[Kabouterke]

Hello everyone,

Every other week, I run a few diagnostic programs just to keep an eye on how my computer is functioning.

This time, RogueKiller found something that I had never seen before (I believe).  I will put the log below. Could anyone please tell me if I should be concerned about any of the following?

 

Thanks, guys!
______________________________________________________

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.co...es/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Scan -- Date : 05/04/2014 15:58:46

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (Unknown @ 0x89E8C374)

[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x89EA4C64)

[Address] SSDT[47] : NtCreateProcess @ 0x805D1280 -> HOOKED (Unknown @ 0x89F2443C)

[Address] SSDT[48] : NtCreateProcessEx @ 0x805D11CA -> HOOKED (Unknown @ 0x89E386DC)

[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x8A630154)

[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x8A363D84)

[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x8A3E2DD4)

[Address] SSDT[63] : NtDeleteKey @ 0x80624706 -> HOOKED (Unknown @ 0x89E3CB44)

[Address] SSDT[65] : NtDeleteValueKey @ 0x806248D6 -> HOOKED (Unknown @ 0x8A5B6FA4)

[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x8A3E2E14)

[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89EA4CA4)

[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x89EBF354)

[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x8A5B6F64)

[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x88B59E5C)

[Address] SSDT[192] : NtRenameKey @ 0x80623C8C -> HOOKED (Unknown @ 0x8A0F4FCC)

[Address] SSDT[204] : NtRestoreKey @ 0x80625C4A -> HOOKED (Unknown @ 0x8A0F4F8C)

[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x8A630194)

[Address] SSDT[247] : NtSetValueKey @ 0x806227DC -> HOOKED (Unknown @ 0x89E3CB84)

[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x89EAF84C)

[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x89E6D244)

[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x8A363DC4)

[Address] Shadow SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x8A5D22E4)

[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A5D86BC)

[Address] IAT @explorer.exe (LoadLibraryExA) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961AC0)

[Address] IAT @explorer.exe (LoadLibraryExW) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961B30)

[Address] IAT @explorer.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961A00)

[Address] IAT @explorer.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961A60)

[Address] IAT @explorer.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961CD0)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HTS541060G9SA00 +++++

--- User ---

[MBR] 212bddfe3408d5bbb54337ab6e469e78

[BSP] bde6832fef3a5a0e4415328128763826 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57223 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_05042014_155846.txt >>

 

 

 

 

[Advertisements]

Hello and Welcome on board Kabouterke ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

• Removing Malware is usually very difficult.
  We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
• Please follow these instructions
  If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
• Please stay in contact with me until your problem is resolved
  As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
• Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
  Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
• Read my post completely
  If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

 

We will fix that later with OTL (what RogueKiller found).

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

• Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
  

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  qmgr.dll
  mpsvc.dll
  winsock.*
  rpcss.dll
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT

  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
• Open on the desktop. To do that:
  • XP users: Double click on the OTL icon.
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
• Make sure all other windows are closed.
  • You will see a console like the one below:
    
    
    • Click the box beside Scan All Users at the top of the console
    • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Make sure that Use Safe List is checked under Extra Registry.
    • Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
    • Click the button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop.
    • Please copy the contents of these files and paste it into your reply. To do that:
      • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
      • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
    • Please do the same for the Extras.txt

Then,

Please download aswMBR from one of the links below and save it to your Desktop.
 
Download Mirror #1

• Right-click on aswMBR.exe and select Run as Administrator.
• Click Yes when asked to download the Avast! definitions.
• Click Scan to initiate the scan.
• When the scan finishes, click Save Log and save this to your Desktop.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

[Machiavelli]

Hello and Welcome on board Kabouterke ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

• Removing Malware is usually very difficult.
  We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
• Please follow these instructions
  If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
• Please stay in contact with me until your problem is resolved
  As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
• Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
  Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
• Read my post completely
  If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

 

We will fix that later with OTL (what RogueKiller found).

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

• Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
  

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  qmgr.dll
  mpsvc.dll
  winsock.*
  rpcss.dll
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT

  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
• Open on the desktop. To do that:
  • XP users: Double click on the OTL icon.
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
• Make sure all other windows are closed.
  • You will see a console like the one below:
    
    
    • Click the box beside Scan All Users at the top of the console
    • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Make sure that Use Safe List is checked under Extra Registry.
    • Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
    • Click the button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop.
    • Please copy the contents of these files and paste it into your reply. To do that:
      • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
      • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
    • Please do the same for the Extras.txt

Then,

Please download aswMBR from one of the links below and save it to your Desktop.
 
Download Mirror #1

• Right-click on aswMBR.exe and select Run as Administrator.
• Click Yes when asked to download the Avast! definitions.
• Click Scan to initiate the scan.
• When the scan finishes, click Save Log and save this to your Desktop.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

[Machiavelli]

Are you still with me?

[Machiavelli]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Machiavelli]

User returned.

[Kabouterke]

Okay here we go:

 

1.
 

OTL logfile created on: 5/10/2014 11:01:10 PM - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.14% Memory free

3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.95% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 9.00 Gb Free Space | 16.11% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: LAPSTU02 | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/05/10 22:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

PRC - [2014/04/09 11:36:52 | 001,171,000 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe

PRC - [2014/02/19 19:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

PRC - [2012/07/23 16:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe

PRC - [2012/07/20 15:08:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2012/05/14 03:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

PRC - [2011/03/26 07:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\mgmtagnt.exe

PRC - [2011/03/26 07:13:10 | 000,049,808 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\eTray.exe

PRC - [2011/01/14 15:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe

PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 09:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

PRC - [2003/06/24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/01 10:53:28 | 000,499,712 | ---- | M] () -- C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll

MOD - [2011/03/26 07:13:10 | 000,081,991 | ---- | M] () -- C:\Program Files\netinst\zlib1.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2014/02/19 19:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)

SRV - [2013/10/12 18:00:06 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/23 16:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)

SRV - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)

SRV - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2011/03/26 07:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) [Auto | Running] -- C:\Program Files\netinst\mgmtagnt.exe -- (esiCore)

SRV - [2011/01/14 15:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)

SRV - [2008/04/14 09:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2008/04/14 09:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/08/06 15:13:30 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)

DRV - [2012/07/17 13:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)

DRV - [2012/07/17 13:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2012/07/17 13:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)

DRV - [2012/04/20 01:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2012/04/20 01:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2012/04/13 10:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2011/01/14 15:58:36 | 000,087,744 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SWIPsec.sys -- (SWIPsec)

DRV - [2010/12/07 14:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2010/12/06 09:46:24 | 000,135,256 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2010/10/07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)

DRV - [2010/06/02 15:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2010/06/02 15:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2010/06/02 15:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2010/02/11 10:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010/01/23 11:55:28 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWVNIC.sys -- (SWVNIC)

DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 75 E1 CA F5 1D CF 01  [binary data]

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0

FF - prefs.js..network.proxy.backup.ftp: ""

FF - prefs.js..network.proxy.backup.ftp_port: ""

FF - prefs.js..network.proxy.backup.socks: ""

FF - prefs.js..network.proxy.backup.socks_port: ""

FF - prefs.js..network.proxy.backup.ssl: ""

FF - prefs.js..network.proxy.backup.ssl_port: ""

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2013/10/06 14:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2013/10/12 18:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\extensions

[2013/10/12 18:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/10/12 18:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/10/12 18:00:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\

CHR - Extension: Google Drive = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\

CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\

CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\

CHR - Extension: Google Calendar = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\

CHR - Extension: Google Wallet = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Unblock Youku = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.11.13_0\

CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2008/04/14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NetInstall NiTray] C:\Program Files\NetInst\eTray.exe (FrontRange Solutions Deutschland GmbH)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" File not found

O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\user\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=4cccfed887a147d2b781d15094ece268-4f91cceeeb6cc401c9dd67115e9483cb543a03b1 /CMPID=0214c File not found

O4 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008..\Run: [Spotify Web Helper] C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D59FB1F9-4EAF-465D-85A9-95FE34C6A31A}: DhcpNameServer = 172.20.10.1

O20 - AppInit_DLLs: (c:\progra~1\netinst\niamh.dll) - c:\Program Files\netinst\NiAMH.dll (FrontRange Solutions Deutschland GmbH)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found

O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/07/23 11:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/05/10 22:58:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2014/05/10 17:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RK_Quarantine

[2014/04/30 23:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\PhD

[2014/04/30 19:59:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2014/04/30 18:55:05 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll

[2014/04/29 13:50:50 | 001,682,336 | ---- | C] (ESET) -- C:\Documents and Settings\user\Desktop\eset_nod32_antivirus_live_installer.exe

[2014/04/29 13:08:43 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe

[2014/04/29 12:36:05 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll

[2014/04/28 15:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Brorsoft

[2014/04/17 10:49:21 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/04/17 10:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/04/17 10:48:40 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2014/04/17 10:48:40 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2014/04/17 10:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/04/17 10:48:11 | 017,305,616 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\user\Desktop\mbam-setup-2.0.1.1004 (1).exe

[2014/04/14 23:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\uTorrent

[2014/04/12 16:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Apple Computer

[2014/04/12 16:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Apple Computer

[2014/04/12 16:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2014/04/12 16:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2014/04/12 16:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2014/04/12 16:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2014/04/12 16:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2014/04/12 16:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Apple

[2014/04/12 16:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2014/04/12 16:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2014/04/12 16:25:37 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll

[2014/04/12 16:25:37 | 000,018,944 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\drivers\netaapl.sys

[2014/04/12 16:25:19 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll

[2014/04/12 16:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2014/04/12 16:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2014/04/12 16:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/05/10 23:03:17 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1008UA.job

[2014/05/10 22:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2014/05/10 22:27:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/10 22:03:36 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2014/05/10 22:03:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/10 22:03:12 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job

[2014/05/10 22:03:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/05/10 22:03:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/05/10 15:03:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1008Core.job

[2014/05/10 12:33:04 | 001,316,991 | ---- | M] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe

[2014/05/08 15:00:02 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job

[2014/05/06 16:54:09 | 000,349,528 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Primo by Ex Libris.htm

[2014/05/06 09:37:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/05/03 20:26:56 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat

[2014/05/02 17:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys

[2014/04/30 18:55:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2014/04/30 18:55:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2014/04/30 18:55:26 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2014/04/30 10:13:01 | 006,022,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2014/04/29 13:50:58 | 001,682,336 | ---- | M] (ESET) -- C:\Documents and Settings\user\Desktop\eset_nod32_antivirus_live_installer.exe

[2014/04/29 13:09:04 | 003,972,608 | ---- | M] () -- C:\Documents and Settings\user\Desktop\RogueKiller.exe

[2014/04/29 13:08:47 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe

[2014/04/21 09:57:18 | 000,543,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2014/04/21 09:57:18 | 000,098,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2014/04/17 10:48:49 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/04/17 10:48:39 | 017,305,616 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\user\Desktop\mbam-setup-2.0.1.1004 (1).exe

[2014/04/12 16:28:35 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/05/10 12:32:45 | 001,316,991 | ---- | C] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe

[2014/05/06 16:54:03 | 000,349,528 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Primo by Ex Libris.htm

[2014/04/30 18:55:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf

[2014/04/30 18:55:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2014/04/29 13:08:56 | 003,972,608 | ---- | C] () -- C:\Documents and Settings\user\Desktop\RogueKiller.exe

[2014/04/17 10:48:49 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/04/12 16:28:35 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2014/04/12 16:25:51 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

[2014/03/10 01:50:07 | 000,326,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-1500820517-1417001333-1008-0.dat

[2014/02/09 23:13:18 | 000,000,407 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2014/01/25 15:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2013/11/23 23:21:03 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/10/06 15:59:21 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat

[2013/04/30 16:41:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2013/04/30 16:41:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2013/03/20 14:43:22 | 000,224,690 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/07/23 20:58:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2012/07/23 20:58:15 | 000,543,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2012/07/23 20:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2012/07/23 20:58:15 | 000,098,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2012/07/23 20:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2012/07/23 20:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2012/07/23 20:58:13 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2012/07/23 20:58:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2012/07/23 20:58:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2012/07/23 20:58:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2012/07/23 20:57:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2012/07/23 20:57:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2012/07/23 20:57:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2012/07/23 20:57:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2012/07/23 20:57:20 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/07/23 16:49:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll

[2012/07/23 14:47:01 | 000,009,074 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2012/07/23 13:05:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2012/07/23 13:04:45 | 000,218,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/23 11:26:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/07/23 11:17:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/23 11:12:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/07/23 11:12:07 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2012/07/23 11:12:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2012/07/23 11:12:07 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

 

========== ZeroAccess Check ==========

 

[2012/07/23 15:04:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 09:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2014/01/13 12:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Dropbox

[2013/12/19 15:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Spotify

[2012/07/23 17:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SAS

[2014/04/12 16:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/04/30 16:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel

[2013/02/03 17:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS

[2013/04/30 16:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS

[2014/03/06 12:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software

[2014/04/28 15:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Brorsoft

[2013/12/21 00:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox

[2014/03/09 12:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software

[2013/12/04 21:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SAS

[2014/05/10 18:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spotify

[2013/12/15 03:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SPSSInc

[2014/05/05 22:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

========== Base Services ==========

SRV - [2008/04/14 09:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)

SRV - [2008/04/14 09:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)

SRV - [2008/04/14 09:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)

SRV - [2012/07/06 15:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)

SRV - [2008/04/14 09:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)

SRV - [2008/04/14 09:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)

SRV - [2009/04/20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)

SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)

SRV - [2008/04/14 09:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)

SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)

SRV - [2008/04/14 09:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2008/04/14 09:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)

SRV - [2008/04/14 09:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)

SRV - [2008/04/14 09:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)

SRV - [2008/04/14 09:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)

SRV - [2008/04/14 09:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)

SRV - [2008/04/14 09:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)

SRV - [2008/04/14 09:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)

SRV - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)

SRV - [2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)

SRV - [2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)

SRV - [2008/04/14 09:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)

SRV - [2008/04/14 09:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)

SRV - [2008/04/14 09:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)

SRV - [2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)

SRV - [2008/04/14 09:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)

SRV - [2008/04/14 09:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)

SRV - [2008/04/14 09:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)

SRV - [2008/04/14 09:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)

SRV - [2010/08/27 07:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)

SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)

SRV - [2008/04/14 09:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)

SRV - [2008/04/14 09:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)

SRV - [2008/04/14 09:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)

SRV - [2008/04/14 09:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)

SRV - [2008/04/14 09:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)

SRV - [2009/07/28 01:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)

SRV - [2008/04/14 09:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)

SRV - [2008/04/14 09:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)

SRV - [2008/04/14 09:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)

SRV - [2008/04/14 09:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)

SRV - [2008/04/14 09:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)

SRV - [2008/04/14 09:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)

SRV - [2009/02/09 14:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)

SRV - [2008/04/14 09:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)

SRV - [2008/04/14 09:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)

SRV - [2009/06/10 08:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

 

< %SYSTEMDRIVE%\*.exe >

 

< MD5 for: EXPLORER.EXE  >

[2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

 

< MD5 for: QMGR.DLL  >

[2008/04/14 09:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll

[2008/04/14 09:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

 

< MD5 for: RPCSS.DLL  >

[2008/04/14 09:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll

[2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll

[2009/02/09 14:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll

[2009/02/09 12:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

 

< MD5 for: SERVICES  >

[2008/04/14 09:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

 

< MD5 for: SERVICES.CFG  >

[2010/11/10 12:49:34 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg

 

< MD5 for: SERVICES.DAT  >

[2013/12/05 03:18:55 | 000,010,240 | ---- | M] () MD5=1D1FC65D03665DB6B6FDCA91DA7567A9 -- C:\Documents and Settings\user\Application Data\Adobe\Acrobat\10.0\Security\services.dat

[2014/04/06 06:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Documents and Settings\user\Local Settings\Temp\jrt\services.dat

 

< MD5 for: SERVICES.EXE  >

[2009/02/06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2008/04/14 09:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

 

< MD5 for: SERVICES.LNK  >

[2014/02/09 17:16:51 | 000,001,602 | ---- | M] () MD5=5DA34C0B868E40A78F42F55D05581449 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

 

< MD5 for: SERVICES.MSC  >

[2008/04/14 09:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

 

< MD5 for: SERVICES.XML  >

[2011/05/18 23:26:52 | 000,000,975 | ---- | M] () MD5=0D2006133FE620F741B2193AE9B4A66E -- C:\Program Files\SASHome\InstallMisc\utilities\installqual\9.3\Services.xml

[2011/05/26 04:56:44 | 000,000,682 | ---- | M] () MD5=DCB7126E8D7502445187ED4266496724 -- C:\Program Files\SASHome\SASFoundation\9.3\dtest\sasoq\Services.xml

 

< MD5 for: SERVICES.XML.ORIG  >

[2011/05/26 04:24:04 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\storprocsrv\config\StoredProcessServer\dtest\StoredProcessServer\Services.xml.orig

[2011/05/26 04:24:06 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\workspacesrv\config\WorkspaceServer\dtest\WorkspaceServer\Services.xml.orig

[2011/05/26 04:24:06 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\workspacpool\config\PooledWorkspaceServer\dtest\PooledWorkspaceServer\Services.xml.orig

[2011/05/26 04:24:02 | 000,000,596 | ---- | M] () MD5=A1DE8AF6D4FF2816BB828832689A556F -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\olapcubesrv\config\OLAPServer\dtest\OLAPServer\Services.xml.orig

 

< MD5 for: SVCHOST.EXE  >

[2008/04/14 09:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe

[2008/04/14 09:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

 

< MD5 for: USERINIT.EXE  >

[2008/04/14 09:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/14 09:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: WINLOGON.EXE  >

[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

[2008/04/14 09:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/14 09:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

 

< MD5 for: WINSOCK.DLL  >

[2008/04/14 09:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll

[2008/04/14 09:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

 

< dir "%systemdrive%\*" /S /A:L /C >

 Volume in drive C has no label.

