:41.0139 6352 C:\Windows\System32\dxgi.dll - ok
19:43:41.0143 6352 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
19:43:41.0143 6352 C:\Windows\System32\Apphlpdm.dll - ok
19:43:41.0146 6352 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
19:43:41.0146 6352 C:\Windows\System32\pnpts.dll - ok
19:43:41.0150 6352 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
19:43:41.0150 6352 C:\Windows\System32\wdiasqmmodule.dll - ok
19:43:41.0154 6352 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
19:43:41.0154 6352 C:\Windows\System32\radardt.dll - ok
19:43:41.0157 6352 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
19:43:41.0157 6352 C:\Windows\System32\WMVCORE.DLL - ok
19:43:41.0161 6352 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
19:43:41.0161 6352 C:\Windows\System32\CertEnroll.dll - ok
19:43:41.0164 6352 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
19:43:41.0165 6352 C:\Windows\System32\win32spl.dll - ok
19:43:41.0168 6352 [ B0F6619DA9B4DBF58FE86E5934AEC949 ] C:\Windows\System32\aticfx64.dll
19:43:41.0168 6352 C:\Windows\System32\aticfx64.dll - ok
19:43:41.0172 6352 [ 725027EB23A0F4F8BB68D0732632C8E4 ] C:\Windows\System32\atiuxp64.dll
19:43:41.0172 6352 C:\Windows\System32\atiuxp64.dll - ok
19:43:41.0176 6352 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
19:43:41.0176 6352 C:\Windows\System32\inetpp.dll - ok
19:43:41.0179 6352 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
19:43:41.0179 6352 C:\Windows\System32\cscapi.dll - ok
19:43:41.0183 6352 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
19:43:41.0183 6352 C:\Windows\System32\framedynos.dll - ok
19:43:41.0187 6352 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
19:43:41.0187 6352 C:\Windows\System32\qmgrprxy.dll - ok
19:43:41.0191 6352 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
19:43:41.0191 6352 C:\Windows\SysWOW64\qmgrprxy.dll - ok
19:43:41.0194 6352 [ ABF41C6B13E9BEC82457E9D1668475E3 ] C:\Windows\System32\atidxx64.dll
19:43:41.0195 6352 C:\Windows\System32\atidxx64.dll - ok
19:43:41.0198 6352 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
19:43:41.0198 6352 C:\Windows\System32\ExplorerFrame.dll - ok
19:43:41.0202 6352 [ 2693448F9BE4CE1809188495D1D711E1 ] C:\Windows\System32\lmmib2.dll
19:43:41.0202 6352 C:\Windows\System32\lmmib2.dll - ok
19:43:41.0206 6352 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
19:43:41.0206 6352 C:\Windows\System32\browcli.dll - ok
19:43:41.0209 6352 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
19:43:41.0209 6352 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
19:43:41.0213 6352 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
19:43:41.0213 6352 C:\Windows\System32\IPSECSVC.DLL - ok
19:43:41.0217 6352 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
19:43:41.0217 6352 C:\Windows\SysWOW64\rasadhlp.dll - ok
19:43:41.0221 6352 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
19:43:41.0221 6352 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
19:43:41.0224 6352 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
19:43:41.0224 6352 C:\Windows\System32\FwRemoteSvr.dll - ok
19:43:41.0228 6352 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
19:43:41.0228 6352 C:\Windows\System32\WMASF.DLL - ok
19:43:41.0232 6352 [ 51FCBAE9178BAE573026933317C95CB2 ] C:\Program Files (x86)\AVG\AVG2013\avgxpla.dll
19:43:41.0232 6352 C:\Program Files (x86)\AVG\AVG2013\avgxpla.dll - ok
19:43:41.0236 6352 [ 7E87637EECBACBB11BBA1124B805A747 ] C:\Program Files (x86)\AVG\AVG2013\avgopenssla.dll
19:43:41.0236 6352 C:\Program Files (x86)\AVG\AVG2013\avgopenssla.dll - ok
19:43:41.0239 6352 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
19:43:41.0239 6352 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
19:43:41.0243 6352 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
19:43:41.0243 6352 C:\Windows\System32\uDWM.dll - ok
19:43:41.0247 6352 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
19:43:41.0247 6352 C:\Windows\System32\PortableDeviceTypes.dll - ok
19:43:41.0250 6352 [ B73E1570D7BD1B02C8DA8F3B0A9D5CFF ] C:\Windows\System32\wpcumi.dll
19:43:41.0250 6352 C:\Windows\System32\wpcumi.dll - ok
19:43:41.0254 6352 [ C3D545F4646303A864C8DFA85B33F476 ] C:\Windows\System32\TaskSchdPS.dll
19:43:41.0254 6352 C:\Windows\System32\TaskSchdPS.dll - ok
19:43:41.0258 6352 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
19:43:41.0258 6352 C:\Windows\System32\EhStorShell.dll - ok
19:43:41.0261 6352 [ 88781403D232AF2BE781AC12856BC533 ] C:\Windows\System32\Wpc.dll
19:43:41.0262 6352 C:\Windows\System32\Wpc.dll - ok
19:43:41.0265 6352 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
19:43:41.0265 6352 C:\Windows\System32\ntshrui.dll - ok
19:43:41.0269 6352 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
19:43:41.0269 6352 C:\Windows\System32\IconCodecService.dll - ok
19:43:41.0272 6352 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
19:43:41.0272 6352 C:\Windows\SysWOW64\ncrypt.dll - ok
19:43:41.0275 6352 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
19:43:41.0275 6352 C:\Windows\SysWOW64\bcrypt.dll - ok
19:43:41.0279 6352 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
19:43:41.0279 6352 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
19:43:41.0283 6352 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
19:43:41.0283 6352 C:\Windows\SysWOW64\cryptnet.dll - ok
19:43:41.0287 6352 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
19:43:41.0287 6352 C:\Windows\SysWOW64\gpapi.dll - ok
19:43:41.0290 6352 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
19:43:41.0290 6352 C:\Windows\System32\runonce.exe - ok
19:43:41.0294 6352 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
19:43:41.0294 6352 C:\Windows\SysWOW64\runonce.exe - ok
19:43:41.0298 6352 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
19:43:41.0298 6352 C:\Windows\SysWOW64\uxtheme.dll - ok
19:43:41.0302 6352 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
19:43:41.0302 6352 C:\Windows\SysWOW64\propsys.dll - ok
19:43:41.0305 6352 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
19:43:41.0305 6352 C:\Windows\System32\esent.dll - ok
19:43:41.0309 6352 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
19:43:41.0309 6352 C:\Windows\SysWOW64\cmd.exe - ok
19:43:41.0313 6352 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
19:43:41.0313 6352 C:\Windows\SysWOW64\winbrand.dll - ok
19:43:41.0316 6352 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
19:43:41.0316 6352 C:\Windows\SysWOW64\ieframe.dll - ok
19:43:41.0320 6352 [ F2C82BA7E80C6054D5D20F3FBD4CFD34 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
19:43:41.0320 6352 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE - ok
19:43:41.0324 6352 [ 193B810608624D9D66B40E7CE3B86905 ] C:\Windows\SysWOW64\sftldr_wow64.dll
19:43:41.0324 6352 C:\Windows\SysWOW64\sftldr_wow64.dll - ok
19:43:41.0328 6352 [ 56DE449CE5F659D4492E81094542392B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sentinel.dll
19:43:41.0328 6352 C:\Program Files (x86)\Microsoft Application Virtualization Client\sentinel.dll - ok
19:43:41.0332 6352 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
19:43:41.0332 6352 C:\Windows\SysWOW64\shdocvw.dll - ok
19:43:41.0336 6352 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Dee\AppData\Local\Temp\0702B730-FF76-4897-9AB8-30C1F2CBE653.exe
19:43:41.0336 6352 C:\Users\Dee\AppData\Local\Temp\0702B730-FF76-4897-9AB8-30C1F2CBE653.exe - ok
19:43:41.0340 6352 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
19:43:41.0340 6352 C:\Windows\SysWOW64\dwmapi.dll - ok
19:43:41.0344 6352 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
19:43:41.0344 6352 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
19:43:41.0347 6352 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
19:43:41.0347 6352 C:\Windows\SysWOW64\EhStorShell.dll - ok
19:43:41.0351 6352 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
19:43:41.0351 6352 C:\Windows\SysWOW64\ntshrui.dll - ok
19:43:41.0355 6352 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
19:43:41.0355 6352 C:\Windows\SysWOW64\cscapi.dll - ok
19:43:41.0358 6352 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
19:43:41.0358 6352 C:\Windows\SysWOW64\imageres.dll - ok
19:43:41.0363 6352 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
19:43:41.0363 6352 C:\Windows\SysWOW64\slc.dll - ok
19:43:41.0366 6352 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
19:43:41.0366 6352 C:\Windows\System32\wbem\NCProv.dll - ok
19:43:41.0370 6352 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
19:43:41.0370 6352 C:\Windows\System32\wmploc.DLL - ok
19:43:41.0374 6352 [ 2C647ABE9A424E55B5F3DAE4629B4277 ] C:\Windows\System32\themeui.dll
19:43:41.0374 6352 C:\Windows\System32\themeui.dll - ok
19:43:41.0376 6352 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
19:43:41.0376 6352 C:\Windows\System32\ie4uinit.exe - ok
19:43:41.0380 6352 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
19:43:41.0380 6352 C:\Windows\System32\timedate.cpl - ok
19:43:41.0384 6352 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
19:43:41.0384 6352 C:\Windows\System32\actxprxy.dll - ok
19:43:41.0387 6352 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
19:43:41.0387 6352 C:\Windows\System32\shdocvw.dll - ok
19:43:41.0391 6352 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
19:43:41.0391 6352 C:\Windows\System32\linkinfo.dll - ok
19:43:41.0395 6352 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
19:43:41.0395 6352 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
19:43:41.0399 6352 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
19:43:41.0399 6352 C:\Windows\System32\msftedit.dll - ok
19:43:41.0402 6352 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
19:43:41.0402 6352 C:\Windows\System32\msls31.dll - ok
19:43:41.0406 6352 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
19:43:41.0406 6352 C:\Windows\System32\gameux.dll - ok
19:43:41.0410 6352 [ 554A50B5310E702029D3A675459108FF ] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
19:43:41.0410 6352 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe - ok
19:43:41.0413 6352 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
19:43:41.0413 6352 C:\Windows\System32\DeviceCenter.dll - ok
19:43:41.0417 6352 [ A84F0E367CC45269DF77262FCA2004D0 ] C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
19:43:41.0417 6352 C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe - ok
19:43:41.0421 6352 [ 3ED807BB993D00C38836CCBC4DFE9EA6 ] C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
19:43:41.0421 6352 C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe - ok
19:43:41.0425 6352 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
19:43:41.0425 6352 C:\Windows\System32\msiltcfg.dll - ok
19:43:41.0428 6352 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
19:43:41.0428 6352 C:\Windows\System32\msi.dll - ok
19:43:41.0432 6352 [ 1405366BE32B866645DA48D05E62F222 ] C:\Program Files (x86)\Lexmark X1100 Series\rtscan.dll
19:43:41.0432 6352 C:\Program Files (x86)\Lexmark X1100 Series\rtscan.dll - ok
19:43:41.0436 6352 [ FB0C8699B87F7140BB6201BE7B4B6778 ] C:\Windows\vsnpstd3.exe
19:43:41.0436 6352 C:\Windows\vsnpstd3.exe - ok
19:43:41.0440 6352 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
19:43:41.0440 6352 C:\Windows\System32\ieframe.dll - ok
19:43:41.0443 6352 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
19:43:41.0443 6352 C:\Windows\SysWOW64\winmm.dll - ok
19:43:41.0447 6352 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
19:43:41.0447 6352 C:\Windows\SysWOW64\mfc42.dll - ok
19:43:41.0450 6352 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
19:43:41.0451 6352 C:\Windows\SysWOW64\odbc32.dll - ok
19:43:41.0454 6352 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
19:43:41.0454 6352 C:\Windows\SysWOW64\odbcint.dll - ok
19:43:41.0458 6352 [ FFF8CDA023394E7E352638E6B080919E ] C:\Program Files\Comcast\pcTrayApp.exe
19:43:41.0458 6352 C:\Program Files\Comcast\pcTrayApp.exe - ok
19:43:41.0462 6352 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
19:43:41.0462 6352 C:\Windows\System32\oleacc.dll - ok
19:43:41.0465 6352 [ 4916401FE5CEC4307902EB60CEB7BE3F ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
19:43:41.0465 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe - ok
19:43:41.0470 6352 [ FA77ABFEE7F929E2BE8F6CD8859C56CE ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
19:43:41.0470 6352 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe - ok
19:43:41.0474 6352 [ 418AE84D90DBA6925849423221AD83BE ] C:\Program Files (x86)\ATI Technologies\HydraVision\hydraenu.dll
19:43:41.0474 6352 C:\Program Files (x86)\ATI Technologies\HydraVision\hydraenu.dll - ok
19:43:41.0477 6352 [ E7088444721498C937DFD5CB3CEFF2B6 ] C:\Windows\SysWOW64\atiadlxy.dll
19:43:41.0477 6352 C:\Windows\SysWOW64\atiadlxy.dll - ok
19:43:41.0481 6352 [ E09EFDAE4A93765ECEA0D5A31FC242E3 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
19:43:41.0481 6352 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe - ok
19:43:41.0485 6352 [ F74510AB819FF5E3EA9F294A800FC85F ] C:\Program Files\Common Files\Motive\pcContextX.dll
19:43:41.0485 6352 C:\Program Files\Common Files\Motive\pcContextX.dll - ok
19:43:41.0489 6352 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
19:43:41.0489 6352 C:\Windows\System32\thumbcache.dll - ok
19:43:41.0493 6352 [ 43ED5D741FC4BCCA450ECD76A6464B46 ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
19:43:41.0493 6352 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll - ok
19:43:41.0496 6352 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
19:43:41.0496 6352 C:\Windows\System32\networkexplorer.dll - ok
19:43:41.0500 6352 [ 7883D864F0593CB4B49D1BC3078C37B5 ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
19:43:41.0500 6352 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe - ok
19:43:41.0504 6352 [ 59DD9251BDD9CA522A0E510B98B5933D ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
19:43:41.0504 6352 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll - ok
19:43:41.0508 6352 [ 2C6DFC761F1DAE61940C7EAE97EBDB19 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
19:43:41.0508 6352 C:\Program Files (x86)\Skype\Phone\Skype.exe - ok
19:43:41.0512 6352 [ 5516C26A6AF8EB4E2CAB48EC98A74398 ] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
19:43:41.0512 6352 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe - ok
19:43:41.0515 6352 [ 6F9455F97D5D91FDEEC0F344E70A2D0E ] C:\Windows\FixCamera.exe
19:43:41.0516 6352 C:\Windows\FixCamera.exe - ok
19:43:41.0519 6352 [ 954703C65A83E2E66EE31678A30A57C3 ] C:\Program Files (x86)\PDF Complete\pdfsty.exe
19:43:41.0519 6352 C:\Program Files (x86)\PDF Complete\pdfsty.exe - ok
19:43:41.0523 6352 [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
19:43:41.0523 6352 C:\Windows\System32\l3codeca.acm - ok
19:43:41.0527 6352 [ 99F7C16BA2198332F19F2703D3D695C3 ] C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
19:43:41.0527 6352 C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe - ok
19:43:41.0531 6352 [ D2DAD71C96C113ED07F7BB79AD831C28 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:43:41.0531 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
19:43:41.0535 6352 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
19:43:41.0535 6352 C:\Windows\System32\UIAnimation.dll - ok
19:43:41.0539 6352 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
19:43:41.0539 6352 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
19:43:41.0543 6352 [ C85C6C5B466440BC833FCCF1CDB0B718 ] C:\Windows\SysWOW64\OpenCL.dll
19:43:41.0543 6352 C:\Windows\SysWOW64\OpenCL.dll - ok
19:43:41.0547 6352 [ A3800DDB103BA33BB960905A37F12C5B ] C:\Windows\SysWOW64\kdbsdk32.dll
19:43:41.0547 6352 C:\Windows\SysWOW64\kdbsdk32.dll - ok
19:43:41.0550 6352 [ 6CD72592F71F43E596FD3FEC6D0C2066 ] C:\Windows\tsnpstd3.exe
19:43:41.0550 6352 C:\Windows\tsnpstd3.exe - ok
19:43:41.0554 6352 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
19:43:41.0554 6352 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
19:43:41.0558 6352 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\61122441.sys
19:43:41.0558 6352 C:\Windows\System32\drivers\61122441.sys - ok
19:43:41.0562 6352 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
19:43:41.0562 6352 C:\Windows\SysWOW64\comdlg32.dll - ok
19:43:41.0566 6352 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
19:43:41.0566 6352 C:\Windows\SysWOW64\oledlg.dll - ok
19:43:41.0570 6352 [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
19:43:41.0570 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
19:43:41.0574 6352 [ 8476E1C89C9D9834102EF86B651C6F39 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
19:43:41.0574 6352 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
19:43:41.0578 6352 [ 7290A6DD34862278DF9E26D96E5A95D8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
19:43:41.0578 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
19:43:41.0582 6352 [ 703FFD301AB900B047337C5D40FD6F96 ] C:\Windows\SysWOW64\olepro32.dll
19:43:41.0582 6352 C:\Windows\SysWOW64\olepro32.dll - ok
19:43:41.0586 6352 [ ECB68740144E027E14675E21A3096FDB ] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
19:43:41.0586 6352 C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe - ok
19:43:41.0590 6352 [ 2FDFA845DCE5D6A843E413F18307561A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
19:43:41.0590 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
19:43:41.0594 6352 [ 07EA6E9DA1EA98738B9A03194B5D789A ] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_Startup.exe
19:43:41.0594 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_Startup.exe - ok
19:43:41.0598 6352 [ 637971702D3D13E913C627DBD3B24A24 ] C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe
19:43:41.0598 6352 C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe - ok
19:43:41.0602 6352 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
19:43:41.0602 6352 C:\Windows\System32\stobject.dll - ok
19:43:41.0606 6352 [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:43:41.0606 6352 C:\Program Files (x86)\QuickTime\QTTask.exe - ok
19:43:41.0610 6352 [ 1AA06C81A0621E277E755B965B5E4B5F ] C:\Program Files (x86)\Portrait Displays\Pivot Software\ijl15.dll
19:43:41.0610 6352 C:\Program Files (x86)\Portrait Displays\Pivot Software\ijl15.dll - ok
19:43:41.0614 6352 [ 1D2B51E5291448DA123644A41250F6D6 ] C:\Program Files (x86)\AVG\AVG2013\avgui.exe
19:43:41.0614 6352 C:\Program Files (x86)\AVG\AVG2013\avgui.exe - ok
19:43:41.0618 6352 [ 9972A6ED4F2388DBFA8E0A96F6F3FDF1 ] C:\Program Files (x86)\Portrait Displays\Pivot Software\msvcr70.dll
19:43:41.0618 6352 C:\Program Files (x86)\Portrait Displays\Pivot Software\msvcr70.dll - ok
19:43:41.0622 6352 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
19:43:41.0622 6352 C:\Windows\System32\batmeter.dll - ok
19:43:41.0624 6352 [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
19:43:41.0624 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
19:43:41.0628 6352 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
19:43:41.0628 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
19:43:41.0632 6352 [ D04F7AACA2319A3BCDB2C5D5DD6F6026 ] C:\Program Files (x86)\Portrait Displays\Pivot Software\msvcp70.dll
19:43:41.0632 6352 C:\Program Files (x86)\Portrait Displays\Pivot Software\msvcp70.dll - ok
19:43:41.0636 6352 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
19:43:41.0636 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
19:43:41.0641 6352 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
19:43:41.0641 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
19:43:41.0644 6352 [ C19AD78B8B09B3622B20F9106AB3A269 ] C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll
19:43:41.0645 6352 C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll - ok
19:43:41.0649 6352 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
19:43:41.0649 6352 C:\Windows\System32\prnfldr.dll - ok
19:43:41.0653 6352 [ 219C7D4A3E7D5FA8FB773EC31DC9B95D ] C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
19:43:41.0653 6352 C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe - ok
19:43:41.0657 6352 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
19:43:41.0657 6352 C:\Windows\System32\fdProxy.dll - ok
19:43:41.0660 6352 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
19:43:41.0661 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
19:43:41.0665 6352 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
19:43:41.0665 6352 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
19:43:41.0669 6352 [ EBC9F12561485A348A21FBE4BC5038C4 ] C:\Windows\SysWOW64\amdocl.dll
19:43:41.0669 6352 C:\Windows\SysWOW64\amdocl.dll - ok
19:43:41.0673 6352 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
19:43:41.0673 6352 C:\Windows\System32\DXP.dll - ok
19:43:41.0676 6352 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
19:43:41.0677 6352 C:\Windows\SysWOW64\riched20.dll - ok
19:43:41.0680 6352 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
19:43:41.0680 6352 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
19:43:41.0684 6352 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
19:43:41.0684 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
19:43:41.0688 6352 [ F3DE10AABD5C7A1A186C9966F037D0C0 ] C:\Windows\SysWOW64\mfc100u.dll
19:43:41.0688 6352 C:\Windows\SysWOW64\mfc100u.dll - ok
19:43:41.0692 6352 [ 029F049D44F5B7ACAC3228A0A582F724 ] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
19:43:41.0692 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll - ok
19:43:41.0696 6352 [ 4E3637577EF623F1D3B703C44A82BDBE ] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
19:43:41.0696 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe - ok
19:43:41.0700 6352 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
19:43:41.0700 6352 C:\Windows\System32\Syncreg.dll - ok
19:43:41.0704 6352 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
19:43:41.0704 6352 C:\Windows\System32\AltTab.dll - ok
19:43:41.0707 6352 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
19:43:41.0707 6352 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
19:43:41.0711 6352 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
19:43:41.0711 6352 C:\Windows\ehome\ehSSO.dll - ok
19:43:41.0715 6352 [ 01C6EE9A205DEFFEE7185F667FEE38C1 ] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DThook.dll
19:43:41.0715 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DThook.dll - ok
19:43:41.0718 6352 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
19:43:41.0719 6352 C:\Windows\System32\shfolder.dll - ok
19:43:41.0722 6352 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
19:43:41.0722 6352 C:\Windows\System32\WPDShServiceObj.dll - ok
19:43:41.0726 6352 [ 396577358BE73ABCFE9BAB3BEB8634E5 ] C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\wrapi2c.dll
19:43:41.0726 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\wrapi2c.dll - ok
19:43:41.0730 6352 [ 264915B38382107D059382446387E507 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\colorcal.dll
19:43:41.0730 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\colorcal.dll - ok
19:43:41.0734 6352 [ BDA764A1F0A942299E0F204908389082 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
19:43:41.0734 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll - ok
19:43:41.0739 6352 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
19:43:41.0739 6352 C:\Windows\System32\pnidui.dll - ok
19:43:41.0742 6352 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
19:43:41.0742 6352 C:\Windows\SysWOW64\duser.dll - ok
19:43:41.0746 6352 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
19:43:41.0746 6352 C:\Windows\SysWOW64\mscoree.dll - ok
19:43:41.0749 6352 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
19:43:41.0749 6352 C:\Windows\SysWOW64\dui70.dll - ok
19:43:41.0753 6352 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
19:43:41.0753 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
19:43:41.0757 6352 [ 8862CA448EE7835D1595390B9A00F6DB ] C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\null.dll
19:43:41.0757 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\null.dll - ok
19:43:41.0761 6352 [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
19:43:41.0761 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
19:43:41.0765 6352 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
19:43:41.0765 6352 C:\Windows\System32\QUTIL.DLL - ok
19:43:41.0769 6352 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
19:43:41.0769 6352 C:\Windows\System32\srchadmin.dll - ok
19:43:41.0773 6352 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
19:43:41.0773 6352 C:\Windows\System32\tquery.dll - ok
19:43:41.0776 6352 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
19:43:41.0776 6352 C:\Windows\System32\bthprops.cpl - ok
19:43:41.0780 6352 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
19:43:41.0780 6352 C:\Windows\SysWOW64\msimg32.dll - ok
19:43:41.0784 6352 [ 2A2C442F00B45E01D4C882EEA69A01BC ] C:\Windows\SysWOW64\mfc100enu.dll
19:43:41.0784 6352 C:\Windows\SysWOW64\mfc100enu.dll - ok
19:43:41.0787 6352 [ EC8771B7E50FEF948A57A1C065AC944B ] C:\Program Files (x86)\AVG\AVG2013\avgkrnlapix.dll
19:43:41.0788 6352 C:\Program Files (x86)\AVG\AVG2013\avgkrnlapix.dll - ok
19:43:41.0791 6352 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
19:43:41.0791 6352 C:\Windows\System32\ActionCenter.dll - ok
19:43:41.0795 6352 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
19:43:41.0795 6352 C:\Windows\System32\rasdlg.dll - ok
19:43:41.0798 6352 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
19:43:41.0798 6352 C:\Windows\System32\mssrch.dll - ok
19:43:41.0802 6352 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
19:43:41.0802 6352 C:\Windows\System32\dot3api.dll - ok
19:43:41.0806 6352 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
19:43:41.0806 6352 C:\Windows\System32\wlanhlp.dll - ok
19:43:41.0810 6352 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
19:43:41.0810 6352 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
19:43:41.0814 6352 [ 9730643AB698D3B7F19D9192E4D3E4B0 ] C:\Program Files (x86)\AVG\AVG2013\avgidpmx.dll
19:43:41.0814 6352 C:\Program Files (x86)\AVG\AVG2013\avgidpmx.dll - ok
19:43:41.0817 6352 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
19:43:41.0817 6352 C:\Windows\System32\WWanAPI.dll - ok
19:43:41.0821 6352 [ 283ACFD9F57957ED9C670DDBE6F80F73 ] C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\smsc.dll
19:43:41.0821 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\smsc.dll - ok
19:43:41.0825 6352 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
19:43:41.0825 6352 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
19:43:41.0829 6352 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
19:43:41.0829 6352 C:\Windows\System32\msidle.dll - ok
19:43:41.0832 6352 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
19:43:41.0832 6352 C:\Windows\System32\wwapi.dll - ok
19:43:41.0836 6352 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
19:43:41.0836 6352 C:\Windows\System32\QAGENT.DLL - ok
19:43:41.0840 6352 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
19:43:41.0840 6352 C:\Windows\System32\mssprxy.dll - ok
19:43:41.0844 6352 [ DFDF919265139FF792D42DEC0899397E ] C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
19:43:41.0844 6352 C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe - ok
19:43:41.0847 6352 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
19:43:41.0848 6352 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
19:43:41.0851 6352 [ 751EEDB874FD17A6F26B9E2CC5E19170 ] C:\Program Files (x86)\AVG\AVG2013\avglngx.dll
19:43:41.0851 6352 C:\Program Files (x86)\AVG\AVG2013\avglngx.dll - ok
19:43:41.0855 6352 [ DA362B18ECC0352C188DEA4D0AB37745 ] C:\Windows\SysWOW64\aticaldd.dll
19:43:41.0855 6352 C:\Windows\SysWOW64\aticaldd.dll - ok
19:43:41.0859 6352 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
19:43:41.0859 6352 C:\Windows\System32\en-US\tquery.dll.mui - ok
19:43:41.0863 6352 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
19:43:41.0863 6352 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
19:43:41.0867 6352 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
19:43:41.0867 6352 C:\Windows\SysWOW64\d3d9.dll - ok
19:43:41.0871 6352 [ EB74C861075ECFA1B51B396615387657 ] C:\Program Files (x86)\AVG\AVG2013\avguires.dll
19:43:41.0871 6352 C:\Program Files (x86)\AVG\AVG2013\avguires.dll - ok
19:43:41.0874 6352 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
19:43:41.0874 6352 C:\Windows\System32\wmdrmdev.dll - ok
19:43:41.0877 6352 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
19:43:41.0877 6352 C:\Windows\System32\drmv2clt.dll - ok
19:43:41.0880 6352 [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\SysWOW64\pdh.dll
19:43:41.0880 6352 C:\Windows\SysWOW64\pdh.dll - ok
19:43:41.0884 6352 [ E63164D70DC1176C55F50C3B70BA25C7 ] C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_ati2.dll
19:43:41.0884 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_ati2.dll - ok
19:43:41.0888 6352 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
19:43:41.0888 6352 C:\Windows\System32\FXSST.dll - ok
19:43:41.0892 6352 [ A317F9DD0FAD747A2149EB6C5480138C ] C:\Windows\SysWOW64\atipdlxx.dll
19:43:41.0892 6352 C:\Windows\SysWOW64\atipdlxx.dll - ok
19:43:41.0896 6352 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
19:43:41.0896 6352 C:\Windows\SysWOW64\d3d8thk.dll - ok
19:43:41.0899 6352 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
19:43:41.0899 6352 C:\Windows\SysWOW64\shfolder.dll - ok
19:43:41.0903 6352 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
19:43:41.0903 6352 C:\Windows\SysWOW64\msacm32.dll - ok
19:43:41.0906 6352 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
19:43:41.0906 6352 C:\Windows\SysWOW64\samcli.dll - ok
19:43:41.0910 6352 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
19:43:41.0910 6352 C:\Windows\System32\wmp.dll - ok
19:43:41.0914 6352 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
19:43:41.0914 6352 C:\Windows\SysWOW64\avrt.dll - ok
19:43:41.0917 6352 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
19:43:41.0917 6352 C:\Windows\SysWOW64\cryptui.dll - ok
19:43:41.0921 6352 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
19:43:41.0921 6352 C:\Windows\System32\FXSAPI.dll - ok
19:43:41.0925 6352 [ 4FB3EC44D763C1977B46F7290DF492D9 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
19:43:41.0925 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll - ok
19:43:41.0929 6352 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
19:43:41.0929 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
19:43:41.0933 6352 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\SysWOW64\mapi32.dll
19:43:41.0933 6352 C:\Windows\SysWOW64\mapi32.dll - ok
19:43:41.0937 6352 [ F7E915FA38C119101873AE5E0E7C8B66 ] C:\Program Files (x86)\AVG\AVG2013\avgapps.dll
19:43:41.0937 6352 C:\Program Files (x86)\AVG\AVG2013\avgapps.dll - ok
19:43:41.0940 6352 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
19:43:41.0940 6352 C:\Windows\System32\FXSSVC.exe - ok
19:43:41.0944 6352 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
19:43:41.0944 6352 C:\Windows\SysWOW64\wlanapi.dll - ok
19:43:41.0948 6352 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
19:43:41.0948 6352 C:\Windows\SysWOW64\wlanutil.dll - ok
19:43:41.0952 6352 [ 691771D7570A53130E7E885D8266E6C0 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
19:43:41.0952 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
19:43:41.0956 6352 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:43:41.0956 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
19:43:41.0960 6352 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
19:43:41.0960 6352 C:\Windows\SysWOW64\linkinfo.dll - ok
19:43:41.0963 6352 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
19:43:41.0963 6352 C:\Windows\System32\taskeng.exe - ok
19:43:41.0967 6352 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:43:41.0967 6352 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
19:43:41.0972 6352 [ 200AB1D627DE791C3DBABE1A134F7FAB ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-18\Indiv01_64.key
19:43:41.0972 6352 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-18\Indiv01_64.key - ok
19:43:41.0976 6352 [ 2D0157B482115B37F1D84D69A22790D4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
19:43:41.0976 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
19:43:41.0979 6352 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
19:43:41.0979 6352 C:\Windows\System32\msvcr100_clr0400.dll - ok
19:43:41.0983 6352 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
19:43:41.0983 6352 C:\Windows\System32\mscoree.dll - ok
19:43:41.0987 6352 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
19:43:41.0987 6352 C:\Windows\System32\TSChannel.dll - ok
19:43:41.0991 6352 [ A91F3E7B431F2A59E9E0BEDBF7D31CE2 ] C:\Windows\SysWOW64\atigktxx.dll
19:43:41.0991 6352 C:\Windows\SysWOW64\atigktxx.dll - ok
19:43:41.0995 6352 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
19:43:41.0995 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
19:43:41.0999 6352 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
19:43:41.0999 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
19:43:42.0003 6352 [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
19:43:42.0003 6352 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
19:43:42.0007 6352 [ C4002B6B41975F057D98C439030CEA07 ] C:\Windows\ehome\ehrecvr.exe
19:43:42.0007 6352 C:\Windows\ehome\ehrecvr.exe - ok
19:43:42.0011 6352 [ B4BFB9F068A27062AE8C133354D3E31F ] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
19:43:42.0011 6352 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe - ok
19:43:42.0015 6352 [ E5BC8D93CDCB957146D971647849A154 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
19:43:42.0015 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
19:43:42.0019 6352 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
19:43:42.0019 6352 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