 Volume Serial Number is 0AF3-9CDC

 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices

02/12/2014  07:49 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a

               0 File(s)              0 bytes

 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote

02/12/2014  07:49 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a

               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices

02/12/2014  07:53 PM    <JUNCTION>     v4.0_4.0.0.0__b03f5f7f11d50a3a

               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler

02/12/2014  07:46 PM    <JUNCTION>     v4.0_4.0.0.0__31bf3856ad364e35

               0 File(s)              0 bytes

     Total Files Listed:

               0 File(s)              0 bytes

               4 Dir(s)   9,629,749,248 bytes free

\

< End of report >

_______________________________________________________________________________________
2. No extras.txt files was generated.  Searched on computer and doesn't exist.

______________________________________

3. aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2014-05-11 00:08:37

-----------------------------

00:08:37.374    OS Version: Windows 5.1.2600 Service Pack 3

00:08:37.374    Number of processors: 2 586 0xE08

00:08:37.374    ComputerName: LAPSTU02  UserName: user

00:08:38.015    Initialize success

00:09:36.687    AVAST engine defs: 14051001

00:29:34.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

00:29:34.140    Disk 0 Vendor: HTS541060G9SA00 MB3IC60R Size: 57231MB BusType: 3

00:29:34.343    Disk 0 MBR read successfully

00:29:34.343    Disk 0 MBR scan

00:29:34.421    Disk 0 Windows XP default MBR code

00:29:34.437    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        57223 MB offset 2048

00:29:34.468    Disk 0 scanning sectors +117195120

00:29:34.624    Disk 0 scanning C:\WINDOWS\system32\drivers

00:30:05.765    Service scanning

00:30:56.484    Service TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32

00:30:56.968    Service TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32

00:31:01.624    Service VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32

00:31:05.905    Modules scanning

00:31:23.437    Disk 0 trace - called modules:

00:31:23.452    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 

00:31:23.452    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a65fab8]

00:31:23.452    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000085[0x8a69d030]

00:31:23.452    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6a1030]

00:31:24.343    AVAST engine scan C:\WINDOWS

00:32:05.343    AVAST engine scan C:\WINDOWS\system32

00:40:44.046    AVAST engine scan C:\WINDOWS\system32\drivers

00:41:15.921    AVAST engine scan C:\Documents and Settings\user

01:12:48.609    AVAST engine scan C:\Documents and Settings\All Users

01:13:53.046    Scan finished successfully

03:40:33.812    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"

03:40:33.890    The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"

 

What's next, chief?  

[Machiavelli]

Hey,
your logs look really good. Just a little OTL Fix, then try to delete Adware (if Adware exists) and just a double check for RootKits.3


Step 1: RogueKiller Fix

Download RogueKiller from one of the following links and save it to your desktop:

• Link 1
• Link 2
  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click the Delete button.
  • Copy and paste the report that opens into your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete

Step 2: OTL Fix

• Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
• Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
  
  
  

  :Commands
  [CREATERESTOREPOINT]
  
  :OTL
  FF - prefs.js..network.proxy.backup.ftp: ""
  FF - prefs.js..network.proxy.backup.ftp_port: ""
  FF - prefs.js..network.proxy.backup.socks: ""
  FF - prefs.js..network.proxy.backup.socks_port: ""
  FF - prefs.js..network.proxy.backup.ssl: ""
  FF - prefs.js..network.proxy.backup.ssl_port: ""
  FF - user.js - File not found
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
  O4 - HKLM..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" File not found
  O4 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\user\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=4cccfed887a147d2b781d15094ece268-4f91cceeeb6cc401c9dd67115e9483cb543a03b1 /CMPID=0214c File not found
  
  :Commands
  [EMPTYTEMP]
  

• Click the Run Fix button.
• After your computer has rebooted, post the Fixlog into your next reply.

Step 3: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

• Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
• Click Scan and let the scan run.
• When it finishes, click Clean, following the on screen prompts
• After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Step 4: Junkware Removal Tool

  Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 5: OTL QuickScan

• Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
• Click Quick Scan to start OTL.
• When OTL finishes scanning, a logs, OTL.txt will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Step 6: TDSSKiller
 
Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 7: Question
 
How is your PC running?

[Kabouterke]

B/c of diff. in time zones (Western European time, here), I will do these tomorrow morning and report the logs here.  Just wanted to let you know that they're on the way!
 

[Machiavelli]

OK

[Kabouterke]

Okay, I've got the logs... but every time I try to send them, it gets stuck because the post is too big.  Is there anyway that I can attach it to the posts?

[Machiavelli]

Yes, please click on More Reply Options , then on Choose Files.

[Kabouterke]

Beautiful. Okay, here you are!  Sorry again that I couldn't put it directly in the discussion!

Btw, my computer seems to running smoother/quicker.

Okay, I've got the logs... I hope I haven't forgotten anything. Here we go:

1. Rogue killer -
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 05/13/2014 11:56:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (Unknown @ 0x8A572B84)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x89E8C7CC)
[Address] SSDT[47] : NtCreateProcess @ 0x805D1280 -> HOOKED (Unknown @ 0x8A56DFA4)
[Address] SSDT[48] : NtCreateProcessEx @ 0x805D11CA -> HOOKED (Unknown @ 0x8A327ACC)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x8A239DEC)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x8A2ABD4C)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x8A65B304)
[Address] SSDT[63] : NtDeleteKey @ 0x80624706 -> HOOKED (Unknown @ 0x8A3A9D14)
[Address] SSDT[65] : NtDeleteValueKey @ 0x806248D6 -> HOOKED (Unknown @ 0x89D94924)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x8A239DAC)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A2ABD0C)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x89EE5A84)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x8A5F4A64)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x8A658DDC)
[Address] SSDT[192] : NtRenameKey @ 0x80623C8C -> HOOKED (Unknown @ 0x8A3A9CD4)
[Address] SSDT[204] : NtRestoreKey @ 0x80625C4A -> HOOKED (Unknown @ 0x89D94964)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x89E8C78C)
[Address] SSDT[247] : NtSetValueKey @ 0x806227DC -> HOOKED (Unknown @ 0x8A572B44)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x89EE5A44)
[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x8A658E1C)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x8A5F4A24)
[Address] Shadow SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x889939EC)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8891E1C4)
[Address] IAT @explorer.exe (LoadLibraryExA) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961AC0)
[Address] IAT @explorer.exe (LoadLibraryExW) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961B30)
[Address] IAT @explorer.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961A00)
[Address] IAT @explorer.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961A60)
[Address] IAT @explorer.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\NetInst\NiApmgnt.dll @ 0x62961CD0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HTS541060G9SA00 +++++
--- User ---
[MBR] 212bddfe3408d5bbb54337ab6e469e78
[BSP] bde6832fef3a5a0e4415328128763826 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57223 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05132014_115629.txt >>




2. Otl-
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: "" removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: "" removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: "" removed from network.proxy.backup.ssl_port
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SDTray deleted successfully.
Registry value HKEY_USERS\S-1-5-21-57989841-1500820517-1417001333-1008\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0214c deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 5049 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 189824181 bytes
->Temporary Internet Files folder emptied: 10181056 bytes
->Java cache emptied: 1029445 bytes
->FireFox cache emptied: 23124982 bytes
->Google Chrome cache emptied: 276821430 bytes
->Flash cache emptied: 951 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1025074 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7861 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 479.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05132014_120323

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


3. Adware-
# AdwCleaner v3.207 - Report created 13/05/2014 at 12:29:33
# Updated 05/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - LAPSTU02
# Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\6jz9w74l.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gwstsjy7.default\prefs.js ]


[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

*************************

AdwCleaner[R0].txt - [2141 octets] - [12/02/2014 20:19:53]
AdwCleaner[R1].txt - [1440 octets] - [12/02/2014 23:35:29]
AdwCleaner[R2].txt - [1944 octets] - [29/04/2014 12:35:28]
AdwCleaner[R3].txt - [1561 octets] - [10/05/2014 12:33:16]
AdwCleaner[R4].txt - [1621 octets] - [13/05/2014 12:23:42]
AdwCleaner[R5].txt - [1827 octets] - [13/05/2014 12:27:29]
AdwCleaner[S0].txt - [2171 octets] - [12/02/2014 20:21:02]
AdwCleaner[S1].txt - [1446 octets] - [12/02/2014 23:37:06]
AdwCleaner[S2].txt - [2171 octets] - [29/04/2014 12:43:56]
AdwCleaner[S3].txt - [1752 octets] - [13/05/2014 12:29:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1812 octets] ##########

4. JRT-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by user on Tue 05/13/2014 at 12:57:31.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/13/2014 at 13:04:13.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. OTl
OTL logfile created on: 5/13/2014 2:17:08 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.48% Memory free
3.85 Gb Paging File | 3.00 Gb Available in Paging File | 77.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 8.69 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LAPSTU02 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/10 22:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2014/04/24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/04/09 11:36:52 | 001,171,000 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/02/19 19:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/02/12 16:50:44 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2014/02/12 15:26:32 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/23 16:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe
PRC - [2012/07/20 15:08:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2012/05/14 03:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2011/03/26 07:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\mgmtagnt.exe
PRC - [2011/03/26 07:13:10 | 000,049,808 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\eTray.exe
PRC - [2011/01/14 15:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2008/04/14 09:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 09:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2003/06/24 15:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/12 20:58:10 | 000,237,384 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2011/04/01 10:53:28 | 000,499,712 | ---- | M] () -- C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
MOD - [2011/03/26 07:13:10 | 000,081,991 | ---- | M] () -- C:\Program Files\netinst\zlib1.dll
MOD - [2008/04/14 09:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/05/12 15:12:00 | 001,045,328 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/02/19 19:40:02 | 000,239,680 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2013/10/12 18:00:06 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/23 16:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/03/26 07:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) [Auto | Running] -- C:\Program Files\netinst\mgmtagnt.exe -- (esiCore)
SRV - [2011/01/14 15:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2008/04/14 09:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 09:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/06 15:13:30 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/07/17 13:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 13:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 13:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)
DRV - [2012/04/20 01:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/04/20 01:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/04/13 10:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/01/14 15:58:36 | 000,087,744 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2010/12/07 14:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/12/06 09:46:24 | 000,135,256 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2010/10/07 06:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/06/02 15:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 15:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 15:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/02/11 10:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/23 11:55:28 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 75 E1 CA F5 1D CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/06 14:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/10/12 18:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\extensions
[2013/10/12 18:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/12 18:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/12 18:00:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Google Calendar = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Unblock Youku = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.11.13_0\
CHR - Extension: Unblock Youku = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.12.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NetInstall NiTray] C:\Program Files\NetInst\eTray.exe (FrontRange Solutions Deutschland GmbH)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEC3F13F-7771-4AB8-B635-E024548C8D4B}: DhcpNameServer = 172.20.10.1
O20 - AppInit_DLLs: (c:\progra~1\netinst\niamh.dll) - c:\Program Files\netinst\NiAMH.dll (FrontRange Solutions Deutschland GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/23 11:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/13 13:07:57 | 004,164,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2014/05/13 11:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\RK_Quarantine
[2014/05/12 15:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2014/05/12 15:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2014/05/12 15:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SSI, Inc
[2014/05/12 15:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\HLM7
[2014/05/12 15:09:33 | 000,000,000 | ---D | C] -- C:\HLM 7 Examples
[2014/05/12 12:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2014/05/10 23:29:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe
[2014/05/10 22:58:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2014/04/30 23:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\PhD
[2014/04/29 13:50:50 | 001,682,336 | ---- | C] (ESET) -- C:\Documents and Settings\user\Desktop\eset_nod32_antivirus_live_installer.exe
[2014/04/29 13:08:43 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe
[2014/04/29 12:36:05 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/04/28 15:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Brorsoft
[2014/04/17 10:49:21 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/17 10:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/17 10:48:40 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/17 10:48:40 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/17 10:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/17 10:48:11 | 017,305,616 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-2.0.1.1004 (1).exe
[2014/04/14 23:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\uTorrent
[2 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/13 14:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/13 14:03:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1008UA.job
[2014/05/13 13:11:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/13 13:10:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/13 13:10:07 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/05/13 13:09:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/13 13:08:03 | 004,164,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2014/05/13 11:08:20 | 000,177,679 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Summary of findings ethnic minorities on Belgian labor market.pdf
[2014/05/12 17:33:57 | 000,972,872 | ---- | M] () -- C:\Documents and Settings\user\Desktop\TenureExperienceHumanCapitalAndWa_preview.pdf
[2014/05/12 15:03:02 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1008Core.job
[2014/05/10 23:30:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe
[2014/05/10 22:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2014/05/10 12:33:04 | 001,316,991 | ---- | M] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe
[2014/05/08 15:00:02 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/05/06 16:54:09 | 000,349,528 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Primo by Ex Libris.htm
[2014/05/06 09:37:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/03 20:26:56 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2014/05/02 17:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/30 18:55:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2014/04/30 18:55:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/04/30 18:55:26 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/29 13:50:58 | 001,682,336 | ---- | M] (ESET) -- C:\Documents and Settings\user\Desktop\eset_nod32_antivirus_live_installer.exe
[2014/04/29 13:09:04 | 003,972,608 | ---- | M] () -- C:\Documents and Settings\user\Desktop\RogueKiller.exe
[2014/04/29 13:08:47 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe
[2014/04/21 09:57:18 | 000,543,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/21 09:57:18 | 000,098,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/17 10:48:49 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/17 10:48:39 | 017,305,616 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup-2.0.1.1004 (1).exe
[2 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/13 11:08:20 | 000,177,679 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Summary of findings ethnic minorities on Belgian labor market.pdf
[2014/05/12 17:32:49 | 000,972,872 | ---- | C] () -- C:\Documents and Settings\user\Desktop\TenureExperienceHumanCapitalAndWa_preview.pdf
[2014/05/10 12:32:45 | 001,316,991 | ---- | C] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe
[2014/05/06 16:54:03 | 000,349,528 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Primo by Ex Libris.htm
[2014/04/30 18:55:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2014/04/30 18:55:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/04/29 13:08:56 | 003,972,608 | ---- | C] () -- C:\Documents and Settings\user\Desktop\RogueKiller.exe
[2014/04/17 10:48:49 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/10 01:50:07 | 000,326,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-1500820517-1417001333-1008-0.dat
[2014/02/09 23:13:18 | 000,000,407 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/01/25 15:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/11/23 23:21:03 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 15:59:21 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2013/04/30 16:41:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2013/04/30 16:41:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2013/03/20 14:43:22 | 000,224,690 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/23 20:58:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/07/23 20:58:15 | 000,543,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/23 20:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/23 20:58:15 | 000,098,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/23 20:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/23 20:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/07/23 20:58:13 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/07/23 20:58:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/07/23 20:58:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/07/23 20:58:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/07/23 20:57:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/23 20:57:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2012/07/23 20:57:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/07/23 20:57:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/07/23 20:57:20 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/23 16:49:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2012/07/23 14:47:01 | 000,009,074 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012/07/23 13:05:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/23 13:04:45 | 000,218,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/23 11:26:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/07/23 11:17:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 11:12:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/23 11:12:07 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/07/23 11:12:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/07/23 11:12:07 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