19:43:42.0023 6352 [ E4330FB6560D6CA6BBD8ADDF0056EDB0 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
19:43:42.0023 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll - ok
19:43:42.0027 6352 [ 07F649CD36F266BBE33B814FA678AA43 ] C:\Windows\SysWOW64\mshtml.dll
19:43:42.0027 6352 C:\Windows\SysWOW64\mshtml.dll - ok
19:43:42.0031 6352 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
19:43:42.0031 6352 C:\Program Files\Internet Explorer\ieproxy.dll - ok
19:43:42.0035 6352 [ A5AE40808B72A25379A5499AD9977743 ] C:\Windows\System32\sbe.dll
19:43:42.0035 6352 C:\Windows\System32\sbe.dll - ok
19:43:42.0039 6352 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
19:43:42.0039 6352 C:\Windows\System32\wmpps.dll - ok
19:43:42.0043 6352 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
19:43:42.0043 6352 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
19:43:42.0046 6352 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
19:43:42.0046 6352 C:\Windows\System32\wmpmde.dll - ok
19:43:42.0050 6352 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
19:43:42.0050 6352 C:\Windows\System32\webcheck.dll - ok
19:43:42.0054 6352 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
19:43:42.0054 6352 C:\Windows\System32\mlang.dll - ok
19:43:42.0057 6352 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
19:43:42.0057 6352 C:\Windows\System32\SearchProtocolHost.exe - ok
19:43:42.0061 6352 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
19:43:42.0061 6352 C:\Windows\System32\SyncCenter.dll - ok
19:43:42.0065 6352 [ 0191E738BF521FE6EC567148E73C086B ] C:\Windows\System32\MSVidCtl.dll
19:43:42.0065 6352 C:\Windows\System32\MSVidCtl.dll - ok
19:43:42.0068 6352 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
19:43:42.0069 6352 C:\Windows\System32\msshooks.dll - ok
19:43:42.0073 6352 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
19:43:42.0073 6352 C:\Windows\System32\SearchFilterHost.exe - ok
19:43:42.0077 6352 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
19:43:42.0077 6352 C:\Windows\System32\WinSATAPI.dll - ok
19:43:42.0080 6352 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
19:43:42.0080 6352 C:\Windows\System32\mssph.dll - ok
19:43:42.0084 6352 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
19:43:42.0084 6352 C:\Windows\System32\MSMPEG2ENC.DLL - ok
19:43:42.0089 6352 [ 51EEC863C16DBBC5870D58FBC40F549F ] C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
19:43:42.0089 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll - ok
19:43:42.0092 6352 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
19:43:42.0092 6352 C:\Windows\System32\mapi32.dll - ok
19:43:42.0096 6352 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
19:43:42.0096 6352 C:\Windows\System32\devenum.dll - ok
19:43:42.0100 6352 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
19:43:42.0100 6352 C:\Windows\System32\imapi2.dll - ok
19:43:42.0104 6352 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
19:43:42.0104 6352 C:\Windows\System32\msdmo.dll - ok
19:43:42.0107 6352 [ 44A8B9185030EA57F7999383643ADFFB ] C:\Windows\System32\quartz.dll
19:43:42.0107 6352 C:\Windows\System32\quartz.dll - ok
19:43:42.0111 6352 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
19:43:42.0111 6352 C:\Windows\System32\hgcpl.dll - ok
19:43:42.0115 6352 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
19:43:42.0115 6352 C:\Windows\System32\fdWSD.dll - ok
19:43:42.0118 6352 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
19:43:42.0118 6352 C:\Windows\System32\wbem\wmiprov.dll - ok
19:43:42.0122 6352 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
19:43:42.0122 6352 C:\Windows\System32\fdSSDP.dll - ok
19:43:42.0124 6352 [ D38535978F93F9FC9F28BE6093A87DBE ] C:\Windows\System32\msdri.dll
19:43:42.0124 6352 C:\Windows\System32\msdri.dll - ok
19:43:42.0128 6352 [ 4705E8EF9934482C5BB488CE28AFC681 ] C:\Windows\ehome\ehsched.exe
19:43:42.0128 6352 C:\Windows\ehome\ehsched.exe - ok
19:43:42.0132 6352 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
19:43:42.0132 6352 C:\Windows\System32\IdListen.dll - ok
19:43:42.0136 6352 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
19:43:42.0136 6352 C:\Windows\System32\P2P.dll - ok
19:43:42.0140 6352 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
19:43:42.0140 6352 C:\Windows\System32\hgprint.dll - ok
19:43:42.0143 6352 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
19:43:42.0143 6352 C:\Windows\System32\p2pcollab.dll - ok
19:43:42.0147 6352 [ 10035E4C014522FE740172FF0B4FF43E ] C:\Windows\ehome\ehtray.exe
19:43:42.0147 6352 C:\Windows\ehome\ehtray.exe - ok
19:43:42.0151 6352 [ 73E378D0BEE5EC4C59473E453AA2219F ] C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
19:43:42.0151 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll - ok
19:43:42.0155 6352 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
19:43:42.0155 6352 C:\Windows\SysWOW64\sxs.dll - ok
19:43:42.0159 6352 [ 5CC7AF82752165A2A966BF557E2C7EB5 ] C:\Windows\ehome\ehProxy.dll
19:43:42.0159 6352 C:\Windows\ehome\ehProxy.dll - ok
19:43:42.0163 6352 [ DFFAE10E3A1B0C664B9383B7C1809B0A ] C:\Windows\ehome\ehrec.exe
19:43:42.0163 6352 C:\Windows\ehome\ehrec.exe - ok
19:43:42.0166 6352 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
19:43:42.0166 6352 C:\Windows\System32\fveui.dll - ok
19:43:42.0170 6352 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
19:43:42.0170 6352 C:\Windows\System32\P2PGraph.dll - ok
19:43:42.0174 6352 [ 170233B8D743EFE35F462A5D516B93E3 ] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
19:43:42.0174 6352 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe - ok
19:43:42.0178 6352 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\SysWOW64\gameux.dll
19:43:42.0178 6352 C:\Windows\SysWOW64\gameux.dll - ok
19:43:42.0182 6352 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll
19:43:42.0182 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok
19:43:42.0186 6352 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
19:43:42.0186 6352 C:\Windows\System32\udhisapi.dll - ok
19:43:42.0190 6352 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
19:43:42.0190 6352 C:\Windows\SysWOW64\xmllite.dll - ok
19:43:42.0194 6352 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
19:43:42.0194 6352 C:\Windows\SysWOW64\wer.dll - ok
19:43:42.0197 6352 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
19:43:42.0197 6352 C:\Windows\SysWOW64\MMDevAPI.dll - ok
19:43:42.0201 6352 [ D7962EF035BDF4FFAD9105FF9C30BB93 ] C:\Windows\SysWOW64\aticfx32.dll
19:43:42.0201 6352 C:\Windows\SysWOW64\aticfx32.dll - ok
19:43:42.0205 6352 [ 3D58F13253A749E37852630E9E264A70 ] C:\Windows\SysWOW64\atiu9pag.dll
19:43:42.0205 6352 C:\Windows\SysWOW64\atiu9pag.dll - ok
19:43:42.0208 6352 [ 5DD2F79B31D2FDFDBF22E5CC7B6393B7 ] C:\Windows\SysWOW64\atiumdag.dll
19:43:42.0208 6352 C:\Windows\SysWOW64\atiumdag.dll - ok
19:43:42.0212 6352 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
19:43:42.0212 6352 C:\Windows\System32\drprov.dll - ok
19:43:42.0215 6352 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
19:43:42.0215 6352 C:\Windows\System32\ntlanman.dll - ok
19:43:42.0219 6352 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
19:43:42.0219 6352 C:\Windows\System32\davclnt.dll - ok
19:43:42.0223 6352 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
19:43:42.0223 6352 C:\Windows\System32\davhlpr.dll - ok
19:43:42.0227 6352 [ 3F939395FDB3AA9C2F55F057E21C5400 ] C:\Windows\SysWOW64\atiumdva.dll
19:43:42.0227 6352 C:\Windows\SysWOW64\atiumdva.dll - ok
19:43:42.0231 6352 [ F501EA64D9224CEF306BFDF3BE11F478 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
19:43:42.0231 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll - ok
19:43:42.0235 6352 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
19:43:42.0235 6352 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
19:43:42.0239 6352 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
19:43:42.0239 6352 C:\Windows\System32\riched20.dll - ok
19:43:42.0243 6352 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
19:43:42.0243 6352 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
19:43:42.0247 6352 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
19:43:42.0247 6352 C:\Windows\SysWOW64\nlaapi.dll - ok
19:43:42.0250 6352 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
19:43:42.0250 6352 C:\Windows\SysWOW64\NapiNSP.dll - ok
19:43:42.0254 6352 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
19:43:42.0254 6352 C:\Windows\SysWOW64\pnrpnsp.dll - ok
19:43:42.0258 6352 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
19:43:42.0258 6352 C:\Windows\SysWOW64\winrnr.dll - ok
19:43:42.0261 6352 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll
19:43:42.0262 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok
19:43:42.0265 6352 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
19:43:42.0265 6352 C:\Windows\SysWOW64\devenum.dll - ok
19:43:42.0269 6352 [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\SysWOW64\msdmo.dll
19:43:42.0269 6352 C:\Windows\SysWOW64\msdmo.dll - ok
19:43:42.0273 6352 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
19:43:42.0273 6352 C:\Windows\SysWOW64\avicap32.dll - ok
19:43:42.0277 6352 [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
19:43:42.0277 6352 C:\Windows\SysWOW64\msvfw32.dll - ok
19:43:42.0280 6352 [ 24498D084FAA7A459C91066EC241E1CE ] C:\Windows\SysWOW64\vfwwdm32.dll
19:43:42.0280 6352 C:\Windows\SysWOW64\vfwwdm32.dll - ok
19:43:42.0284 6352 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\SysWOW64\wshqos.dll
19:43:42.0284 6352 C:\Windows\SysWOW64\wshqos.dll - ok
19:43:42.0288 6352 [ 7FDE85776B7A59B5F426262A7719B8C6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\0b01f92505de7e89aeb9a71160c3b4a9\ehCIR.ni.dll
19:43:42.0288 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\0b01f92505de7e89aeb9a71160c3b4a9\ehCIR.ni.dll - ok
19:43:42.0293 6352 [ 020C2F610BE801B9B50AF1BFF4A5B24B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll
19:43:42.0293 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll - ok
19:43:42.0297 6352 [ DB661831A20B7B58995C352F33593F8E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\b3d4face190a4aaff574574d4d8f6f6b\ehiProxy.ni.dll
19:43:42.0297 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\b3d4face190a4aaff574574d4d8f6f6b\ehiProxy.ni.dll - ok
19:43:42.0301 6352 [ 5DCD11D0B1CB71E2B035B30670365C35 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll
19:43:42.0301 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll - ok
19:43:42.0305 6352 [ 6B67544C146BB95819EDA1EB20F4CFB5 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
19:43:42.0305 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll - ok
19:43:42.0310 6352 [ 75131819FDCDA81739B1BE87DFD45F4A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\c241cc03e9b5ac3666acb0e2ab47965b\ehRecObj.ni.dll
19:43:42.0310 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\c241cc03e9b5ac3666acb0e2ab47965b\ehRecObj.ni.dll - ok
19:43:42.0314 6352 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
19:43:42.0314 6352 C:\Windows\SysWOW64\rasapi32.dll - ok
19:43:42.0317 6352 [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\SysWOW64\DWrite.dll
19:43:42.0317 6352 C:\Windows\SysWOW64\DWrite.dll - ok
19:43:42.0321 6352 [ 415565755E342CF2BEFE89B778F6EDFA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\7c3c9c6ffadcac54f468f7db41ece8b8\mcepg.ni.dll
19:43:42.0321 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\7c3c9c6ffadcac54f468f7db41ece8b8\mcepg.ni.dll - ok
19:43:42.0325 6352 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
19:43:42.0325 6352 C:\Windows\System32\dbghelp.dll - ok
19:43:42.0329 6352 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
19:43:42.0329 6352 C:\Windows\SysWOW64\rasman.dll - ok
19:43:42.0333 6352 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
19:43:42.0333 6352 C:\Windows\System32\drivers\spsys.sys - ok
19:43:42.0336 6352 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
19:43:42.0336 6352 C:\Windows\SysWOW64\rtutils.dll - ok
19:43:42.0340 6352 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
19:43:42.0340 6352 C:\Windows\SysWOW64\netprofm.dll - ok
19:43:42.0344 6352 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
19:43:42.0344 6352 C:\Windows\SysWOW64\AudioSes.dll - ok
19:43:42.0348 6352 [ 5C0A02A7121D006F3333B15163785FE5 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
19:43:42.0348 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll - ok
19:43:42.0352 6352 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
19:43:42.0352 6352 C:\Windows\SysWOW64\npmproxy.dll - ok
19:43:42.0356 6352 [ 9383D302F0D95DB0802308CF250727F3 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
19:43:42.0356 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll - ok
19:43:42.0360 6352 [ 781BF72F57CC9E5F85CB109C24D00FDC ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
19:43:42.0360 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
19:43:42.0364 6352 [ 60666289DB3D58D68DCC2C6A54703BC0 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\9a109c70eea14b5006fbce07e1db37b5\mcstore.ni.dll
19:43:42.0365 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\9a109c70eea14b5006fbce07e1db37b5\mcstore.ni.dll - ok
19:43:42.0369 6352 [ 76F39902E25F43FE9450AD3D6A14D0D8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll
19:43:42.0369 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll - ok
19:43:42.0373 6352 [ 18DC0227BDD3966370DEAEC2736FF4BF ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll
19:43:42.0373 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll - ok
19:43:42.0376 6352 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
19:43:42.0376 6352 C:\Windows\System32\cabinet.dll - ok
19:43:42.0379 6352 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
19:43:42.0379 6352 C:\Windows\System32\wuapi.dll - ok
19:43:42.0383 6352 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
19:43:42.0383 6352 C:\Windows\System32\mspatcha.dll - ok
19:43:42.0387 6352 [ 8911702CC546B76FE8F9C61987C68C43 ] C:\Program Files (x86)\Internet Explorer\ielowutil.exe
19:43:42.0387 6352 C:\Program Files (x86)\Internet Explorer\ielowutil.exe - ok
19:43:42.0391 6352 [ 62CBF36E3E10BAA74224BC7A6DD998B5 ] C:\Program Files (x86)\Internet Explorer\ieproxy.dll
19:43:42.0391 6352 C:\Program Files (x86)\Internet Explorer\ieproxy.dll - ok
19:43:42.0395 6352 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
19:43:42.0395 6352 C:\Windows\System32\wups.dll - ok
19:43:42.0399 6352 [ A53B66A443C2B313B12A27A07133594D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\99adaa00da8830c264898b126ad2af54\Microsoft.MediaCenter.UI.ni.dll
19:43:42.0399 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\99adaa00da8830c264898b126ad2af54\Microsoft.MediaCenter.UI.ni.dll - ok
19:43:42.0403 6352 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
19:43:42.0403 6352 C:\Windows\SysWOW64\wscisvif.dll - ok
19:43:42.0407 6352 [ 6CD8C607ABCB85562A23B3EB0045C24E ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.ViewModels.dll
19:43:42.0407 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.ViewModels.dll - ok
19:43:42.0411 6352 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
19:43:42.0411 6352 C:\Windows\System32\drttransport.dll - ok
19:43:42.0414 6352 [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files (x86)\Windows Defender\MpClient.dll
19:43:42.0415 6352 C:\Program Files (x86)\Windows Defender\MpClient.dll - ok
19:43:42.0418 6352 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
19:43:42.0418 6352 C:\Windows\System32\drt.dll - ok
19:43:42.0422 6352 [ 0F76236CB0825B4F03D5053BBC5D5C52 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
19:43:42.0422 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe - ok
19:43:42.0426 6352 [ AF5EF910ED4FA6EB6859A55073D56615 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
19:43:42.0426 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll - ok
19:43:42.0431 6352 [ C30BABC867995C8F11138DD8EC23A468 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\MsgHook.dll
19:43:42.0431 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\MsgHook.dll - ok
19:43:42.0435 6352 [ 62BF9F1DFE29306340D4C14D99C33804 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
19:43:42.0435 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe - ok
19:43:42.0439 6352 [ 6D8D4B0B13690FDD11021BE30DA56D7C ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\FSharp.Core.dll
19:43:42.0439 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\FSharp.Core.dll - ok
19:43:42.0443 6352 [ 6B662645410C82A1C46EE49A8A42A598 ] C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\MsgHook64.dll
19:43:42.0443 6352 C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\MsgHook64.dll - ok
19:43:42.0447 6352 [ 9F049B5452D8394AAD14AAA34B61D302 ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\WPF.ModelsFS.dll
19:43:42.0447 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\WPF.ModelsFS.dll - ok
19:43:42.0451 6352 [ 25280FDB1E2F008577B1D66A99973C4E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\72b219b4add947fa64428f282995e6bb\mcstoredb.ni.dll
19:43:42.0451 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\72b219b4add947fa64428f282995e6bb\mcstoredb.ni.dll - ok
19:43:42.0456 6352 [ D32088C67317F5B64C13352E6EB5FFB1 ] C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
19:43:42.0456 6352 C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll - ok
19:43:42.0459 6352 [ AA61A7047E854A9E914FDD17C2F35675 ] C:\Windows\System32\sqlceoledb30.dll
19:43:42.0459 6352 C:\Windows\System32\sqlceoledb30.dll - ok
19:43:42.0463 6352 [ 551E2A306180F3BB1025341526C8D46B ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
19:43:42.0463 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll - ok
19:43:42.0467 6352 [ 9C75CB8B98610F0CD85D99BB5876308B ] C:\Windows\System32\sqlcese30.dll
19:43:42.0467 6352 C:\Windows\System32\sqlcese30.dll - ok
19:43:42.0471 6352 [ E5744D18C88737C6356D0A8D6D49D512 ] C:\Windows\System32\sqlceqp30.dll
19:43:42.0471 6352 C:\Windows\System32\sqlceqp30.dll - ok
19:43:42.0475 6352 [ DC3E0DFB43ED05FF8290B38E3F94C0DE ] C:\Windows\ehome\ehepgres.dll
19:43:42.0475 6352 C:\Windows\ehome\ehepgres.dll - ok
19:43:42.0479 6352 [ BFFA297BCD072AED1E0D4A6010E7FC69 ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.StringTable.dll
19:43:42.0479 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.StringTable.dll - ok
19:43:42.0483 6352 [ C22EA914C7728046DD0E1A3920F89643 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
19:43:42.0483 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll - ok
19:43:42.0487 6352 [ 6B0001DDCC3B4D860847E373CAA97FD2 ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWC.UtilFS.dll
19:43:42.0487 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWC.UtilFS.dll - ok
19:43:42.0491 6352 [ 6F3E02F5B1A9DCC9B59E6DC80B9671A4 ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.UI.Offers.dll
19:43:42.0491 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.UI.Offers.dll - ok
19:43:42.0495 6352 [ B0A848A66C791872EE70EC11F949031E ] C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
19:43:42.0495 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll - ok
19:43:42.0499 6352 [ 39E9AACC4C5FB3C3C0B12DE6D491553D ] C:\Windows\SysWOW64\WindowsCodecsExt.dll
19:43:42.0499 6352 C:\Windows\SysWOW64\WindowsCodecsExt.dll - ok
19:43:42.0503 6352 [ 60A1C9786C8B5D3A78537E79E1A68466 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
19:43:42.0503 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll - ok
19:43:42.0507 6352 [ A4B3A9FFA483F8CB36E56C19448DDE36 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll
19:43:42.0508 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll - ok
19:43:42.0511 6352 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
19:43:42.0511 6352 C:\Windows\System32\sppwinob.dll - ok
19:43:42.0515 6352 [ 4376A6CEF78882FD1A451503510BD6BF ] C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
19:43:42.0515 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll - ok
19:43:42.0519 6352 [ 45FB05F743E626D9E239E52602CEA041 ] C:\Windows\SysWOW64\msctfui.dll
19:43:42.0519 6352 C:\Windows\SysWOW64\msctfui.dll - ok
19:43:42.0523 6352 [ 9248671CB1043FC2EA93EA617037814C ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.UI.OffersWrapper.dll
19:43:42.0523 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.UI.OffersWrapper.dll - ok
19:43:42.0527 6352 [ 72AB8C3F8AB7B550A896357C9E0896DA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll
19:43:42.0528 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll - ok
19:43:42.0531 6352 [ EBD345E154827DBFC6A77E3F07F63835 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
19:43:42.0531 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe - ok
19:43:42.0535 6352 [ 4AD576CA9E7752A86140ACAEEA3356F5 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
19:43:42.0535 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll - ok
19:43:42.0539 6352 [ 8D44D74079457EE855FFA19DF97D8DD3 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
19:43:42.0540 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll - ok
19:43:42.0543 6352 [ DFA8E7CDFC7A0E6673EC2459D494A67C ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
19:43:42.0543 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe - ok
19:43:42.0547 6352 [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
19:43:42.0547 6352 C:\Windows\System32\sppobjs.dll - ok
19:43:42.0551 6352 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
19:43:42.0551 6352 C:\Windows\SysWOW64\mscms.dll - ok
19:43:42.0555 6352 [ 816B681CC308FAA128EDCB90643DCED7 ] C:\Windows\SysWOW64\icm32.dll
19:43:42.0555 6352 C:\Windows\SysWOW64\icm32.dll - ok
19:43:42.0559 6352 [ 6A3B9E46C41E42E7B8E1479468D892AF ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\Microsoft.Expression.Interactions.dll
19:43:42.0559 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\Microsoft.Expression.Interactions.dll - ok
19:43:42.0563 6352 [ C733EBBDD79892B96C9980EBDC0CA704 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll
19:43:42.0563 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll - ok
19:43:42.0567 6352 [ F7364F71E2094813ED1143EBCE4E17CB ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.UI.DesignData.dll
19:43:42.0567 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\DW.UI.DesignData.dll - ok
19:43:42.0571 6352 [ 77F476E93AE5209BA6700AC3BB306CB1 ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\Microsoft.Maps.MapControl.WPF.dll
19:43:42.0571 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\Microsoft.Maps.MapControl.WPF.dll - ok
19:43:42.0576 6352 [ 65052B72C953D27431F1F208A7B5D103 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
19:43:42.0576 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll - ok
19:43:42.0580 6352 [ 5E774E56C82CB46CF9ADED0DBF9925FC ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\590352c10307d311bf4dc1addb801791\System.Windows.Input.Manipulations.ni.dll
19:43:42.0580 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\590352c10307d311bf4dc1addb801791\System.Windows.Input.Manipulations.ni.dll - ok
19:43:42.0584 6352 [ 78B384261A223EF35D9A0D7D27C949BC ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll
19:43:42.0584 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll - ok
19:43:42.0588 6352 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
19:43:42.0588 6352 C:\Windows\System32\wups2.dll - ok
19:43:42.0592 6352 [ B8A1CE84BD3B7B04E769A8EB52391039 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
19:43:42.0592 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll - ok
19:43:42.0596 6352 [ 38203622E6B7E4638EE991194865B571 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
19:43:42.0596 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll - ok
19:43:42.0601 6352 [ 752A8E13F0E6AA986B6F832E403D9D47 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
19:43:42.0601 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll - ok
19:43:42.0605 6352 [ 1846D197B1D0D4CA21F225D33B8E7BA6 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\7b9e229466be7e0bc584ea7b3de23523\System.Deployment.ni.dll
19:43:42.0605 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\7b9e229466be7e0bc584ea7b3de23523\System.Deployment.ni.dll - ok
19:43:42.0609 6352 [ C264145F107437CBD3B30303733AEE4F ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
19:43:42.0609 6352 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
19:43:42.0613 6352 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
19:43:42.0613 6352 C:\Windows\SysWOW64\mlang.dll - ok
19:43:42.0617 6352 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
19:43:42.0617 6352 C:\Windows\SysWOW64\msimtf.dll - ok
19:43:42.0621 6352 [ 3FC453A0DF75DB13D261ADC02AF7AEDF ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
19:43:42.0621 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll - ok
19:43:42.0625 6352 [ A3FA99A16F10D44EDB7A8C340FA2EE1B ] C:\Windows\SysWOW64\jscript9.dll
19:43:42.0625 6352 C:\Windows\SysWOW64\jscript9.dll - ok
19:43:42.0627 6352 [ 3E69091F9AD8F834D9021C48B9DF65BA ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
19:43:42.0628 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll - ok
19:43:42.0632 6352 [ C8541AECCCA9260DE93C85F214110FA8 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
19:43:42.0632 6352 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
19:43:42.0636 6352 [ D79D19EC66106119DCD45D042C6B5170 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll
19:43:42.0636 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll - ok
19:43:42.0640 6352 [ 758FE6F6C9C08FBAF4902C75361CB9B2 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
19:43:42.0640 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll - ok
19:43:42.0644 6352 [ 11DD35577B2F4E2CDC4791E907CFB394 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
19:43:42.0644 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll - ok
19:43:42.0648 6352 [ E05EC032E30FFE68E19D3A5F0427193D ] C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
19:43:42.0648 6352 C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll - ok
19:43:42.0652 6352 [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\SysWOW64\UIAutomationCore.dll
19:43:42.0652 6352 C:\Windows\SysWOW64\UIAutomationCore.dll - ok
19:43:42.0657 6352 [ EADFC95980BC24DF3C7EE5B2CD38F043 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll
19:43:42.0657 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll - ok
19:43:42.0660 6352 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
19:43:42.0660 6352 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
19:43:42.0664 6352 [ 4E1CF5BA09B0B616090235742FBB6031 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\1e39f1ec3255daf8757e6bb4f6080f95\System.ServiceModel.ni.dll
19:43:42.0665 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\1e39f1ec3255daf8757e6bb4f6080f95\System.ServiceModel.ni.dll - ok
19:43:42.0669 6352 [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\SysWOW64\d2d1.dll
19:43:42.0669 6352 C:\Windows\SysWOW64\d2d1.dll - ok
19:43:42.0672 6352 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
19:43:42.0672 6352 C:\Windows\SysWOW64\dxgi.dll - ok
19:43:42.0676 6352 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\SysWOW64\d3d10_1.dll
19:43:42.0676 6352 C:\Windows\SysWOW64\d3d10_1.dll - ok
19:43:42.0680 6352 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\SysWOW64\d3d10_1core.dll
19:43:42.0680 6352 C:\Windows\SysWOW64\d3d10_1core.dll - ok
19:43:42.0684 6352 [ 3C06536A9AA332E9E0CEBDE5A596822A ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
19:43:42.0684 6352 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok
19:43:42.0688 6352 [ 78B7A3BDA25C90DAA50D36A56A8D1351 ] C:\Windows\SysWOW64\d3d10warp.dll
19:43:42.0688 6352 C:\Windows\SysWOW64\d3d10warp.dll - ok
19:43:42.0692 6352 [ 0C15DB6FF927935F0ECA52FEEA40E6C2 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
19:43:42.0692 6352 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok
19:43:42.0695 6352 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
19:43:42.0696 6352 C:\Windows\SysWOW64\msls31.dll - ok
19:43:42.0699 6352 [ A42131657A11D8CE2B98ADC1BE32ADB3 ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\FParsec.dll
19:43:42.0699 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\FParsec.dll - ok
19:43:42.0703 6352 [ E27BFD5E64783445397E8CCCEB558911 ] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\FParsecCS.dll
19:43:42.0704 6352 C:\Program Files (x86)\The Weather Channel\The Weather Channel App\FParsecCS.dll - ok
19:43:42.0708 6352 [ FD435DF8C9CA7A49CCBF7CD2F7627739 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
19:43:42.0708 6352 C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll - ok
19:43:42.0712 6352 [ F4F1254B5ED27481E7C969E1061764FC ] C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\afab7d95415ec4bf68507d0a6999f6df\SMDiagnostics.ni.dll
19:43:42.0712 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\afab7d95415ec4bf68507d0a6999f6df\SMDiagnostics.ni.dll - ok
19:43:42.0716 6352 [ 5D0E28A22860E487148B2820309C0063 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll
19:43:42.0716 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll - ok
19:43:42.0720 6352 [ B19246777C520FBB7FBE8CBC72EEADE2 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\6e3b230af51086c55c8e84f2d2ab8e8e\System.Runtime.Serialization.ni.dll
19:43:42.0720 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\6e3b230af51086c55c8e84f2d2ab8e8e\System.Runtime.Serialization.ni.dll - ok
19:43:42.0724 6352 [ 4071D132E66ACDA3776F1FEAD19E6E01 ] C:\Windows\SysWOW64\vbscript.dll
19:43:42.0724 6352 C:\Windows\SysWOW64\vbscript.dll - ok
19:43:42.0728 6352 [ 25DEF2EF843275862FFBF55487CEFDDD ] C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_135.ocx
19:43:42.0728 6352 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_135.ocx - ok
19:43:42.0732 6352 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
19:43:42.0732 6352 C:\Windows\SysWOW64\dsound.dll - ok
19:43:42.0735 6352 [ 2572E1F0254E2267E97DE1B15D099EC4 ] C:\Windows\SysWOW64\d3d10.dll
19:43:42.0735 6352 C:\Windows\SysWOW64\d3d10.dll - ok
19:43:42.0739 6352 [ 547F78746F20901C770E8653B242217C ] C:\Windows\SysWOW64\d3d10core.dll
19:43:42.0739 6352 C:\Windows\SysWOW64\d3d10core.dll - ok
19:43:42.0743 6352 [ BD2FBD348EF02F25EB4C6C5844B5AB3A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\c2b4e2e9898fd49a4358a40d7ed80fe2\System.IdentityModel.ni.dll
19:43:42.0743 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\c2b4e2e9898fd49a4358a40d7ed80fe2\System.IdentityModel.ni.dll - ok
19:43:42.0747 6352 [ B439EFB7F218ED0849B4CC2D4A7FE1D3 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\63ba654893f4fc924ff75cf785744150\System.Core.ni.dll
19:43:42.0747 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\63ba654893f4fc924ff75cf785744150\System.Core.ni.dll - ok
19:43:42.0752 6352 [ F58915FD38209E25575F4BDE41B96223 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\c194dc7ab0f9744922aa43b76f3688d2\System.Xml.Linq.ni.dll
19:43:42.0752 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\c194dc7ab0f9744922aa43b76f3688d2\System.Xml.Linq.ni.dll - ok
19:43:42.0756 6352 [ 625D390D5CBA512166571019E5EFECFB ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\98059f32b988a3e2d869e9b3bf56db17\System.Management.ni.dll
19:43:42.0756 6352 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\98059f32b988a3e2d869e9b3bf56db17\System.Management.ni.dll - ok
19:43:42.0760 6352 [ 45375DF47ED4D0535739465105AAABE3 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
19:43:42.0760 6352 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll - ok
19:43:42.0764 6352 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
19:43:42.0764 6352 C:\Windows\System32\wmi.dll - ok
19:43:42.0767 6352 [ 97E0EC3D6D99E8CC2B17EF2D3760E8FC ] C:\Windows\System32\schtasks.exe
19:43:42.0767 6352 C:\Windows\System32\schtasks.exe - ok
19:43:42.0771 6352 [ FC3001B4B9DF50B61F3CCA615759EFE7 ] C:\Windows\System32\PhotoMetadataHandler.dll
19:43:42.0771 6352 C:\Windows\System32\PhotoMetadataHandler.dll - ok
19:43:42.0775 6352 [ 80C834BA6B844C4B717F2465C4E8EC0F ] C:\Windows\System32\WindowsCodecsExt.dll
19:43:42.0775 6352 C:\Windows\System32\WindowsCodecsExt.dll - ok
19:43:42.0779 6352 [ 20ECAC7791DCBA69121631CB627E5A96 ] C:\Windows\System32\mf.dll
19:43:42.0779 6352 C:\Windows\System32\mf.dll - ok
19:43:42.0782 6352 [ DA9648200FC010A6DF004FAC8A775FD9 ] C:\Windows\System32\msfeedssync.exe
19:43:42.0782 6352 C:\Windows\System32\msfeedssync.exe - ok
19:43:42.0786 6352 [ 56336BB69172A2CEE15B2491DB4C70C1 ] C:\Windows\System32\msfeeds.dll
19:43:42.0786 6352 C:\Windows\System32\msfeeds.dll - ok
19:43:42.0789 6352 ============================================================
19:43:42.0789 6352 Scan finished
19:43:42.0789 6352 ============================================================
19:43:42.0798 6344 Detected object count: 8
19:43:42.0798 6344 Actual detected object count: 8
19:46:38.0024 6344 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:38.0024 6344 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:38.0024 6344 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:38.0024 6344 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:38.0026 6344 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:38.0026 6344 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:38.0027 6344 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:38.0027 6344 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:38.0028 6344 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:38.0028 6344 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:38.0030 6344 pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:38.0030 6344 pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:38.0031 6344 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:46:38.0031 6344 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:46:38.0033 6344 WDC_SAM ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:38.0033 6344 WDC_SAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:46:44.0379 4752 Deinitialize success