========== ZeroAccess Check ==========

[2012/07/23 15:04:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 09:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/04/12 16:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/04/30 16:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2013/02/03 17:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2013/04/30 16:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2014/04/28 15:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Brorsoft
[2013/12/21 00:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox
[2014/03/09 12:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software
[2013/12/04 21:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SAS
[2014/05/12 12:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spotify
[2013/12/15 03:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SPSSInc
[2014/05/12 13:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent

========== Purity Check ==========



< End of report >

6. TDSSkiller-
13:11:32.0500 0x08f8 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
13:11:33.0546 0x08f8 ============================================================
13:11:33.0546 0x08f8 Current date / time: 2014/05/13 13:11:33.0546
13:11:33.0546 0x08f8 SystemInfo:
13:11:33.0546 0x08f8
13:11:33.0546 0x08f8 OS Version: 5.1.2600 ServicePack: 3.0
13:11:33.0546 0x08f8 Product type: Workstation
13:11:33.0546 0x08f8 ComputerName: LAPSTU02
13:11:33.0546 0x08f8 UserName: user
13:11:33.0546 0x08f8 Windows directory: C:\WINDOWS
13:11:33.0546 0x08f8 System windows directory: C:\WINDOWS
13:11:33.0546 0x08f8 Processor architecture: Intel x86
13:11:33.0546 0x08f8 Number of processors: 2
13:11:33.0546 0x08f8 Page size: 0x1000
13:11:33.0546 0x08f8 Boot type: Normal boot
13:11:33.0546 0x08f8 ============================================================
13:11:33.0546 0x08f8 BG loaded
13:11:39.0937 0x08f8 System UUID: {1D12D03B-AF14-3B7B-7F81-71E040B18302}
13:11:52.0656 0x08f8 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
13:11:52.0687 0x08f8 ============================================================
13:11:52.0687 0x08f8 \Device\Harddisk0\DR0:
13:11:52.0687 0x08f8 MBR partitions:
13:11:52.0687 0x08f8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FC3970
13:11:52.0687 0x08f8 ============================================================
13:11:53.0203 0x08f8 C: <-> \Device\Harddisk0\DR0\Partition1
13:11:53.0203 0x08f8 ============================================================
13:11:53.0203 0x08f8 Initialize success
13:11:53.0203 0x08f8 ============================================================
13:12:25.0906 0x0938 ============================================================
13:12:25.0906 0x0938 Scan started
13:12:25.0906 0x0938 Mode: Manual; SigCheck; TDLFS;
13:12:25.0906 0x0938 ============================================================
13:12:25.0906 0x0938 KSN ping started
13:12:26.0000 0x0938 KSN ping finished: false
13:12:29.0265 0x0938 ================ Scan system memory ========================
13:12:37.0828 0x0938 System memory - ok
13:12:37.0828 0x0938 ================ Scan services =============================
13:13:09.0109 0x0938 Abiosdsk - ok
13:13:09.0109 0x0938 abp480n5 - ok
13:13:09.0390 0x0938 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:13:10.0390 0x0938 ACPI - ok
13:13:10.0734 0x0938 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:13:11.0015 0x0938 ACPIEC - ok
13:13:11.0140 0x0938 [ BEEE84A79710F705864685B05F1BB172, B3E75F860179EB6C72A902EF9425F57992F73890DAB2C6F9562E8D77ADF4EC5B ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:13:11.0406 0x0938 ADIHdAudAddService - ok
13:13:11.0406 0x0938 adpu160m - ok
13:13:11.0468 0x0938 [ 358063AB6C1C4173B735525CDFA65F94, E2C7E27F8E0B4C6A662313FEEE61AF02D9166F4DC40E709DBB6C73EB489A5CC5 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
13:13:11.0578 0x0938 AEAudioService - ok
13:13:11.0656 0x0938 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:13:11.0875 0x0938 aec - ok
13:13:11.0984 0x0938 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:13:12.0203 0x0938 AFD - ok
13:13:12.0203 0x0938 Aha154x - ok
13:13:12.0218 0x0938 aic78u2 - ok
13:13:12.0218 0x0938 aic78xx - ok
13:13:12.0312 0x0938 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:13:12.0562 0x0938 Alerter - ok
13:13:12.0578 0x0938 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
13:13:12.0765 0x0938 ALG - ok
13:13:12.0781 0x0938 AliIde - ok
13:13:12.0781 0x0938 amsint - ok
13:13:13.0078 0x0938 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:13:13.0187 0x0938 Apple Mobile Device - ok
13:13:13.0218 0x0938 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:13:13.0437 0x0938 AppMgmt - ok
13:13:13.0453 0x0938 asc - ok
13:13:13.0453 0x0938 asc3350p - ok
13:13:13.0468 0x0938 asc3550 - ok
13:13:13.0937 0x0938 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:13:14.0093 0x0938 aspnet_state - ok
13:13:14.0125 0x0938 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:13:14.0343 0x0938 AsyncMac - ok
13:13:14.0421 0x0938 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:13:14.0640 0x0938 atapi - ok
13:13:14.0640 0x0938 Atdisk - ok
13:13:14.0906 0x0938 [ 471087B5E1E01CC82604E81EA14781D8, DA6AAFE65232AF3DA3D0D5F399730A1117B0DBBCB6AA2A9BD0D1ADA22A1198B8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:13:15.0125 0x0938 Ati HotKey Poller - detected UnsignedFile.Multi.Generic ( 1 )
13:13:15.0375 0x0938 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
13:13:16.0234 0x0938 [ C0B86ECB324E50F6BBD529F9D5C6B24B, 6B6E58CBDE1010FF13740DA91482E8A40D7B31CD808C16B524BE012C0EADB0D1 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:13:16.0640 0x0938 ati2mtag - detected UnsignedFile.Multi.Generic ( 1 )
13:13:16.0640 0x0938 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
13:13:16.0718 0x0938 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:13:16.0937 0x0938 Atmarpc - ok
13:13:17.0000 0x0938 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:13:17.0171 0x0938 AudioSrv - ok
13:13:17.0234 0x0938 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:13:17.0375 0x0938 audstub - ok
13:13:17.0453 0x0938 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:13:17.0593 0x0938 Beep - ok
13:13:17.0734 0x0938 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
13:13:18.0171 0x0938 BITS - ok
13:13:18.0250 0x0938 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:13:18.0359 0x0938 Bonjour Service - ok
13:13:18.0437 0x0938 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
13:13:18.0546 0x0938 Browser - ok
13:13:18.0609 0x0938 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:13:18.0796 0x0938 cbidf2k - ok
13:13:18.0796 0x0938 cd20xrnt - ok
13:13:18.0859 0x0938 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:13:19.0015 0x0938 Cdaudio - ok
13:13:19.0156 0x0938 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:13:19.0328 0x0938 Cdfs - ok
13:13:19.0703 0x0938 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:13:19.0921 0x0938 Cdrom - ok
13:13:19.0921 0x0938 Changer - ok
13:13:19.0968 0x0938 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:13:20.0171 0x0938 CiSvc - ok
13:13:20.0296 0x0938 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:13:20.0500 0x0938 ClipSrv - ok
13:13:20.0765 0x0938 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:20.0937 0x0938 clr_optimization_v2.0.50727_32 - ok
13:13:21.0015 0x0938 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:21.0531 0x0938 clr_optimization_v4.0.30319_32 - ok
13:13:21.0593 0x0938 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:13:21.0921 0x0938 CmBatt - ok
13:13:21.0921 0x0938 CmdIde - ok
13:13:21.0968 0x0938 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:13:22.0109 0x0938 Compbatt - ok
13:13:22.0140 0x0938 COMSysApp - ok
13:13:22.0140 0x0938 Cpqarray - ok
13:13:22.0187 0x0938 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:13:22.0328 0x0938 CryptSvc - ok
13:13:22.0328 0x0938 dac2w2k - ok
13:13:22.0343 0x0938 dac960nt - ok
13:13:22.0640 0x0938 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:13:22.0921 0x0938 DcomLaunch - ok
13:13:23.0046 0x0938 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:13:23.0250 0x0938 Dhcp - ok
13:13:23.0421 0x0938 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:13:23.0609 0x0938 Disk - ok
13:13:23.0625 0x0938 dmadmin - ok
13:13:23.0734 0x0938 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:13:24.0062 0x0938 dmboot - ok
13:13:24.0234 0x0938 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:13:24.0406 0x0938 dmio - ok
13:13:24.0453 0x0938 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:13:24.0578 0x0938 dmload - ok
13:13:24.0609 0x0938 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
13:13:24.0796 0x0938 dmserver - ok
13:13:24.0875 0x0938 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:13:25.0078 0x0938 DMusic - ok
13:13:25.0171 0x0938 [ A92500F91100DA9E53BF841F0B16927C, 02324CEAA5706F35F2BE9E3B0D55E0A8F04AE5E163AB50A276E22C3F18EB5BA0 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
13:13:25.0343 0x0938 DNE - ok
13:13:25.0390 0x0938 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:13:25.0515 0x0938 Dnscache - ok
13:13:25.0656 0x0938 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:13:26.0046 0x0938 Dot3svc - ok
13:13:26.0046 0x0938 dpti2o - ok
13:13:26.0078 0x0938 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:13:26.0187 0x0938 drmkaud - ok
13:13:26.0250 0x0938 [ 6DE32A9123EF60F9D423E9163AF0E305, 2C11222D998F6D8D870879BB50E85C4929BF51903118DD8A991B9A02FF84B79E ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:13:26.0312 0x0938 e1express - ok
13:13:26.0343 0x0938 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:13:26.0484 0x0938 EapHost - ok
13:13:26.0515 0x0938 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:13:26.0718 0x0938 ERSvc - ok
13:13:26.0953 0x0938 [ 5E2C2F8785C7AD89EB81CFDB26C4E0BF, 94F20AC5304CA30F8A170B3148E1821A64EC7B6157A73DCC4A91D12ACF50DEB0 ] esiCore C:\Program Files\NetInst\mgmtagnt.exe
13:13:27.0437 0x0938 esiCore - ok
13:13:27.0515 0x0938 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
13:13:27.0656 0x0938 Eventlog - ok
13:13:27.0937 0x0938 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
13:13:28.0000 0x0938 EventSystem - ok
13:13:28.0078 0x0938 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:13:28.0312 0x0938 Fastfat - ok
13:13:28.0406 0x0938 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:13:28.0500 0x0938 FastUserSwitchingCompatibility - ok
13:13:28.0531 0x0938 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:13:28.0703 0x0938 Fdc - ok
13:13:28.0781 0x0938 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:13:28.0921 0x0938 Fips - ok
13:13:29.0156 0x0938 [ C29E0B833C7466BD185892AE3CDCD27D, 4DE494A1353C3F4DD8D74AE85175577A5ABCD2F1B3D8F8986465377CDBCA49A6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:13:29.0390 0x0938 FLEXnet Licensing Service - ok
13:13:29.0500 0x0938 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:13:29.0687 0x0938 Flpydisk - ok
13:13:29.0765 0x0938 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:13:30.0015 0x0938 FltMgr - ok
13:13:30.0125 0x0938 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:30.0187 0x0938 FontCache3.0.0.0 - ok
13:13:30.0375 0x0938 [ D316BB764E63289DEE509F05C31C2956, 3685CD50504725CD7FA65EE27BD450DE5D7058201FF870FF8D833AA81B415C4D ] FoxitCloudUpdateService C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
13:13:30.0500 0x0938 FoxitCloudUpdateService - ok
13:13:30.0562 0x0938 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:13:30.0718 0x0938 Fs_Rec - ok
13:13:30.0796 0x0938 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:13:31.0031 0x0938 Ftdisk - ok
13:13:31.0093 0x0938 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:13:31.0140 0x0938 GEARAspiWDM - ok
13:13:31.0187 0x0938 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:13:31.0375 0x0938 Gpc - ok
13:13:31.0562 0x0938 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:31.0640 0x0938 gupdate - ok
13:13:31.0734 0x0938 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:31.0750 0x0938 gupdatem - ok
13:13:31.0937 0x0938 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:13:32.0078 0x0938 HDAudBus - ok
13:13:32.0250 0x0938 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:13:32.0468 0x0938 helpsvc - ok
13:13:32.0468 0x0938 HidServ - ok
13:13:32.0515 0x0938 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:13:32.0671 0x0938 HidUsb - ok
13:13:32.0781 0x0938 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:13:32.0953 0x0938 hkmsvc - ok
13:13:32.0968 0x0938 hpn - ok
13:13:33.0015 0x0938 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:13:33.0140 0x0938 HPZius12 - ok
13:13:33.0250 0x0938 [ 702A7E1B3C9263EFBD6AEDE3B6919761, CD60A7A657596890775FA6583800A57BF8435B8F4964C65630835291F7EC38F1 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
13:13:33.0328 0x0938 HSFHWAZL - ok
13:13:33.0562 0x0938 [ 8D02CB68D53AA36189FAF86FED438884, 99F66C299CEAA2967985CDEA0956C186AD86F5AF52649023D72D6C47C509FCA2 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:13:33.0765 0x0938 HSF_DPV - ok
13:13:33.0953 0x0938 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:13:34.0046 0x0938 HTTP - ok
13:13:34.0078 0x0938 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:13:34.0250 0x0938 HTTPFilter - ok
13:13:34.0265 0x0938 i2omgmt - ok
13:13:34.0265 0x0938 i2omp - ok
13:13:34.0625 0x0938 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:13:34.0843 0x0938 i8042prt - ok
13:13:35.0000 0x0938 [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
13:13:35.0093 0x0938 IBMPMDRV - ok
13:13:35.0125 0x0938 [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
13:13:35.0156 0x0938 IBMPMSVC - ok
13:13:35.0593 0x0938 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:35.0906 0x0938 idsvc - ok
13:13:36.0093 0x0938 [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:13:36.0250 0x0938 IISADMIN - ok
13:13:36.0312 0x0938 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:13:36.0546 0x0938 Imapi - ok
13:13:36.0593 0x0938 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
13:13:36.0859 0x0938 ImapiService - ok