TDSSKiller Log 2:

19:38:02.0699 6812 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:38:02.0949 6812 ============================================================
19:38:02.0949 6812 Current date / time: 2012/12/15 19:38:02.0949
19:38:02.0949 6812 SystemInfo:
19:38:02.0949 6812
19:38:02.0949 6812 OS Version: 6.1.7601 ServicePack: 1.0
19:38:02.0949 6812 Product type: Workstation
19:38:02.0949 6812 ComputerName: DEE-HP
19:38:02.0949 6812 UserName: Dee
19:38:02.0949 6812 Windows directory: C:\Windows
19:38:02.0949 6812 System windows directory: C:\Windows
19:38:02.0949 6812 Running under WOW64
19:38:02.0949 6812 Processor architecture: Intel x64
19:38:02.0949 6812 Number of processors: 4
19:38:02.0949 6812 Page size: 0x1000
19:38:02.0949 6812 Boot type: Normal boot
19:38:02.0949 6812 ============================================================
19:38:03.0729 6812 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:03.0744 6812 ============================================================
19:38:03.0744 6812 \Device\Harddisk0\DR0:
19:38:03.0744 6812 MBR partitions:
19:38:03.0744 6812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:38:03.0744 6812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72C52800
19:38:03.0744 6812 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72C85000, BlocksNum 0x1A81000
19:38:03.0744 6812 ============================================================
19:38:03.0775 6812 C: <-> \Device\Harddisk0\DR0\Partition2
19:38:03.0807 6812 D: <-> \Device\Harddisk0\DR0\Partition3
19:38:03.0807 6812 ============================================================
19:38:03.0807 6812 Initialize success
19:38:03.0807 6812 ============================================================
19:38:44.0803 6344 Deinitialize success


aswMBR Log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-15 19:53:10
-----------------------------
19:53:10.516 OS Version: Windows x64 6.1.7601 Service Pack 1
19:53:10.516 Number of processors: 4 586 0xA00
19:53:10.516 ComputerName: DEE-HP UserName: Dee
19:53:14.088 Initialize success
20:03:30.483 AVAST engine defs: 12121502
20:03:56.160 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
20:03:56.160 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
20:03:56.176 Disk 0 MBR read successfully
20:03:56.176 Disk 0 MBR scan
20:03:56.176 Disk 0 unknown MBR code
20:03:56.176 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:03:56.191 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940197 MB offset 206848
20:03:56.223 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13570 MB offset 1925730304
20:03:56.254 Disk 0 scanning C:\Windows\system32\drivers
20:04:10.419 Service scanning
20:04:36.923 Modules scanning
20:04:36.923 Disk 0 trace - called modules:
20:04:36.954 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004ec92c0]<<spbu.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:04:36.954 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fc7060]
20:04:36.954 3 CLASSPNP.SYS[fffff88001bc743f] -> nt!IofCallDriver -> [0xfffffa8005e1bac0]
20:04:36.970 \Driver\amd_xata[0xfffffa8004fc6a10] -> IRP_MJ_CREATE -> 0xfffffa8004ec92c0
20:04:36.970 5 amd_xata.sys[fffff88000e8d8b4] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8005e149c0]
20:04:36.970 \Driver\amd_sata[0xfffffa8004fc54c0] -> IRP_MJ_CREATE -> 0xfffffa8004ec72c0
20:04:53.397 AVAST engine scan C:\Windows
20:05:01.259 AVAST engine scan C:\Windows\system32
20:09:53.261 AVAST engine scan C:\Windows\system32\drivers
20:10:09.797 AVAST engine scan C:\Users\Dee
20:27:10.007 AVAST engine scan C:\ProgramData
20:29:06.680 Scan finished successfully
20:40:06.077 Disk 0 MBR has been saved successfully to "C:\Users\Dee\Desktop\MBR.dat"
20:40:06.093 The log file has been saved successfully to "C:\Users\Dee\Desktop\aswMBR.txt"