13:13:36.0875 0x0938 ini910u - ok
13:13:36.0875 0x0938 IntelIde - ok
13:13:36.0921 0x0938 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:13:37.0078 0x0938 intelppm - ok
13:13:37.0109 0x0938 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:13:37.0296 0x0938 Ip6Fw - ok
13:13:37.0312 0x0938 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:13:37.0500 0x0938 IpFilterDriver - ok
13:13:37.0500 0x0938 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:13:37.0625 0x0938 IpInIp - ok
13:13:37.0687 0x0938 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:13:37.0843 0x0938 IpNat - ok
13:13:38.0046 0x0938 [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:13:38.0140 0x0938 iPod Service - ok
13:13:38.0218 0x0938 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:13:38.0406 0x0938 IPSec - ok
13:13:38.0484 0x0938 [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
13:13:38.0625 0x0938 irda - ok
13:13:38.0703 0x0938 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:13:38.0828 0x0938 IRENUM - ok
13:13:38.0859 0x0938 [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon C:\WINDOWS\System32\irmon.dll
13:13:38.0968 0x0938 Irmon - ok
13:13:39.0000 0x0938 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:13:39.0218 0x0938 isapnp - ok
13:13:39.0437 0x0938 [ 5E06A9D23727DAF96FAA796F1135FDCD, CE17B26F6DE8FD229A32A0057855A35EA2A728162808095D2000FF6987AF2939 ] JavaQuickStarterService C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe
13:13:39.0484 0x0938 JavaQuickStarterService - ok
13:13:39.0562 0x0938 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:13:39.0718 0x0938 Kbdclass - ok
13:13:39.0875 0x0938 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:13:40.0046 0x0938 kbdhid - ok
13:13:40.0171 0x0938 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:13:40.0437 0x0938 kmixer - ok
13:13:40.0500 0x0938 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:13:40.0656 0x0938 KSecDD - ok
13:13:40.0750 0x0938 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:13:40.0953 0x0938 LanmanServer - ok
13:13:41.0046 0x0938 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:13:41.0187 0x0938 lanmanworkstation - ok
13:13:41.0187 0x0938 lbrtfdc - ok
13:13:41.0265 0x0938 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:13:41.0515 0x0938 LmHosts - ok
13:13:41.0765 0x0938 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:13:41.0906 0x0938 MDM - detected UnsignedFile.Multi.Generic ( 1 )
13:13:41.0906 0x0938 MDM ( UnsignedFile.Multi.Generic ) - warning
13:13:41.0906 0x0938 Force sending object to P2P due to detect: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:13:41.0921 0x0938 Object send P2P result: false
13:13:41.0968 0x0938 [ A027DE1E6C11BD2DAF61F6F276B2299F, E2B7A9EDE85DB440FE6ECBD87976B00F01A5BB5DB8D19A38AE8AE66A9962128E ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:13:42.0000 0x0938 mdmxsdk - ok
13:13:42.0093 0x0938 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:13:42.0343 0x0938 Messenger - ok
13:13:42.0406 0x0938 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:13:42.0593 0x0938 mnmdd - ok
13:13:42.0640 0x0938 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:13:42.0984 0x0938 mnmsrvc - ok
13:13:43.0000 0x0938 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:13:43.0203 0x0938 Modem - ok
13:13:43.0234 0x0938 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:13:43.0468 0x0938 Mouclass - ok
13:13:43.0515 0x0938 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:13:43.0687 0x0938 mouhid - ok
13:13:43.0750 0x0938 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:13:43.0921 0x0938 MountMgr - ok
13:13:44.0015 0x0938 [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:13:44.0093 0x0938 MozillaMaintenance - ok
13:13:44.0093 0x0938 mraid35x - ok
13:13:44.0156 0x0938 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:13:44.0328 0x0938 MRxDAV - ok
13:13:44.0515 0x0938 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:13:44.0578 0x0938 MRxSmb - ok
13:13:44.0625 0x0938 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:13:44.0859 0x0938 MSDTC - ok
13:13:44.0906 0x0938 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:13:45.0109 0x0938 Msfs - ok
13:13:45.0125 0x0938 MSIServer - ok
13:13:45.0156 0x0938 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:13:45.0328 0x0938 MSKSSRV - ok
13:13:45.0359 0x0938 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:13:45.0562 0x0938 MSPCLOCK - ok
13:13:45.0625 0x0938 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:13:45.0750 0x0938 MSPQM - ok
13:13:45.0906 0x0938 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:13:46.0062 0x0938 mssmbios - ok
13:13:46.0125 0x0938 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:13:46.0265 0x0938 Mup - ok
13:13:46.0437 0x0938 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:13:46.0718 0x0938 napagent - ok
13:13:46.0828 0x0938 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:13:47.0000 0x0938 NDIS - ok
13:13:47.0062 0x0938 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:13:47.0140 0x0938 NdisTapi - ok
13:13:47.0203 0x0938 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:13:47.0328 0x0938 Ndisuio - ok
13:13:47.0390 0x0938 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:13:47.0531 0x0938 NdisWan - ok
13:13:47.0562 0x0938 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:13:47.0640 0x0938 NDProxy - ok
13:13:47.0703 0x0938 [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
13:13:47.0843 0x0938 Netaapl - ok
13:13:47.0906 0x0938 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:13:48.0062 0x0938 NetBIOS - ok
13:13:48.0156 0x0938 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:13:48.0390 0x0938 NetBT - ok
13:13:48.0437 0x0938 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
13:13:48.0609 0x0938 NetDDE - ok
13:13:48.0625 0x0938 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:13:48.0718 0x0938 NetDDEdsdm - ok
13:13:48.0765 0x0938 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:13:48.0921 0x0938 Netlogon - ok
13:13:49.0000 0x0938 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
13:13:49.0156 0x0938 Netman - ok
13:13:49.0234 0x0938 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:13:49.0328 0x0938 NetTcpPortSharing - ok
13:13:50.0593 0x0938 [ 72062B53186E4A3F5FCBC41EBB62B905, F8C34C6EF26E67423742C50F39FB4888601F3BFC7DD4FD0EEC59A37A21F3D77F ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
13:13:51.0875 0x0938 NETwLx32 - ok
13:13:52.0000 0x0938 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
13:13:52.0109 0x0938 Nla - ok
13:13:52.0187 0x0938 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:13:52.0328 0x0938 Npfs - ok
13:13:52.0375 0x0938 [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
13:13:52.0484 0x0938 NSCIRDA - ok
13:13:52.0640 0x0938 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:13:53.0078 0x0938 Ntfs - ok
13:13:53.0171 0x0938 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:13:53.0265 0x0938 NtLmSsp - ok
13:13:53.0406 0x0938 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:13:53.0703 0x0938 NtmsSvc - ok
13:13:54.0187 0x0938 [ A5FB5070F78E5C26C39B4E7F9163C6DF, ACE5FCC0B93068BA2D943EF3F1685664E69B3BFA2BFA033ACF2EE9E3C82A0E8A ] ntrtscan C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
13:13:54.0640 0x0938 ntrtscan - ok
13:13:54.0796 0x0938 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
13:13:55.0000 0x0938 Null - ok
13:13:55.0062 0x0938 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:13:55.0312 0x0938 NwlnkFlt - ok
13:13:55.0328 0x0938 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:13:55.0484 0x0938 NwlnkFwd - ok
13:13:55.0609 0x0938 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:13:55.0812 0x0938 odserv - ok
13:13:55.0937 0x0938 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:56.0000 0x0938 ose - ok
13:13:56.0015 0x0938 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:13:56.0156 0x0938 Parport - ok
13:13:56.0203 0x0938 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:13:56.0343 0x0938 PartMgr - ok
13:13:56.0359 0x0938 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:13:56.0484 0x0938 ParVdm - ok
13:13:56.0562 0x0938 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:13:56.0812 0x0938 PCI - ok
13:13:56.0812 0x0938 PCIDump - ok
13:13:56.0875 0x0938 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:13:56.0984 0x0938 PCIIde - ok
13:13:57.0046 0x0938 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:13:57.0203 0x0938 Pcmcia - ok
13:13:57.0203 0x0938 PDCOMP - ok
13:13:57.0218 0x0938 PDFRAME - ok
13:13:57.0218 0x0938 PDRELI - ok
13:13:57.0218 0x0938 PDRFRAME - ok
13:13:57.0234 0x0938 perc2 - ok
13:13:57.0234 0x0938 perc2hib - ok
13:13:57.0281 0x0938 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
13:13:57.0312 0x0938 PlugPlay - ok
13:13:57.0359 0x0938 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:13:57.0453 0x0938 PolicyAgent - ok
13:13:57.0515 0x0938 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:13:57.0687 0x0938 PptpMiniport - ok
13:13:57.0703 0x0938 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:13:57.0796 0x0938 ProtectedStorage - ok
13:13:57.0812 0x0938 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:13:57.0937 0x0938 PSched - ok
13:13:57.0968 0x0938 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:13:58.0109 0x0938 Ptilink - ok
13:13:58.0125 0x0938 ql1080 - ok
13:13:58.0125 0x0938 Ql10wnt - ok
13:13:58.0125 0x0938 ql12160 - ok
13:13:58.0140 0x0938 ql1240 - ok
13:13:58.0140 0x0938 ql1280 - ok
13:13:58.0140 0x0938 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:13:58.0265 0x0938 RasAcd - ok
13:13:58.0296 0x0938 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:13:58.0500 0x0938 RasAuto - ok
13:13:58.0531 0x0938 [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:13:58.0609 0x0938 Rasirda - ok
13:13:58.0625 0x0938 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:13:58.0781 0x0938 Rasl2tp - ok
13:13:58.0875 0x0938 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:13:59.0031 0x0938 RasMan - ok
13:13:59.0062 0x0938 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:13:59.0203 0x0938 RasPppoe - ok
13:13:59.0234 0x0938 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:13:59.0359 0x0938 Raspti - ok
13:13:59.0421 0x0938 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:13:59.0593 0x0938 Rdbss - ok
13:13:59.0656 0x0938 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:13:59.0828 0x0938 RDPCDD - ok
13:13:59.0937 0x0938 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:14:00.0140 0x0938 rdpdr - ok
13:14:00.0187 0x0938 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:14:00.0312 0x0938 RDPWD - ok
13:14:00.0359 0x0938 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:14:00.0546 0x0938 RDSessMgr - ok
13:14:00.0578 0x0938 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:14:00.0734 0x0938 redbook - ok
13:14:00.0765 0x0938 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:14:00.0921 0x0938 RemoteAccess - ok
13:14:01.0000 0x0938 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:14:01.0125 0x0938 RemoteRegistry - ok
13:14:01.0203 0x0938 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:14:01.0375 0x0938 RpcLocator - ok
13:14:01.0421 0x0938 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:14:01.0515 0x0938 RpcSs - ok
13:14:01.0578 0x0938 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:14:01.0812 0x0938 RSVP - ok
13:14:01.0828 0x0938 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
13:14:01.0921 0x0938 SamSs - ok
13:14:01.0968 0x0938 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:14:02.0156 0x0938 SCardSvr - ok
13:14:02.0265 0x0938 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:14:02.0406 0x0938 Schedule - ok
13:14:02.0453 0x0938 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:14:02.0546 0x0938 Secdrv - ok
13:14:02.0593 0x0938 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:14:02.0734 0x0938 seclogon - ok
13:14:02.0828 0x0938 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
13:14:02.0968 0x0938 SENS - ok
13:14:03.0015 0x0938 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:14:03.0156 0x0938 Serial - ok
13:14:03.0187 0x0938 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:14:03.0312 0x0938 Sfloppy - ok
13:14:03.0421 0x0938 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:14:03.0718 0x0938 SharedAccess - ok
13:14:03.0812 0x0938 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:14:03.0843 0x0938 ShellHWDetection - ok
13:14:03.0843 0x0938 Simbad - ok
13:14:03.0859 0x0938 Sparrow - ok
13:14:03.0875 0x0938 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:14:04.0078 0x0938 splitter - ok
13:14:04.0156 0x0938 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:14:04.0218 0x0938 Spooler - ok
13:14:04.0437 0x0938 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:14:04.0640 0x0938 sr - ok
13:14:04.0671 0x0938 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
13:14:04.0796 0x0938 srservice - ok
13:14:04.0875 0x0938 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:14:05.0000 0x0938 Srv - ok
13:14:05.0031 0x0938 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:14:05.0187 0x0938 SSDPSRV - ok
13:14:05.0265 0x0938 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:14:05.0484 0x0938 stisvc - ok
13:14:05.0546 0x0938 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:14:05.0656 0x0938 swenum - ok
13:14:05.0796 0x0938 [ F414B37E6B7CB920ABB0517A3F3A01DE, AE23D1A4AE08DB0D9A090AC0D973FC8EA8B81558568EFBCD695959C413742DBA ] SWGVCSvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
13:14:05.0859 0x0938 SWGVCSvc - ok
13:14:05.0921 0x0938 [ AE8008574D04DE86781710321ED158C9, EAFAF98AD4BC166F5075E00F1DD465B1178B55DEB577C4B068C0922FB5BF5D79 ] SWIPsec C:\WINDOWS\system32\Drivers\SWIPsec.sys
13:14:05.0968 0x0938 SWIPsec - ok
13:14:05.0984 0x0938 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:14:06.0125 0x0938 swmidi - ok
13:14:06.0125 0x0938 SwPrv - ok
13:14:06.0156 0x0938 [ 962B13026B10B82D2874BFDA4ECC048D, 1A3E5EBA69D96B02B13D494808F218A47F88A26C01504683DF6279529D85EB76 ] SWVNIC C:\WINDOWS\system32\DRIVERS\swvnic.sys
13:14:06.0187 0x0938 SWVNIC - ok
13:14:06.0203 0x0938 symc810 - ok
13:14:06.0203 0x0938 symc8xx - ok
13:14:06.0203 0x0938 sym_hi - ok
13:14:06.0218 0x0938 sym_u3 - ok
13:14:06.0281 0x0938 [ 1CDE0A5C0416187B9B89E03980C6E8DE, FF78A9EA10521BDE3744932CF41FFC338C202E991816FF6E8F579C032828DD26 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:14:06.0406 0x0938 SynTP - ok
13:14:06.0437 0x0938 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:14:06.0562 0x0938 sysaudio - ok
13:14:06.0593 0x0938 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:14:06.0812 0x0938 SysmonLog - ok
13:14:06.0875 0x0938 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:14:07.0078 0x0938 TapiSrv - ok
13:14:07.0187 0x0938 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:14:07.0296 0x0938 Tcpip - ok
13:14:07.0328 0x0938 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:14:07.0500 0x0938 TDPIPE - ok
13:14:07.0531 0x0938 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:14:07.0703 0x0938 TDTCP - ok
13:14:07.0734 0x0938 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:14:07.0906 0x0938 TermDD - ok
13:14:07.0937 0x0938 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
13:14:08.0140 0x0938 TermService - ok
13:14:08.0171 0x0938 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
13:14:08.0203 0x0938 Themes - ok
13:14:08.0250 0x0938 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:14:08.0375 0x0938 TlntSvr - ok
13:14:08.0421 0x0938 [ FBB4A664450EB3905527C01B7F91D5C9, 20125D04011B4F5A820064D1CAD60D1520DFFB19881D54A80C2BBC548FCCA73C ] tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys
13:14:08.0484 0x0938 tmactmon - ok
13:14:08.0546 0x0938 [ F9964675C072664ADA62126492DB5AC8, 964D2AE5A3BA384EB19B88FBC13AF6D3CB95B77902939E1A39B9D880C62F7EB7 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
13:14:08.0656 0x0938 TMBMServer - ok
13:14:08.0750 0x0938 [ 2FD877742C7F750A8E4B0053AD62CAFE, 8792CB27460DADC7B7D85F89F8449A9C1BDF4DA3FDCBD684E752E98AD6441481 ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
13:14:08.0828 0x0938 tmcomm - ok
13:14:08.0843 0x0938 [ B0F6745DA670754E64146A6E64B96B30, AB76DCC5DFF13A938338572F4255C8BE47233565545EEB277B6E29DBA9B389CF ] tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys
13:14:08.0890 0x0938 tmevtmgr - ok
13:14:08.0968 0x0938 [ 6341531EE7FE1CE4C116C849BE02534F, 498EFF737033987CED9D619B04D6E2702A509C67D6224A2DD91983D5ECB2869F ] TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
13:14:09.0109 0x0938 TmFilter - ok
13:14:09.0328 0x0938 [ 0A10C6741C45B3AD40FC603A58461B94, AA65A18ADE7F53A1920959B60610BB1B993655A2A03451C1292995A28831BAC9 ] tmlisten C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
13:14:09.0468 0x0938 tmlisten - ok
13:14:09.0562 0x0938 [ 0DE3104387D312EA8B096D97305430D0, 5DE42187F45E61F202E620EEA962ED7F3192CD341043109B673C97980CF17D7C ] TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
13:14:09.0609 0x0938 TmPreFilter - ok
13:14:09.0687 0x0938 [ 12FE3DB7B9822BFEE3AF1016A535F2D8, 1F392F1803AAE4B9EB09D13CFF9687884ECCE4541778F8E930EE08AD0E233568 ] TmProxy C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
13:14:09.0765 0x0938 TmProxy - ok
13:14:09.0859 0x0938 [ 5F7F63884A8547981EE379B8C0FB3312, 92AAFF2AA9652E6B9BF27F78C240F3BCB41CDECB2AF4BBAF78559D226D78BEA6 ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
13:14:09.0890 0x0938 tmtdi - ok
13:14:09.0906 0x0938 TosIde - ok
13:14:09.0984 0x0938 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:14:10.0109 0x0938 TrkWks - ok
13:14:10.0156 0x0938 [ 17687545F77A648AF7F9F1064EB61191, 6A9DD9637F5C710133AB50336547997F908ED0AC2812CB320F0FCC6F062D21E8 ] TwoTrack C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
13:14:10.0281 0x0938 TwoTrack - ok
13:14:10.0328 0x0938 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:14:10.0484 0x0938 Udfs - ok
13:14:10.0484 0x0938 ultra - ok
13:14:10.0578 0x0938 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:14:10.0734 0x0938 Update - ok
13:14:10.0765 0x0938 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
13:14:10.0875 0x0938 upnphost - ok
13:14:10.0906 0x0938 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
13:14:11.0046 0x0938 UPS - ok
13:14:11.0109 0x0938 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:14:11.0203 0x0938 USBAAPL - ok
13:14:11.0234 0x0938 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:14:11.0281 0x0938 usbccgp - ok
13:14:11.0328 0x0938 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:14:11.0343 0x0938 usbehci - ok
13:14:11.0390 0x0938 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:14:11.0531 0x0938 usbhub - ok
13:14:11.0578 0x0938 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:14:11.0718 0x0938 usbprint - ok
13:14:11.0781 0x0938 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:14:11.0812 0x0938 usbscan - ok
13:14:11.0859 0x0938 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:14:12.0078 0x0938 USBSTOR - ok
13:14:12.0109 0x0938 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:14:12.0218 0x0938 usbuhci - ok
13:14:12.0250 0x0938 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:14:12.0359 0x0938 VgaSave - ok
13:14:12.0359 0x0938 ViaIde - ok
13:14:12.0421 0x0938 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:14:12.0546 0x0938 VolSnap - ok
13:14:12.0750 0x0938 [ 1C0A7FF6CA0F21E26AD34377A56C9B4F, A1FEED71CCBC00BF6E4604E2E3DD93CCE111DDFA38ABD26625432555EBE04594 ] VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
13:14:12.0859 0x0938 VSApiNt - ok
13:14:12.0953 0x0938 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
13:14:13.0140 0x0938 VSS - ok
13:14:13.0218 0x0938 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
13:14:13.0421 0x0938 W32Time - ok
13:14:13.0453 0x0938 [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:14:13.0515 0x0938 W3SVC - ok
13:14:13.0531 0x0938 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:14:13.0671 0x0938 Wanarp - ok
13:14:13.0812 0x0938 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:14:13.0937 0x0938 Wdf01000 - ok
13:14:13.0937 0x0938 WDICA - ok
13:14:13.0968 0x0938 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:14:14.0140 0x0938 wdmaud - ok
13:14:14.0203 0x0938 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
13:14:14.0343 0x0938 WebClient - ok
13:14:14.0421 0x0938 [ 115946A53B62A6B171FD0ED197C71D52, 498F5926B4EEE368CF7156243197FFB0F7A617D0A5A302A271B7256D74F445F2 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:14:14.0546 0x0938 winachsf - ok
13:14:14.0640 0x0938 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:14:14.0796 0x0938 winmgmt - ok
13:14:14.0859 0x0938 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:14:15.0296 0x0938 WmdmPmSN - ok
13:14:15.0406 0x0938 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:14:15.0500 0x0938 Wmi - ok
13:14:15.0562 0x0938 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:14:15.0718 0x0938 WmiApSrv - ok
13:14:15.0859 0x0938 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:14:15.0937 0x0938 WPFFontCache_v0400 - ok
13:14:16.0031 0x0938 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:14:16.0250 0x0938 wscsvc - ok
13:14:16.0312 0x0938 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:14:16.0468 0x0938 wuauserv - ok
13:14:16.0609 0x0938 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:14:16.0843 0x0938 WZCSVC - ok
13:14:16.0906 0x0938 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:14:17.0031 0x0938 xmlprov - ok
13:14:17.0046 0x0938 ================ Scan global ===============================
13:14:17.0078 0x0938 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
13:14:17.0171 0x0938 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:14:17.0187 0x0938 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:14:17.0218 0x0938 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
13:14:17.0218 0x0938 [ Global ] - ok
13:14:17.0218 0x0938 ================ Scan MBR ==================================
13:14:17.0250 0x0938 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:14:17.0546 0x0938 \Device\Harddisk0\DR0 - ok
13:14:17.0546 0x0938 ================ Scan VBR ==================================
13:14:17.0562 0x0938 [ 17F69FA802E29F9A03B285BADDA1CA6C ] \Device\Harddisk0\DR0\Partition1
13:14:17.0562 0x0938 \Device\Harddisk0\DR0\Partition1 - ok
13:14:17.0562 0x0938 ================ Scan active images ========================
13:14:17.0562 0x0938 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] C:\WINDOWS\system32\drivers\intelppm.sys
13:14:17.0562 0x0938 C:\WINDOWS\system32\drivers\intelppm.sys - ok
13:14:17.0562 0x0938 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
13:14:17.0562 0x0938 C:\WINDOWS\system32\drivers\videoprt.sys - ok
13:14:17.0562 0x0938 [ C0B86ECB324E50F6BBD529F9D5C6B24B, 6B6E58CBDE1010FF13740DA91482E8A40D7B31CD808C16B524BE012C0EADB0D1 ] C:\WINDOWS\system32\drivers\ati2mtag.sys
13:14:17.0562 0x0938 C:\WINDOWS\system32\drivers\ati2mtag.sys - ok
13:14:17.0578 0x0938 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] C:\WINDOWS\system32\drivers\hdaudbus.sys
13:14:17.0578 0x0938 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
13:14:17.0578 0x0938 [ 6DE32A9123EF60F9D423E9163AF0E305, 2C11222D998F6D8D870879BB50E85C4929BF51903118DD8A991B9A02FF84B79E ] C:\WINDOWS\system32\drivers\e1e5132.sys
13:14:17.0578 0x0938 C:\WINDOWS\system32\drivers\e1e5132.sys - ok
13:14:17.0578 0x0938 [ 72062B53186E4A3F5FCBC41EBB62B905, F8C34C6EF26E67423742C50F39FB4888601F3BFC7DD4FD0EEC59A37A21F3D77F ] C:\WINDOWS\system32\drivers\NETwLx32.sys
13:14:17.0578 0x0938 C:\WINDOWS\system32\drivers\NETwLx32.sys - ok
13:14:17.0593 0x0938 [ 6DF35CA139C3BC15CC74390ABB114EFE, 5401724E49243625C43B3F9032E592EF43605C2510E809C1D318A7792AB9FBBA ] C:\WINDOWS\system32\drivers\usbport.sys
13:14:17.0593 0x0938 C:\WINDOWS\system32\drivers\usbport.sys - ok
13:14:17.0593 0x0938 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] C:\WINDOWS\system32\drivers\usbuhci.sys
13:14:17.0593 0x0938 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
13:14:17.0593 0x0938 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] C:\WINDOWS\system32\drivers\usbehci.sys
13:14:17.0593 0x0938 C:\WINDOWS\system32\drivers\usbehci.sys - ok
13:14:17.0593 0x0938 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
13:14:17.0593 0x0938 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
13:14:17.0609 0x0938 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
13:14:17.0609 0x0938 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
13:14:17.0609 0x0938 [ 04FE5EF6ED4818EC4839EA5C611A6310, 666479AF6789FC5DF2EA8D4B6216FDA9A4998D252F95BD003619D9376B1DC9E7 ] C:\WINDOWS\system32\drivers\usbd.sys
13:14:17.0609 0x0938 C:\WINDOWS\system32\drivers\usbd.sys - ok
13:14:17.0609 0x0938 [ 1CDE0A5C0416187B9B89E03980C6E8DE, FF78A9EA10521BDE3744932CF41FFC338C202E991816FF6E8F579C032828DD26 ] C:\WINDOWS\system32\drivers\SynTP.sys
13:14:17.0609 0x0938 C:\WINDOWS\system32\drivers\SynTP.sys - ok
13:14:17.0625 0x0938 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
13:14:17.0625 0x0938 C:\WINDOWS\system32\drivers\mouclass.sys - ok
13:14:17.0625 0x0938 [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] C:\WINDOWS\system32\drivers\nscirda.sys
13:14:17.0625 0x0938 C:\WINDOWS\system32\drivers\nscirda.sys - ok
13:14:17.0625 0x0938 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] C:\WINDOWS\system32\drivers\irenum.sys
13:14:17.0625 0x0938 C:\WINDOWS\system32\drivers\irenum.sys - ok
13:14:17.0625 0x0938 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] C:\WINDOWS\system32\drivers\CmBatt.sys
13:14:17.0625 0x0938 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
13:14:17.0640 0x0938 [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] C:\WINDOWS\system32\drivers\ibmpmdrv.sys
13:14:17.0640 0x0938 C:\WINDOWS\system32\drivers\ibmpmdrv.sys - ok
13:14:17.0640 0x0938 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
13:14:17.0640 0x0938 C:\WINDOWS\system32\drivers\imapi.sys - ok
13:14:17.0640 0x0938 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
13:14:17.0640 0x0938 C:\WINDOWS\system32\drivers\cdrom.sys - ok
13:14:17.0656 0x0938 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
13:14:17.0656 0x0938 C:\WINDOWS\system32\drivers\ks.sys - ok
13:14:17.0656 0x0938 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
13:14:17.0656 0x0938 C:\WINDOWS\system32\drivers\redbook.sys - ok
13:14:17.0656 0x0938 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
13:14:17.0656 0x0938 C:\WINDOWS\system32\drivers\audstub.sys - ok
13:14:17.0671 0x0938 [ A92500F91100DA9E53BF841F0B16927C, 02324CEAA5706F35F2BE9E3B0D55E0A8F04AE5E163AB50A276E22C3F18EB5BA0 ] C:\WINDOWS\system32\drivers\dne2000.sys
13:14:17.0671 0x0938 C:\WINDOWS\system32\drivers\dne2000.sys - ok
13:14:17.0671 0x0938 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
13:14:17.0671 0x0938 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
13:14:17.0671 0x0938 [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] C:\WINDOWS\system32\drivers\rasirda.sys
13:14:17.0671 0x0938 C:\WINDOWS\system32\drivers\rasirda.sys - ok
13:14:17.0671 0x0938 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] C:\WINDOWS\system32\drivers\tdi.sys
13:14:17.0671 0x0938 C:\WINDOWS\system32\drivers\tdi.sys - ok
13:14:17.0687 0x0938 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] C:\WINDOWS\system32\drivers\rasl2tp.sys
13:14:17.0687 0x0938 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
13:14:17.0687 0x0938 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] C:\WINDOWS\system32\drivers\ndistapi.sys
13:14:17.0687 0x0938 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
13:14:17.0687 0x0938 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] C:\WINDOWS\system32\drivers\ndiswan.sys
13:14:17.0687 0x0938 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
13:14:17.0703 0x0938 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] C:\WINDOWS\system32\drivers\raspppoe.sys
13:14:17.0703 0x0938 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
13:14:17.0703 0x0938 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] C:\WINDOWS\system32\drivers\raspptp.sys
13:14:17.0703 0x0938 C:\WINDOWS\system32\drivers\raspptp.sys - ok
13:14:17.0703 0x0938 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] C:\WINDOWS\system32\drivers\psched.sys
13:14:17.0703 0x0938 C:\WINDOWS\system32\drivers\psched.sys - ok
13:14:17.0718 0x0938 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] C:\WINDOWS\system32\drivers\msgpc.sys
13:14:17.0718 0x0938 C:\WINDOWS\system32\drivers\msgpc.sys - ok
13:14:17.0718 0x0938 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
13:14:17.0718 0x0938 C:\WINDOWS\system32\drivers\ptilink.sys - ok
13:14:17.0718 0x0938 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
13:14:17.0718 0x0938 C:\WINDOWS\system32\drivers\raspti.sys - ok
13:14:17.0718 0x0938 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] C:\WINDOWS\system32\drivers\rdpdr.sys
13:14:17.0718 0x0938 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
13:14:17.0734 0x0938 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
13:14:17.0734 0x0938 C:\WINDOWS\system32\drivers\termdd.sys - ok
13:14:17.0734 0x0938 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
13:14:17.0734 0x0938 C:\WINDOWS\system32\drivers\swenum.sys - ok
13:14:17.0734 0x0938 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
13:14:17.0734 0x0938 C:\WINDOWS\system32\drivers\update.sys - ok
13:14:17.0750 0x0938 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
13:14:17.0750 0x0938 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
13:14:17.0750 0x0938 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] C:\WINDOWS\system32\drivers\ndproxy.sys
13:14:17.0750 0x0938 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
13:14:17.0750 0x0938 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] C:\WINDOWS\system32\drivers\drmk.sys
13:14:17.0750 0x0938 C:\WINDOWS\system32\drivers\drmk.sys - ok
13:14:17.0750 0x0938 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] C:\WINDOWS\system32\drivers\portcls.sys
13:14:17.0750 0x0938 C:\WINDOWS\system32\drivers\portcls.sys - ok
13:14:17.0765 0x0938 [ BEEE84A79710F705864685B05F1BB172, B3E75F860179EB6C72A902EF9425F57992F73890DAB2C6F9562E8D77ADF4EC5B ] C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:14:17.0765 0x0938 C:\WINDOWS\system32\drivers\ADIHdAud.sys - ok
13:14:17.0765 0x0938 [ 358063AB6C1C4173B735525CDFA65F94, E2C7E27F8E0B4C6A662313FEEE61AF02D9166F4DC40E709DBB6C73EB489A5CC5 ] C:\WINDOWS\system32\drivers\aeaudio.sys
13:14:17.0765 0x0938 C:\WINDOWS\system32\drivers\aeaudio.sys - ok
13:14:17.0765 0x0938 [ 702A7E1B3C9263EFBD6AEDE3B6919761, CD60A7A657596890775FA6583800A57BF8435B8F4964C65630835291F7EC38F1 ] C:\WINDOWS\system32\drivers\HSFHWAZL.sys
13:14:17.0765 0x0938 C:\WINDOWS\system32\drivers\HSFHWAZL.sys - ok
13:14:17.0781 0x0938 [ 8D02CB68D53AA36189FAF86FED438884, 99F66C299CEAA2967985CDEA0956C186AD86F5AF52649023D72D6C47C509FCA2 ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
13:14:17.0781 0x0938 C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
13:14:17.0781 0x0938 [ 115946A53B62A6B171FD0ED197C71D52, 498F5926B4EEE368CF7156243197FFB0F7A617D0A5A302A271B7256D74F445F2 ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
13:14:17.0781 0x0938 C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
13:14:17.0781 0x0938 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] C:\WINDOWS\system32\drivers\modem.sys
13:14:17.0781 0x0938 C:\WINDOWS\system32\drivers\modem.sys - ok
13:14:17.0781 0x0938 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
13:14:17.0781 0x0938 C:\WINDOWS\system32\drivers\usbhub.sys - ok
13:14:17.0796 0x0938 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
13:14:17.0796 0x0938 C:\WINDOWS\system32\drivers\fdc.sys - ok
13:14:17.0796 0x0938 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
13:14:17.0796 0x0938 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
13:14:17.0796 0x0938 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
13:14:17.0796 0x0938 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
13:14:17.0796 0x0938 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
13:14:17.0796 0x0938 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
13:14:17.0812 0x0938 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
13:14:17.0812 0x0938 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
13:14:17.0812 0x0938 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
13:14:17.0812 0x0938 C:\WINDOWS\system32\drivers\null.sys - ok
13:14:17.0812 0x0938 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
13:14:17.0812 0x0938 C:\WINDOWS\system32\drivers\beep.sys - ok
13:14:17.0828 0x0938 [ C569EF030B11F896E123A30AC92678DB, F851E99B968BBAB82E3B0D1D2F985AEE1EAD10C3BBACDD02BAB2ACEE57CB048A ] C:\WINDOWS\system32\drivers\hidparse.sys
13:14:17.0828 0x0938 C:\WINDOWS\system32\drivers\hidparse.sys - ok
13:14:17.0828 0x0938 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] C:\WINDOWS\system32\drivers\kbdhid.sys
13:14:17.0828 0x0938 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
13:14:17.0828 0x0938 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
13:14:17.0828 0x0938 C:\WINDOWS\system32\drivers\vga.sys - ok
13:14:17.0828 0x0938 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
13:14:17.0828 0x0938 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
13:14:17.0843 0x0938 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
13:14:17.0843 0x0938 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
13:14:17.0843 0x0938 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
13:14:17.0843 0x0938 C:\WINDOWS\system32\drivers\msfs.sys - ok
13:14:17.0843 0x0938 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
13:14:17.0843 0x0938 C:\WINDOWS\system32\drivers\npfs.sys - ok
13:14:17.0859 0x0938 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] C:\WINDOWS\system32\drivers\ipsec.sys
13:14:17.0859 0x0938 C:\WINDOWS\system32\drivers\ipsec.sys - ok
13:14:17.0859 0x0938 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
13:14:17.0859 0x0938 C:\WINDOWS\system32\drivers\rasacd.sys - ok
13:14:17.0859 0x0938 [ AE8008574D04DE86781710321ED158C9, EAFAF98AD4BC166F5075E00F1DD465B1178B55DEB577C4B068C0922FB5BF5D79 ] C:\WINDOWS\system32\drivers\SWIPsec.sys
13:14:17.0859 0x0938 C:\WINDOWS\system32\drivers\SWIPsec.sys - ok
13:14:17.0859 0x0938 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] C:\WINDOWS\system32\drivers\tcpip.sys
13:14:17.0859 0x0938 C:\WINDOWS\system32\drivers\tcpip.sys - ok
13:14:17.0875 0x0938 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] C:\WINDOWS\system32\drivers\netbt.sys
13:14:17.0875 0x0938 C:\WINDOWS\system32\drivers\netbt.sys - ok
13:14:17.0875 0x0938 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] C:\WINDOWS\system32\drivers\ipnat.sys
13:14:17.0875 0x0938 C:\WINDOWS\system32\drivers\ipnat.sys - ok
13:14:17.0875 0x0938 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] C:\WINDOWS\system32\drivers\afd.sys
13:14:17.0875 0x0938 C:\WINDOWS\system32\drivers\afd.sys - ok
13:14:17.0890 0x0938 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] C:\WINDOWS\system32\drivers\wanarp.sys
13:14:17.0890 0x0938 C:\WINDOWS\system32\drivers\wanarp.sys - ok
13:14:17.0890 0x0938 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] C:\WINDOWS\system32\drivers\netbios.sys
13:14:17.0890 0x0938 C:\WINDOWS\system32\drivers\netbios.sys - ok
13:14:17.0890 0x0938 [ 5F7F63884A8547981EE379B8C0FB3312, 92AAFF2AA9652E6B9BF27F78C240F3BCB41CDECB2AF4BBAF78559D226D78BEA6 ] C:\WINDOWS\system32\drivers\tmtdi.sys
13:14:17.0890 0x0938 C:\WINDOWS\system32\drivers\tmtdi.sys - ok
13:14:17.0890 0x0938 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] C:\WINDOWS\system32\drivers\rdbss.sys
13:14:17.0890 0x0938 C:\WINDOWS\system32\drivers\rdbss.sys - ok
13:14:17.0906 0x0938 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
13:14:17.0906 0x0938 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
13:14:17.0906 0x0938 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] C:\WINDOWS\system32\drivers\fips.sys
13:14:17.0906 0x0938 C:\WINDOWS\system32\drivers\fips.sys - ok
13:14:17.0906 0x0938 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
13:14:17.0906 0x0938 C:\WINDOWS\system32\smss.exe - ok
13:14:17.0921 0x0938 [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] C:\WINDOWS\system32\ntdll.dll
13:14:17.0921 0x0938 C:\WINDOWS\system32\ntdll.dll - ok
13:14:17.0921 0x0938 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
13:14:17.0921 0x0938 C:\WINDOWS\system32\autochk.exe - ok
13:14:17.0921 0x0938 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
13:14:17.0921 0x0938 C:\WINDOWS\system32\sfcfiles.dll - ok
13:14:17.0921 0x0938 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] C:\WINDOWS\system32\drivers\cdfs.sys
13:14:17.0921 0x0938 C:\WINDOWS\system32\drivers\cdfs.sys - ok
13:14:17.0937 0x0938 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] C:\WINDOWS\system32\drivers\atapi.sys
13:14:17.0937 0x0938 C:\WINDOWS\system32\drivers\atapi.sys - ok
13:14:17.0937 0x0938 [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] C:\WINDOWS\system32\drivers\wmilib.sys
13:14:17.0937 0x0938 C:\WINDOWS\system32\drivers\wmilib.sys - ok
13:14:17.0937 0x0938 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
13:14:17.0937 0x0938 C:\WINDOWS\system32\drivers\dxapi.sys - ok
13:14:17.0953 0x0938 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
13:14:17.0953 0x0938 C:\WINDOWS\system32\watchdog.sys - ok
13:14:17.0953 0x0938 [ 80AAA73D56272FD54DC6DE8643D10E9F, 0DC91699D5AF322C78AF7783CF3D55A1F561219EE32DC8DA186F2255704D52FC ] C:\WINDOWS\system32\win32k.sys
13:14:17.0953 0x0938 C:\WINDOWS\system32\win32k.sys - ok
13:14:17.0953 0x0938 [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] C:\WINDOWS\system32\csrsrv.dll
13:14:17.0953 0x0938 C:\WINDOWS\system32\csrsrv.dll - ok
13:14:17.0953 0x0938 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
13:14:17.0953 0x0938 C:\WINDOWS\system32\csrss.exe - ok
13:14:17.0968 0x0938 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
13:14:17.0968 0x0938 C:\WINDOWS\system32\basesrv.dll - ok
13:14:17.0968 0x0938 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:14:17.0968 0x0938 C:\WINDOWS\system32\winsrv.dll - ok
13:14:17.0968 0x0938 [ AFFE0B7126A86603D3F49A19A5B7DC46, 63C91B4726F583C1DC1B3F26CC8DC39C519401CF0005F223EE17A363BDBEA22F ] C:\WINDOWS\system32\gdi32.dll
13:14:17.0968 0x0938 C:\WINDOWS\system32\gdi32.dll - ok
13:14:17.0984 0x0938 [ 4A45B692D2BAA74124DF57472D5EA2F1, DFC6B595BBADFEF4930CCCF48E9FE55551CF0891571257E3E0A0DE328077A89B ] C:\WINDOWS\system32\kernel32.dll
13:14:17.0984 0x0938 C:\WINDOWS\system32\kernel32.dll - ok
13:14:17.0984 0x0938 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
13:14:17.0984 0x0938 C:\WINDOWS\system32\user32.dll - ok
13:14:17.0984 0x0938 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
13:14:17.0984 0x0938 C:\WINDOWS\system32\drivers\dxg.sys - ok
13:14:17.0984 0x0938 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
13:14:17.0984 0x0938 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
13:14:18.0000 0x0938 [ 8C6E305747617D61A0FE38F1101C8902, 414714BB043B0E3C87FDF8EB9B6C38828BD74DD618D54FB24B0211592AA74E2B ] C:\WINDOWS\system32\ati2dvag.dll
13:14:18.0000 0x0938 C:\WINDOWS\system32\ati2dvag.dll - ok
13:14:18.0000 0x0938 [ AC40DD025E849710E76CF022F00621F2, EBA1A8BB524FF31DF58483EFAF77864A4B3ED6B97FA19F23B192AF186A9470F7 ] C:\WINDOWS\system32\ati2cqag.dll
13:14:18.0000 0x0938 C:\WINDOWS\system32\ati2cqag.dll - ok
13:14:18.0000 0x0938 [ E8031FA6995B8B5CD31E4444A7F9B46A, 580417425DCC74715E8751F6AAD64163842D5219AC305D8AB7F578BC3EEF1BFE ] C:\WINDOWS\system32\atikvmag.dll
13:14:18.0000 0x0938 C:\WINDOWS\system32\atikvmag.dll - ok
13:14:18.0015 0x0938 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
13:14:18.0015 0x0938 C:\WINDOWS\system32\vga.dll - ok
13:14:18.0015 0x0938 [ CA1603D1F73C7E41D3F60EA6C238A546, A59C5B2AF032611D382C48A83FBF7A37482C21C175A5D75CD6527C79465D435B ] C:\WINDOWS\system32\atiok3x2.dll
13:14:18.0015 0x0938 C:\WINDOWS\system32\atiok3x2.dll - ok
13:14:18.0015 0x0938 [ 992E3C779D0B7F9DF81A2A9674598327, C744ACCDEA1CC5D64B3991CC67CB0C5D54C690512A977CEFDDCF722097FDC211 ] C:\WINDOWS\system32\ati3duag.dll
13:14:18.0015 0x0938 C:\WINDOWS\system32\ati3duag.dll - ok
13:14:18.0015 0x0938 [ 9F4C94E917F82C56186C99CCC23A54D0, CE0D648F7583170904CE0E54AFA5D4AAA84B54249C810DD86901BB224B0D6354 ] C:\WINDOWS\system32\ativvaxx.dll
13:14:18.0015 0x0938 C:\WINDOWS\system32\ativvaxx.dll - ok
13:14:18.0031 0x0938 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
13:14:18.0031 0x0938 C:\WINDOWS\system32\winlogon.exe - ok
13:14:18.0031 0x0938 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
13:14:18.0031 0x0938 C:\WINDOWS\system32\advapi32.dll - ok
13:14:18.0031 0x0938 [ 44C164B34A72F29087ECA32411F2ED44, 112761CCEFE8F4B936AC58FF1F13589C0DBA3BE1AC348584D874B65DAB1EDED6 ] C:\WINDOWS\system32\rpcrt4.dll
13:14:18.0031 0x0938 C:\WINDOWS\system32\rpcrt4.dll - ok
13:14:18.0046 0x0938 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
13:14:18.0046 0x0938 C:\WINDOWS\system32\secur32.dll - ok
13:14:18.0046 0x0938 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
13:14:18.0046 0x0938 C:\WINDOWS\system32\authz.dll - ok
13:14:18.0046 0x0938 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
13:14:18.0046 0x0938 C:\WINDOWS\system32\msvcrt.dll - ok
13:14:18.0046 0x0938 [ 636DF3FF20A1B69B3F9D21325E7115C7, 6B38CF96E92273995F40B6D7029D20B4041342D6EDD5B6CA73967A401823D4F5 ] C:\WINDOWS\system32\crypt32.dll
13:14:18.0046 0x0938 C:\WINDOWS\system32\crypt32.dll - ok
13:14:18.0062 0x0938 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
13:14:18.0062 0x0938 C:\WINDOWS\system32\msasn1.dll - ok
13:14:18.0062 0x0938 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
13:14:18.0062 0x0938 C:\WINDOWS\system32\nddeapi.dll - ok
13:14:18.0062 0x0938 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
13:14:18.0062 0x0938 C:\WINDOWS\system32\profmap.dll - ok
13:14:18.0078 0x0938 [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] C:\WINDOWS\system32\netapi32.dll
13:14:18.0078 0x0938 C:\WINDOWS\system32\netapi32.dll - ok
13:14:18.0078 0x0938 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
13:14:18.0078 0x0938 C:\WINDOWS\system32\userenv.dll - ok
13:14:18.0078 0x0938 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
13:14:18.0078 0x0938 C:\WINDOWS\system32\psapi.dll - ok
13:14:18.0078 0x0938 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
13:14:18.0078 0x0938 C:\WINDOWS\system32\regapi.dll - ok
13:14:18.0093 0x0938 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
13:14:18.0093 0x0938 C:\WINDOWS\system32\setupapi.dll - ok
13:14:18.0093 0x0938 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
13:14:18.0093 0x0938 C:\WINDOWS\system32\version.dll - ok
13:14:18.0093 0x0938 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
13:14:18.0093 0x0938 C:\WINDOWS\system32\winsta.dll - ok
13:14:18.0109 0x0938 [ 16E916243BDDBAF44D98E623B2D0CEAD, A1C56AC378EDA9ACBE73342BEE0897E028BDD368288552108FC77A7AA1478690 ] C:\WINDOWS\system32\imagehlp.dll
13:14:18.0109 0x0938 C:\WINDOWS\system32\imagehlp.dll - ok
13:14:18.0109 0x0938 [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] C:\WINDOWS\system32\wintrust.dll
13:14:18.0109 0x0938 C:\WINDOWS\system32\wintrust.dll - ok
13:14:18.0109 0x0938 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
13:14:18.0109 0x0938 C:\WINDOWS\system32\ws2help.dll - ok
13:14:18.0109 0x0938 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
13:14:18.0109 0x0938 C:\WINDOWS\system32\ws2_32.dll - ok
13:14:18.0125 0x0938 [ 0078A980550F2F9C11451E4F37A5E3DC, 5102C409173B13DAFAC0405B0BAFB79B83B51BCF801840011F1831E862D7BC57 ] C:\Program Files\netinst\NiAMH.dll
13:14:18.0125 0x0938 C:\Program Files\netinst\NiAMH.dll - ok
13:14:18.0125 0x0938 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
13:14:18.0125 0x0938 C:\WINDOWS\system32\imm32.dll - ok
13:14:18.0125 0x0938 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
13:14:18.0125 0x0938 C:\WINDOWS\system32\kbdus.dll - ok
13:14:18.0140 0x0938 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
13:14:18.0140 0x0938 C:\WINDOWS\system32\msgina.dll - ok
13:14:18.0140 0x0938 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
13:14:18.0140 0x0938 C:\WINDOWS\system32\comctl32.dll - ok
13:14:18.0140 0x0938 [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] C:\WINDOWS\system32\odbc32.dll
13:14:18.0140 0x0938 C:\WINDOWS\system32\odbc32.dll - ok
13:14:18.0140 0x0938 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
13:14:18.0140 0x0938 C:\WINDOWS\system32\comdlg32.dll - ok
13:14:18.0156 0x0938 [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] C:\WINDOWS\system32\shell32.dll
13:14:18.0156 0x0938 C:\WINDOWS\system32\shell32.dll - ok
13:14:18.0156 0x0938 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
13:14:18.0156 0x0938 C:\WINDOWS\system32\shlwapi.dll - ok
13:14:18.0156 0x0938 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
13:14:18.0156 0x0938 C:\WINDOWS\system32\sxs.dll - ok
13:14:18.0156 0x0938 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
13:14:18.0156 0x0938 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
13:14:18.0171 0x0938 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
13:14:18.0171 0x0938 C:\WINDOWS\system32\odbcint.dll - ok
13:14:18.0171 0x0938 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
13:14:18.0171 0x0938 C:\WINDOWS\system32\sfc.dll - ok
13:14:18.0171 0x0938 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
13:14:18.0171 0x0938 C:\WINDOWS\system32\sfc_os.dll - ok
13:14:18.0187 0x0938 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] C:\WINDOWS\system32\shsvcs.dll
13:14:18.0187 0x0938 C:\WINDOWS\system32\shsvcs.dll - ok
13:14:18.0187 0x0938 [ 59B408E5B8489B0B36A0D783D150EDCC, CB234B25502B0CE0C1E6CFA883FDDF64DAB7A6E50A6AD36CAB3B30A7C872B403 ] C:\WINDOWS\system32\ole32.dll
13:14:18.0187 0x0938 C:\WINDOWS\system32\ole32.dll - ok
13:14:18.0187 0x0938 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
13:14:18.0187 0x0938 C:\WINDOWS\system32\apphelp.dll - ok
13:14:18.0187 0x0938 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
13:14:18.0187 0x0938 C:\WINDOWS\system32\services.exe - ok
13:14:18.0203 0x0938 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
13:14:18.0203 0x0938 C:\WINDOWS\system32\lsass.exe - ok
13:14:18.0203 0x0938 [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] C:\WINDOWS\system32\lsasrv.dll
13:14:18.0203 0x0938 C:\WINDOWS\system32\lsasrv.dll - ok
13:14:18.0203 0x0938 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
13:14:18.0203 0x0938 C:\WINDOWS\system32\ncobjapi.dll - ok
13:14:18.0218 0x0938 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
13:14:18.0218 0x0938 C:\WINDOWS\system32\msvcp60.dll - ok
13:14:18.0218 0x0938 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
13:14:18.0218 0x0938 C:\WINDOWS\system32\scesrv.dll - ok
13:14:18.0218 0x0938 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
13:14:18.0218 0x0938 C:\WINDOWS\system32\mpr.dll - ok
13:14:18.0218 0x0938 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
13:14:18.0218 0x0938 C:\WINDOWS\system32\umpnpmgr.dll - ok
13:14:18.0234 0x0938 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
13:14:18.0234 0x0938 C:\WINDOWS\system32\ntdsapi.dll - ok
13:14:18.0234 0x0938 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
13:14:18.0234 0x0938 C:\WINDOWS\system32\shimeng.dll - ok
13:14:18.0234 0x0938 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\AcAdProc.dll
13:14:18.0234 0x0938 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
13:14:18.0234 0x0938 [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] C:\WINDOWS\system32\dnsapi.dll
13:14:18.0234 0x0938 C:\WINDOWS\system32\dnsapi.dll - ok
13:14:18.0250 0x0938 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
13:14:18.0250 0x0938 C:\WINDOWS\system32\wldap32.dll - ok
13:14:18.0250 0x0938 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
13:14:18.0250 0x0938 C:\WINDOWS\system32\samlib.dll - ok
13:14:18.0250 0x0938 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
13:14:18.0250 0x0938 C:\WINDOWS\system32\samsrv.dll - ok
13:14:18.0265 0x0938 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
13:14:18.0265 0x0938 C:\WINDOWS\system32\cryptdll.dll - ok
13:14:18.0265 0x0938 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\AcGenral.dll
13:14:18.0265 0x0938 C:\WINDOWS\AppPatch\AcGenral.dll - ok
13:14:18.0265 0x0938 [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] C:\WINDOWS\system32\winmm.dll
13:14:18.0265 0x0938 C:\WINDOWS\system32\winmm.dll - ok
13:14:18.0265 0x0938 [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] C:\WINDOWS\system32\oleaut32.dll
13:14:18.0265 0x0938 C:\WINDOWS\system32\oleaut32.dll - ok
13:14:18.0281 0x0938 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
13:14:18.0281 0x0938 C:\WINDOWS\system32\msacm32.dll - ok
13:14:18.0281 0x0938 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
13:14:18.0281 0x0938 C:\WINDOWS\system32\uxtheme.dll - ok
13:14:18.0281 0x0938 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
13:14:18.0281 0x0938 C:\WINDOWS\system32\msapsspc.dll - ok
13:14:18.0296 0x0938 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
13:14:18.0296 0x0938 C:\WINDOWS\system32\msvcrt40.dll - ok
13:14:18.0296 0x0938 [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] C:\WINDOWS\system32\schannel.dll
13:14:18.0296 0x0938 C:\WINDOWS\system32\schannel.dll - ok
13:14:18.0296 0x0938 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
13:14:18.0296 0x0938 C:\WINDOWS\system32\digest.dll - ok
13:14:18.0296 0x0938 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] C:\WINDOWS\system32\msnsspc.dll
13:14:18.0296 0x0938 C:\WINDOWS\system32\msnsspc.dll - ok
13:14:18.0312 0x0938 [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] C:\WINDOWS\system32\kerberos.dll
13:14:18.0312 0x0938 C:\WINDOWS\system32\kerberos.dll - ok
13:14:18.0312 0x0938 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\MSCTFIME.IME
13:14:18.0312 0x0938 C:\WINDOWS\system32\MSCTFIME.IME - ok
13:14:18.0312 0x0938 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
13:14:18.0312 0x0938 C:\WINDOWS\system32\msprivs.dll - ok
13:14:18.0328 0x0938 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
13:14:18.0328 0x0938 C:\WINDOWS\system32\msv1_0.dll - ok
13:14:18.0328 0x0938 [ 318FAA70D9B0FB8DD168D4ED628E27B2, 2C407FFDA4A02D4A1CB9592C6FA4293BA31BE8852670436F1187A8107572ED41 ] C:\WINDOWS\system32\atmfd.dll
13:14:18.0328 0x0938 C:\WINDOWS\system32\atmfd.dll - ok
13:14:18.0328 0x0938 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
13:14:18.0328 0x0938 C:\WINDOWS\system32\iphlpapi.dll - ok
13:14:18.0328 0x0938 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
13:14:18.0328 0x0938 C:\WINDOWS\system32\netlogon.dll - ok
13:14:18.0343 0x0938 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
13:14:18.0343 0x0938 C:\WINDOWS\system32\w32time.dll - ok
13:14:18.0343 0x0938 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
13:14:18.0343 0x0938 C:\WINDOWS\system32\wdigest.dll - ok
13:14:18.0343 0x0938 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
13:14:18.0343 0x0938 C:\WINDOWS\system32\rsaenh.dll - ok
13:14:18.0359 0x0938 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
13:14:18.0359 0x0938 C:\WINDOWS\system32\winscard.dll - ok
13:14:18.0359 0x0938 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
13:14:18.0359 0x0938 C:\WINDOWS\system32\wtsapi32.dll - ok
13:14:18.0359 0x0938 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
13:14:18.0359 0x0938 C:\WINDOWS\system32\scecli.dll - ok
13:14:18.0359 0x0938 [ 0DE3104387D312EA8B096D97305430D0, 5DE42187F45E61F202E620EEA962ED7F3192CD341043109B673C97980CF17D7C ] C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys
13:14:18.0359 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys - ok
13:14:18.0375 0x0938 [ 1C0A7FF6CA0F21E26AD34377A56C9B4F, A1FEED71CCBC00BF6E4604E2E3DD93CCE111DDFA38ABD26625432555EBE04594 ] C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys
13:14:18.0375 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys - ok
13:14:18.0375 0x0938 [ 6341531EE7FE1CE4C116C849BE02534F, 498EFF737033987CED9D619B04D6E2702A509C67D6224A2DD91983D5ECB2869F ] C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys
13:14:18.0375 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys - ok
13:14:18.0375 0x0938 [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] C:\WINDOWS\system32\ibmpmsvc.exe
13:14:18.0375 0x0938 C:\WINDOWS\system32\ibmpmsvc.exe - ok
13:14:18.0390 0x0938 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
13:14:18.0390 0x0938 C:\WINDOWS\system32\logonui.exe - ok
13:14:18.0390 0x0938 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
13:14:18.0390 0x0938 C:\WINDOWS\system32\duser.dll - ok
13:14:18.0390 0x0938 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
13:14:18.0390 0x0938 C:\WINDOWS\system32\msimg32.dll - ok
13:14:18.0390 0x0938 [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] C:\WINDOWS\system32\oleacc.dll
13:14:18.0390 0x0938 C:\WINDOWS\system32\oleacc.dll - ok
13:14:18.0406 0x0938 [ 471087B5E1E01CC82604E81EA14781D8, DA6AAFE65232AF3DA3D0D5F399730A1117B0DBBCB6AA2A9BD0D1ADA22A1198B8 ] C:\WINDOWS\system32\ati2evxx.exe
13:14:18.0406 0x0938 C:\WINDOWS\system32\ati2evxx.exe - ok
13:14:18.0406 0x0938 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
13:14:18.0406 0x0938 C:\WINDOWS\system32\clbcatq.dll - ok
13:14:18.0406 0x0938 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
13:14:18.0406 0x0938 C:\WINDOWS\system32\powrprof.dll - ok
13:14:18.0421 0x0938 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] C:\WINDOWS\system32\cfgmgr32.dll
13:14:18.0421 0x0938 C:\WINDOWS\system32\cfgmgr32.dll - ok
13:14:18.0421 0x0938 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
13:14:18.0421 0x0938 C:\WINDOWS\system32\comres.dll - ok
13:14:18.0421 0x0938 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
13:14:18.0421 0x0938 C:\WINDOWS\system32\svchost.exe - ok
13:14:18.0421 0x0938 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
13:14:18.0421 0x0938 C:\WINDOWS\system32\ntmarta.dll - ok
13:14:18.0437 0x0938 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
13:14:18.0437 0x0938 C:\WINDOWS\system32\rpcss.dll - ok
13:14:18.0437 0x0938 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
13:14:18.0437 0x0938 C:\WINDOWS\system32\shgina.dll - ok
13:14:18.0437 0x0938 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
13:14:18.0437 0x0938 C:\WINDOWS\system32\xpsp2res.dll - ok
13:14:18.0453 0x0938 [ 9663D8D8F038A8ECBAF608E400AF5C96, 55ACF52D6B2B1EDF27A9134FAB83F0C8C1456BC98FFD6825D326340A49221253 ] C:\WINDOWS\system32\ati2edxx.dll
13:14:18.0453 0x0938 C:\WINDOWS\system32\ati2edxx.dll - ok
13:14:18.0453 0x0938 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
13:14:18.0453 0x0938 C:\WINDOWS\system32\eventlog.dll - ok
13:14:18.0453 0x0938 [ 25A6598909434F80535967A6472A4D75, 8AD04ADF5CC8B3341691DB58444AEFFEFC3D40EC0F85F759962432A4E481BFBD ] C:\WINDOWS\system32\atipdlxx.dll
13:14:18.0453 0x0938 C:\WINDOWS\system32\atipdlxx.dll - ok
13:14:18.0453 0x0938 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] C:\WINDOWS\system32\mswsock.dll
13:14:18.0453 0x0938 C:\WINDOWS\system32\mswsock.dll - ok
13:14:18.0468 0x0938 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
13:14:18.0468 0x0938 C:\WINDOWS\system32\hnetcfg.dll - ok
13:14:18.0468 0x0938 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
13:14:18.0468 0x0938 C:\WINDOWS\system32\wshtcpip.dll - ok
13:14:18.0468 0x0938 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
13:14:18.0468 0x0938 C:\WINDOWS\system32\winrnr.dll - ok
13:14:18.0484 0x0938 [ 40947436A70E0034E41123DF5A0A7702, 5D40FD92DA5CA59C1BADB58AD509DB6A6D613F18660A9A270A53ECA85D34C3A9 ] C:\Program Files\Bonjour\mdnsNSP.dll
13:14:18.0484 0x0938 C:\Program Files\Bonjour\mdnsNSP.dll - ok
13:14:18.0484 0x0938 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
13:14:18.0484 0x0938 C:\WINDOWS\system32\rasadhlp.dll - ok
13:14:18.0484 0x0938 [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] C:\WINDOWS\system32\drivers\irda.sys
13:14:18.0484 0x0938 C:\WINDOWS\system32\drivers\irda.sys - ok
13:14:18.0484 0x0938 [ 4EBC9AF70E5DDEDFDB8D9DDB530D7929, 764A6CEEF0C147CF1FAB2DC75AE6C599C207A23070801923619F22EF0C5DC3AB ] C:\WINDOWS\system32\ati2evxx.dll
13:14:18.0484 0x0938 C:\WINDOWS\system32\ati2evxx.dll - ok
13:14:18.0500 0x0938 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] C:\WINDOWS\system32\drivers\ndisuio.sys
13:14:18.0500 0x0938 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
13:14:18.0500 0x0938 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
13:14:18.0500 0x0938 C:\WINDOWS\system32\cscdll.dll - ok
13:14:18.0500 0x0938 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
13:14:18.0500 0x0938 C:\WINDOWS\system32\dhcpcsvc.dll - ok
13:14:18.0515 0x0938 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
13:14:18.0515 0x0938 C:\WINDOWS\system32\dimsntfy.dll - ok
13:14:18.0515 0x0938 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
13:14:18.0515 0x0938 C:\WINDOWS\system32\winspool.drv - ok
13:14:18.0515 0x0938 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
13:14:18.0515 0x0938 C:\WINDOWS\system32\wlnotify.dll - ok
13:14:18.0515 0x0938 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] C:\WINDOWS\system32\dnsrslvr.dll
13:14:18.0515 0x0938 C:\WINDOWS\system32\dnsrslvr.dll - ok
13:14:18.0531 0x0938 [ 02CF580510234E519736559A7F19EA20, 93DC16678B01DF2E12672AB93778151FDD7FF10C30CEF7A921553D86F97C3819 ] C:\WINDOWS\system32\WgaLogon.dll
13:14:18.0531 0x0938 C:\WINDOWS\system32\WgaLogon.dll - ok
13:14:18.0531 0x0938 [ 03A02D5A2D50198BDF6C62AF209438D0, 7A2577BB31B937436689EB8E3F415F71D3744209EFFC110C9B12C42025F36C88 ] C:\WINDOWS\system32\msxml3.dll
13:14:18.0531 0x0938 C:\WINDOWS\system32\msxml3.dll - ok
13:14:18.0531 0x0938 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] C:\WINDOWS\system32\lmhsvc.dll
13:14:18.0531 0x0938 C:\WINDOWS\system32\lmhsvc.dll - ok
13:14:18.0531 0x0938 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] C:\WINDOWS\system32\termsrv.dll
13:14:18.0531 0x0938 C:\WINDOWS\system32\termsrv.dll - ok
13:14:18.0546 0x0938 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] C:\WINDOWS\system32\wzcsvc.dll
13:14:18.0546 0x0938 C:\WINDOWS\system32\wzcsvc.dll - ok
13:14:18.0546 0x0938 [ ECC911343337D8AEE839A14F205AA12A, 9FE5BA7A9D5FBEEF67157FE7E459DE7385D1B5181E02724F15176F940295FE47 ] C:\WINDOWS\system32\kbdusx.dll
13:14:18.0546 0x0938 C:\WINDOWS\system32\kbdusx.dll - ok
13:14:18.0546 0x0938 [ DF6551E4C4C46655A0C76194F1FCEA5D, F3895AE4B36BC85C458EDC85FBD1F5AB5C33913CD91C60A65083DC0BDD037BF5 ] C:\WINDOWS\system32\icaapi.dll
13:14:18.0546 0x0938 C:\WINDOWS\system32\icaapi.dll - ok
13:14:18.0562 0x0938 [ 2D65D56C2F8B6CC5EBFF8E7200C30304, 10CD5FF00D110D1AE2313DBCBDB17C2B9DFF930F5DAD65C35C08FCF9C152C053 ] C:\WINDOWS\system32\mstlsapi.dll
13:14:18.0562 0x0938 C:\WINDOWS\system32\mstlsapi.dll - ok
13:14:18.0562 0x0938 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] C:\WINDOWS\system32\activeds.dll
13:14:18.0562 0x0938 C:\WINDOWS\system32\activeds.dll - ok
13:14:18.0562 0x0938 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] C:\WINDOWS\system32\adsldpc.dll
13:14:18.0562 0x0938 C:\WINDOWS\system32\adsldpc.dll - ok
13:14:18.0562 0x0938 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
13:14:18.0562 0x0938 C:\WINDOWS\system32\rtutils.dll - ok
13:14:18.0578 0x0938 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
13:14:18.0578 0x0938 C:\WINDOWS\system32\atl.dll - ok
13:14:18.0578 0x0938 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
13:14:18.0578 0x0938 C:\WINDOWS\system32\wmi.dll - ok
13:14:18.0578 0x0938 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] C:\WINDOWS\system32\eapolqec.dll
13:14:18.0578 0x0938 C:\WINDOWS\system32\eapolqec.dll - ok
13:14:18.0593 0x0938 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] C:\WINDOWS\system32\qutil.dll
13:14:18.0593 0x0938 C:\WINDOWS\system32\qutil.dll - ok
13:14:18.0593 0x0938 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
13:14:18.0593 0x0938 C:\WINDOWS\system32\dot3api.dll - ok
13:14:18.0593 0x0938 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
13:14:18.0593 0x0938 C:\WINDOWS\system32\esent.dll - ok
13:14:18.0593 0x0938 [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] C:\WINDOWS\system32\irmon.dll
13:14:18.0593 0x0938 C:\WINDOWS\system32\irmon.dll - ok
13:14:18.0609 0x0938 [ 52778FCE46E510B60F513B8882A65CD6, 25DDC9E3982A45EFE665D2876B6CCA45244A44C396FC05DB323ABDBDEA8B04CA ] C:\WINDOWS\system32\wshirda.dll
13:14:18.0609 0x0938 C:\WINDOWS\system32\wshirda.dll - ok
13:14:18.0609 0x0938 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] C:\WINDOWS\system32\rastls.dll
13:14:18.0609 0x0938 C:\WINDOWS\system32\rastls.dll - ok
13:14:18.0609 0x0938 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
13:14:18.0609 0x0938 C:\WINDOWS\system32\cryptui.dll - ok
13:14:18.0625 0x0938 [ 8AF91E4B4C1F5338EBE1548117304296, 493F46CB43496B8158924229094374D4531DA32E3C77FF4F86FCB86DEACFB79B ] C:\WINDOWS\system32\wininet.dll
13:14:18.0625 0x0938 C:\WINDOWS\system32\wininet.dll - ok
13:14:18.0625 0x0938 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
13:14:18.0625 0x0938 C:\WINDOWS\system32\normaliz.dll - ok
13:14:18.0625 0x0938 [ 1387AB5807E7A29D880699CC733F6AED, 0A3B777546E5F5EBC7914118D0BB32546279AEC726FED05519E0CF8F97DFA039 ] C:\WINDOWS\system32\urlmon.dll
13:14:18.0625 0x0938 C:\WINDOWS\system32\urlmon.dll - ok
13:14:18.0625 0x0938 [ 89A1EE0C4046375B4B9E0B010C90C802, 51D54DA31E30487E73B50F482F1A04F273BC812F3AB2C415D09CB44956097E11 ] C:\WINDOWS\system32\iertutil.dll
13:14:18.0625 0x0938 C:\WINDOWS\system32\iertutil.dll - ok
13:14:18.0640 0x0938 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] C:\WINDOWS\system32\mprapi.dll
13:14:18.0640 0x0938 C:\WINDOWS\system32\mprapi.dll - ok
13:14:18.0640 0x0938 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
13:14:18.0640 0x0938 C:\WINDOWS\system32\rasapi32.dll - ok
13:14:18.0640 0x0938 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
13:14:18.0640 0x0938 C:\WINDOWS\system32\rasman.dll - ok
13:14:18.0656 0x0938 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
13:14:18.0656 0x0938 C:\WINDOWS\system32\tapi32.dll - ok
13:14:18.0656 0x0938 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
13:14:18.0656 0x0938 C:\WINDOWS\system32\riched20.dll - ok
13:14:18.0656 0x0938 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] C:\WINDOWS\system32\raschap.dll
13:14:18.0656 0x0938 C:\WINDOWS\system32\raschap.dll - ok
13:14:18.0656 0x0938 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] C:\WINDOWS\system32\netman.dll
13:14:18.0656 0x0938 C:\WINDOWS\system32\netman.dll - ok
13:14:18.0671 0x0938 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
13:14:18.0671 0x0938 C:\WINDOWS\system32\netshell.dll - ok
13:14:18.0671 0x0938 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
13:14:18.0671 0x0938 C:\WINDOWS\system32\credui.dll - ok
13:14:18.0671 0x0938 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
13:14:18.0671 0x0938 C:\WINDOWS\system32\dot3dlg.dll - ok
13:14:18.0687 0x0938 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
13:14:18.0687 0x0938 C:\WINDOWS\system32\onex.dll - ok
13:14:18.0687 0x0938 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
13:14:18.0687 0x0938 C:\WINDOWS\system32\cscui.dll - ok
13:14:18.0687 0x0938 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
13:14:18.0687 0x0938 C:\WINDOWS\system32\eappcfg.dll - ok
13:14:18.0687 0x0938 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] C:\WINDOWS\system32\eappprxy.dll
13:14:18.0687 0x0938 C:\WINDOWS\system32\eappprxy.dll - ok
13:14:18.0703 0x0938 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] C:\WINDOWS\system32\wzcsapi.dll
13:14:18.0703 0x0938 C:\WINDOWS\system32\wzcsapi.dll - ok
13:14:18.0703 0x0938 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] C:\WINDOWS\system32\schedsvc.dll
13:14:18.0703 0x0938 C:\WINDOWS\system32\schedsvc.dll - ok
13:14:18.0703 0x0938 [ 2BC7128348265CABA9BBC058729A8B7B, 7032BA75102B52281C343E40E03E313D692A4ACA2396B620F51429F74860A416 ] C:\WINDOWS\system32\dpcdll.dll
13:14:18.0703 0x0938 C:\WINDOWS\system32\dpcdll.dll - ok
13:14:18.0718 0x0938 [ E47E364C96467FD54FA44D59F927C3AB, D48C377A7ACF805C413D4618A099A50BE6724E8996C151B00DEAFD27CA935183 ] C:\WINDOWS\system32\msidle.dll
13:14:18.0718 0x0938 C:\WINDOWS\system32\msidle.dll - ok
13:14:18.0718 0x0938 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] C:\WINDOWS\system32\spoolsv.exe
13:14:18.0718 0x0938 C:\WINDOWS\system32\spoolsv.exe - ok
13:14:18.0718 0x0938 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] C:\WINDOWS\system32\audiosrv.dll
13:14:18.0718 0x0938 C:\WINDOWS\system32\audiosrv.dll - ok
13:14:18.0718 0x0938 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] C:\WINDOWS\system32\wkssvc.dll
13:14:18.0718 0x0938 C:\WINDOWS\system32\wkssvc.dll - ok
13:14:18.0734 0x0938 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
13:14:18.0734 0x0938 C:\WINDOWS\system32\userinit.exe - ok
13:14:18.0734 0x0938 [ B1296D52B0D2096EC4759EEEB806D759, 4F291E1513D5E79BD3EE54E644138468778A80D6C49DF01EA93E291897E433B5 ] C:\WINDOWS\system32\WgaTray.exe
13:14:18.0734 0x0938 C:\WINDOWS\system32\WgaTray.exe - ok
13:14:18.0734 0x0938 [ FE2571A8C9FFAB1D45502D6B0BF472AA, 1442FC0180B555BC4F9B97B9A0D7674F75E67A6F61B87A6D690A20AE7D1EF360 ] C:\WINDOWS\system32\xp_eos.exe
13:14:18.0734 0x0938 C:\WINDOWS\system32\xp_eos.exe - ok
13:14:18.0734 0x0938 [ 4044E880593FE1AC9942190FCE414BE7, 1EBD42F10592D57A2C8562C641461DE5288D9E900FE91A4A1800C9AB9034F2CD ] C:\WINDOWS\system32\mstask.dll
13:14:18.0734 0x0938 C:\WINDOWS\system32\mstask.dll - ok
13:14:18.0750 0x0938 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
13:14:18.0750 0x0938 C:\WINDOWS\explorer.exe - ok
13:14:18.0750 0x0938 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Program Files\Google\Update\GoogleUpdate.exe
13:14:18.0750 0x0938 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
13:14:18.0750 0x0938 [ DA24EDFC1D6C1B67C010D34652B7052F, 0499E99F7B794C1FE8E8C03658F0DCDFC3B0FF5315A1871FCB0C33D612A15BD1 ] C:\Program Files\Google\Update\1.3.24.7\goopdate.dll
13:14:18.0750 0x0938 C:\Program Files\Google\Update\1.3.24.7\goopdate.dll - ok
13:14:18.0765 0x0938 [ E392E172687BE172F8600C5F41AB03D9, 5E928035FA9DB71FDCEB74D6D4859E43169A0B202A87653A2CE5F88865D13D2E ] C:\WINDOWS\system32\browseui.dll
13:14:18.0765 0x0938 C:\WINDOWS\system32\browseui.dll - ok
13:14:18.0765 0x0938 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
13:14:18.0765 0x0938 C:\WINDOWS\system32\cryptnet.dll - ok
13:14:18.0765 0x0938 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
13:14:18.0765 0x0938 C:\WINDOWS\system32\sensapi.dll - ok
13:14:18.0765 0x0938 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] C:\WINDOWS\system32\wdmaud.drv
13:14:18.0765 0x0938 C:\WINDOWS\system32\wdmaud.drv - ok
13:14:18.0781 0x0938 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] C:\WINDOWS\system32\drivers\wdmaud.sys
13:14:18.0781 0x0938 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
13:14:18.0781 0x0938 [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] C:\WINDOWS\system32\winhttp.dll
13:14:18.0781 0x0938 C:\WINDOWS\system32\winhttp.dll - ok
13:14:18.0781 0x0938 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] C:\WINDOWS\system32\drivers\sysaudio.sys
13:14:18.0781 0x0938 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
13:14:18.0796 0x0938 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] C:\WINDOWS\system32\drivers\splitter.sys
13:14:18.0796 0x0938 C:\WINDOWS\system32\drivers\splitter.sys - ok
13:14:18.0796 0x0938 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] C:\WINDOWS\system32\drivers\aec.sys
13:14:18.0796 0x0938 C:\WINDOWS\system32\drivers\aec.sys - ok
13:14:18.0796 0x0938 [ CC26451A90025F6C55F64146C333DEA5, D03CED69EEA39C6F97FBC7DC3558D52EE43EE7DE6FDC4DC8AEC57B09D64A8C82 ] C:\WINDOWS\system32\LegitCheckControl.dll
13:14:18.0796 0x0938 C:\WINDOWS\system32\LegitCheckControl.dll - ok
13:14:18.0796 0x0938 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
13:14:18.0796 0x0938 C:\WINDOWS\system32\msi.dll - ok
13:14:18.0812 0x0938 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
13:14:18.0812 0x0938 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
13:14:18.0812 0x0938 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
13:14:18.0812 0x0938 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
13:14:18.0812 0x0938 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] C:\WINDOWS\system32\drivers\swmidi.sys
13:14:18.0812 0x0938 C:\WINDOWS\system32\drivers\swmidi.sys - ok
13:14:18.0828 0x0938 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] C:\WINDOWS\system32\drivers\DMusic.sys
13:14:18.0828 0x0938 C:\WINDOWS\system32\drivers\DMusic.sys - ok
13:14:18.0828 0x0938 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] C:\WINDOWS\system32\drivers\kmixer.sys
13:14:18.0828 0x0938 C:\WINDOWS\system32\drivers\kmixer.sys - ok
13:14:18.0828 0x0938 [ 26CB10FA893F940AB09713FF46DCDADE, B113E03877FF2073ABAC1A7DF53A575F15915438C5EB10401FFEF7CAAEA902BC ] C:\WINDOWS\system32\shdocvw.dll
13:14:18.0828 0x0938 C:\WINDOWS\system32\shdocvw.dll - ok
13:14:18.0828 0x0938 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] C:\WINDOWS\system32\drivers\drmkaud.sys
13:14:18.0828 0x0938 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
13:14:18.0843 0x0938 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] C:\WINDOWS\system32\msacm32.drv
13:14:18.0843 0x0938 C:\WINDOWS\system32\msacm32.drv - ok
13:14:18.0843 0x0938 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] C:\WINDOWS\system32\midimap.dll
13:14:18.0843 0x0938 C:\WINDOWS\system32\midimap.dll - ok
13:14:18.0843 0x0938 [ CBB25A59777D0D1B767C022F7AD87193, EE2FB002C854342F674171E09E1DB64CFDCBD152DDB009947B9B96AC05E6D150 ] C:\Program Files\netinst\NiApMgnt.dll
13:14:18.0843 0x0938 C:\Program Files\netinst\NiApMgnt.dll - ok
13:14:18.0859 0x0938 [ 9468E3D6446AEB31E5C5709149B39AFA, 1DED8B8C99F562788E407AB477B8A58C2FF9135B3D1569FB4101245F54CD735A ] C:\Program Files\netinst\siClnt32.dll
13:14:18.0859 0x0938 C:\Program Files\netinst\siClnt32.dll - ok
13:14:18.0859 0x0938 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
13:14:18.0859 0x0938 C:\WINDOWS\system32\desk.cpl - ok
13:14:18.0859 0x0938 [ B6E6F3F5B63053D5DC1F4EE32992492F, 089F9C92B677A138BABA4817624E8CA49B7E507B7D6FA0B1A3B4302B354B5C7E ] C:\WINDOWS\system32\dbghelp.dll
13:14:18.0859 0x0938 C:\WINDOWS\system32\dbghelp.dll - ok
13:14:18.0859 0x0938 [ EE9710428FFB95FD3845D41E7148AC31, 5CFBE4B7BCCB136B958E21EACB965E09F7D6CC0CB29DEA9022047809582B1065 ] C:\WINDOWS\system32\themeui.dll
13:14:18.0859 0x0938