My computer seems to be hiccuping a lot. It runs fast, then slow. IE32 is still not working properly, though I can get it to go to a couple of different sites it will stop responding after 2-3 pages/links...whatever. I hope you get my drift on the IE. The computer itself like bogs down. Then I clean it with what I have and it will run a little better, but soon messes up again with the speed.
  • 0

#8
gringo_pr
Posted 15 December 2012 - 08:12 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#9
ozzette50
Posted 18 December 2012 - 11:17 AM

ozzette50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ComboFix 12-12-14.01 - Dee 12/16/2012 3:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4303 [GMT -5:00]
Running from: c:\users\Dee\Desktop\ComboFix.exe
Command switches used :: c:\users\Dee\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dee\AppData\Roaming\Roaming
c:\users\Dee\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 09:02 . 2012-12-16 09:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-12-16 09:02 . 2012-12-16 09:02 -------- d-----w- c:\users\Jared\AppData\Local\temp
2012-12-16 09:02 . 2012-12-16 09:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-16 09:02 . 2012-12-16 09:02 -------- d-----w- c:\users\Ethan\AppData\Local\temp
2012-12-16 09:02 . 2012-12-16 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 06:39 . 2012-12-16 06:39 -------- d-----w- c:\program files (x86)\Vampireville
2012-12-16 06:37 . 2012-12-16 06:37 -------- d-----w- c:\program files (x86)\Pirateville
2012-12-16 06:25 . 2008-05-30 19:18 238088 ----a-w- c:\windows\SysWow64\xactengine3_1.dll
2012-12-16 06:24 . 2006-03-31 17:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-12-16 06:23 . 2012-12-16 06:23 -------- d-----w- c:\program files (x86)\Mysteryville 2
2012-12-12 13:47 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 13:47 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 13:47 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 13:47 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 13:47 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 13:47 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 13:47 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-10 01:44 . 2012-12-10 17:31 -------- d-----w- c:\users\Dee\AppData\Roaming\ElementalsTheMagicKey
2012-12-09 22:29 . 2012-12-09 22:29 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-12-07 01:38 . 2012-12-07 01:38 -------- d-----w- c:\users\Dee\AppData\Roaming\Mystery of Mortlake Mansion
2012-12-07 01:22 . 2012-12-07 01:25 -------- d-----w- c:\program files (x86)\Playrix Entertainment
2012-12-05 00:03 . 2012-12-05 00:03 -------- d-----w- c:\users\Dee\AppData\Local\Apple
2012-12-04 01:15 . 2012-12-04 01:15 -------- d-----w- c:\users\Dee\AppData\Roaming\GameMill
2012-12-04 01:15 . 2012-12-04 01:15 -------- d-----w- c:\programdata\GameMill
2012-12-02 20:24 . 2012-12-02 20:24 -------- d-sh--w- c:\windows\ftpcache
2012-12-02 14:35 . 2012-12-02 14:35 -------- d-----w- c:\users\Dee\AppData\Roaming\gogii
2012-12-02 14:35 . 2012-12-02 14:35 -------- d-----w- c:\programdata\gogii
2012-11-30 21:02 . 2012-11-30 21:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-30 21:02 . 2012-11-30 21:02 -------- d-----r- c:\program files (x86)\Skype
2012-11-30 15:52 . 2012-11-30 15:52 -------- d-----w- c:\program files (x86)\Private Eye
2012-11-30 15:52 . 2012-11-30 15:52 -------- d-----w- c:\windows\Private Eye
2012-11-30 15:49 . 2012-11-30 15:49 -------- d-----w- c:\programdata\BVRP Software
2012-11-25 23:12 . 2012-11-25 23:12 -------- d-----w- c:\program files (x86)\Mystery in London
2012-11-24 20:39 . 2012-11-24 20:40 -------- d-----w- c:\users\Dee\AppData\Local\SpookyManor
2012-11-24 20:39 . 2012-11-24 20:39 -------- d-----w- c:\program files (x86)\MumboJumbo
2012-11-24 15:42 . 2012-11-24 15:42 -------- d-----w- c:\users\Dee\AppData\Roaming\AVG2013
2012-11-23 15:29 . 2012-11-23 15:29 -------- d-----w- c:\users\Jared\AppData\Roaming\AVG2013
2012-11-23 14:01 . 2012-11-23 14:01 -------- d-----w- c:\users\Jared\AppData\Roaming\TuneUp Software
2012-11-23 13:58 . 2012-11-23 13:58 -------- d-----w- c:\users\Jared\AppData\Local\MFAData
2012-11-23 13:58 . 2012-11-23 13:58 -------- d-----w- c:\users\Jared\AppData\Local\Avg2013
2012-11-23 13:55 . 2012-11-23 13:55 -------- d-----w- c:\users\Jared\AppData\Local\Macromedia
2012-11-23 13:51 . 2012-11-23 13:51 -------- d-----w- c:\users\Jared\AppData\Roaming\DisplayTune
2012-11-23 13:51 . 2012-11-23 13:51 -------- d-----w- c:\users\Jared\AppData\Roaming\DAEMON Tools Lite
2012-11-19 22:26 . 2012-11-19 22:26 -------- d-----w- c:\users\Dee\AppData\Roaming\SpinTop Games
2012-11-19 22:05 . 2012-11-19 22:05 -------- d-----w- c:\users\Dee\AppData\Roaming\casualArts
2012-11-19 22:05 . 2012-11-19 22:05 -------- d-----w- c:\programdata\casualArts
2012-11-19 22:04 . 2012-11-19 22:04 -------- d-----w- c:\program files (x86)\Mystery Murders - Jack the Ripper
2012-11-19 21:54 . 2012-11-19 21:54 -------- d-----w- c:\program files (x86)\Foxy Games
2012-11-18 23:54 . 2012-11-18 23:54 -------- d-----w- c:\users\Dee\AppData\Roaming\Boolat Games
2012-11-17 20:41 . 2012-12-11 00:19 -------- d-----w- c:\program files (x86)\Home Sweet Home Christmas Edition
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 04:21 . 2011-06-02 13:07 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-12-13 03:53 . 2011-03-02 00:52 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 01:24 . 2012-03-29 12:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:24 . 2011-05-19 12:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-02 01:34 . 2012-11-02 01:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 11:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:14 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 18:17 . 2012-11-15 14:36 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 14:36 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 14:36 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 14:36 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 13:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 14:36 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 14:36 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 14:36 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 14:36 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 14:36 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 14:36 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 14:36 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 14:36 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 14:36 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 14:36 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 14:36 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 23:54 . 2011-03-18 12:57 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 14:36 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 14:36 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 16:13 . 2011-04-13 16:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 16:13 . 2011-03-09 00:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-11-24 13105848]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-04-06 393216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2009-03-03 694824]
"DT HWP"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-11-01 121648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2011-3-23 237568]
MiMedia.lnk - c:\program files\MiMedia LLC\MiMedia\MiMedia.exe [N/A]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-02 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R4 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R4 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-01 834544]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-02 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-04-02 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-04-02 441344]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-27 113456]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 01:24]
.
2012-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2375802078-1423229213-3210898512-1001Core.job
- c:\users\Dee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-13 22:30]
.
2012-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2375802078-1423229213-3210898512-1001UA.job
- c:\users\Dee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-13 22:30]
.
2012-12-07 c:\windows\Tasks\HPCeeScheduleForDee.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"lxbkbmgr.exe"="c:\program files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-04-03 2727936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\aggtq3yt.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62133&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{5f34d357-5ffb-447d-b29e-88c0e8ccf6dd} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
SafeBoot-27779827.sys
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
ShellIconOverlayIdentifiers-{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7} - (no file)
ShellIconOverlayIdentifiers-{FAD5EA38-2D1D-485D-9B07-D35EB72B922E} - (no file)
ShellIconOverlayIdentifiers-{69DE75F6-60E6-4E55-B416-171941A5C73E} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DFX - c:\program files (x86)\DFX\uninstall.exe
AddRemove-NiBiRu_is1 - c:\program files (x86)\JoWood\Nibiru\unins000.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2375802078-1423229213-3210898512-1001\Software\SecuROM\License information*]
"datasecu"=hex:6c,39,6e,f6,34,6b,e7,21,83,a9,bc,ba,50,f9,de,2b,c2,06,4f,eb,cf,
1e,87,15,9e,81,ba,8d,7a,f4,a5,a0,87,8e,b0,51,f2,aa,0f,bd,7d,b6,30,a8,42,79,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-16 04:16:27
ComboFix-quarantined-files.txt 2012-12-16 09:16
ComboFix2.txt 2012-12-13 21:12
.
Pre-Run: 645,493,432,320 bytes free
Post-Run: 645,572,988,928 bytes free
.
- - End Of File - - 5AB715B67880966FD33B53CF5319F7AF


My computer is running very slowly. I don't know how long it will take to get all my settings etc back. But, after a few hiccups after all the scans, it is now running fine with no problems, just slow. I keep cleaning with the Windows tools, but you failed to answer my question about my ATF Cleaner, so I have no effective cleaning program to use with my procedure and none to use to cleanup quickly during use. So, although I clean it with the Windows Cleanup and browser history cleaners, it does not seem to be as effective.
  • 0

#10
gringo_pr
Posted 18 December 2012 - 01:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

Advertisements

#11
ozzette50
Posted 20 December 2012 - 09:37 AM

ozzette50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Adventure Anniversary Pack
AfterShocked! 1.20
Agatha Christie - And Then There Were None
AGEIA PhysX v7.09.13
Al Emmo and the Lost Dutchmans Mine
Alan Wake version 1.0
AMD VISION Engine Control Center
American McGee's Alice™
Amnesia - The Dark Descent
Ancient Mysteries
Apple Application Support
Apple Software Update
Application Profiles
ArcSoft Funhouse
ArcSoft Software Suite
Art Explosion Greeting Card Factory Express
Back to the Future The Game - Episode 1
Barrow Hill
Big Fish Games: Game Manager
Bing Bar
Black Mirror 2
Black Mirror 3
Blio
Caribbean Explorer 1.0.0.9
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chez Apa
CyberLink DVD Suite Deluxe
D3DX10
DAEMON Tools Lite
Dark Fall : The Journal
Dark Fall Lost Souls
Dark Tales 2 Edgar Allan Poes The Black Cat Collectors Edition 1.00
DFX
dino2
Dracula Origin
DVD Menu Pack for HP MediaSmart Video
Easy Solve
Elementals - The Magic Key
Escape from Monkey Island
Fable - The Lost Chapters
Facebook Video Calling 1.2.0.287
GE MiniCam Pro
GOM Player
Google Earth Plug-in
Google Update Helper
Gray Matter
Greeting Card Factory Photo Card Maker
Hallmark Card Studio 2009
Hawaiian Explorer Pearl Harbor 1.0.0.30
Herod's Lost Tomb
Hewlett-Packard ACLM.NET v1.1.1.0
Hidden Expedition Titanic (remove only)
Hitchcock - The Final Cut
HP Customer Experience Enhancements
HP Display Assistant
HP Display LiteSaver
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Product Detection
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
IsoBuster 2.8.5
Java Auto Updater
Java™ 6 Update 29
John Saul's Blackstone Chronicles
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Full)
Kobo
LightScribe System Software
Little Big Adventure 2
Lost Horizon
Lost Secrets Bermuda Triangle
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Compact Framework 2.0 SP1
Microsoft Application Compatibility Toolkit 5.6
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Picture It! Photo Premium 9
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Midnight Mysteries - The Edgar Allan Poe Conspiracy
Monkey Island 2 LeChucks Revenge Special Edition
Mortimer Beckett and the Secrets of Spooky Manor
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - 13th Skull Collectors Edition
Mystery Case Files - Dire Grove Collector's Edition
Mystery Case Files - Huntsville (remove only)
Mystery Case Files - Madame Fate 1.00
Mystery Case Files - Ravenhearst 1.00
Mystery Case Files 8- Escape from Ravenhearst CE
Mystery Case Files: Prime Suspects
Mystery in London (remove only)
Mystery Murders - Jack the Ripper ~ Just For Fun Games
Mystery of Mortlake Mansion
Mysteryville 2
Mystic Diary - Lost Brother 1.00
Nancy Drew - The Captive Curse
Nancy Drew - Curse of Blackmoor Manor (remove only)
Nancy Drew: Alibi in Ashes
Nancy Drew: Ghost Dogs of Moon Lake
Nancy Drew: Message in a Haunted Mansion
Nancy Drew: Ransom of the Seven Ships
NiBiRu
OpenAL
Out Of Order
PDF Complete Special Edition
PictureMover
Pirateville
Pivot Software
PlayReady PC Runtime x86
PressReader
Private Eye
QuickTime
RAD Video Tools
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
Scratches Director's Cut
ScummVM 1.4.1
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Silent Hill
Silent Hill 2
Skype™ 6.0
Spirit Of Wandering
Still Life 2
StillLife
Strange Cases The Lighthouse Mystery Collectors Edition 1.00
swMSM
Syberia
System Requirements Lab
Tales of Monkey Island
The Black Mirror 1.0
The Hardy Boys - The Perfect Crime 1.00
The Lost Crown Uninstaller
The Weather Channel App
Twisted - A Haunted Carol
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Vampireville
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Zinio Reader 4
  • 0

#12
gringo_pr
Posted 20 December 2012 - 12:15 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Java™ 6 Update 29
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#13
gringo_pr
Posted 22 December 2012 - 10:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#14
ozzette50
Posted 23 December 2012 - 06:02 PM

ozzette50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Gringo. No, I haven't quit. I am coming, it has just been a couple of very busy days. I will get these scans and such done and up by tomorrow. I have gotten through CCleaner so far. I am also not downloading anything unknown or going anywhere I shouldn't at all until we are done. At least I am trying. I added a couple of games but hopefully they weren't too damaging even if they were from IWIN originally, they came from the store on CD. I am going to get busy on the MBAM now. ;)
  • 0

#15
ozzette50
Posted 23 December 2012 - 06:49 PM

ozzette50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
First the problems: with the Revo installer. For the Bing Bar it said that there were still pieces left that needed removed with a more thorough process (Advanced Mode was recommended, but I did not do it yet). My IE 32 is still not working properly. Google does not respond and many other sites as well. That or it can't handle a couple of mouse clicks in a row because it just keeps saying that dreaded "not responding" :( I also seem to be having a problem with link hijacks or something. Occasionally, like today, I clicked on the Hijack this download button and this is what I got: HP Display Assistant.Ink.exe. This has happened before on CNet. The program is sitting in downloads, I did not click on it but for a second and then canceled when I looked at the file name (sorry for the automatic clicks on those prompts ;) It didn't even hardly start to open) I reloaded from the direct link and it did not do it again. I even went back and did it the other way, looking for a link that advertised it that I may have inadvertently hit, but I know I clicked on the download Hijack This button. :( Anyway, here's my logs:


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dee :: DEE-HP [administrator]

12/23/2012 7:06:47 PM
mbam-log-2012-12-23 (19-06-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 285570
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:33:27 PM, on 12/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnpstd3.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Portrait Displays\HP Display Assistant\DTHtml.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Dee\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HWP] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HWP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.syste...ent_4.5.1.0.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.syste...ri_4.4.26.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11442 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP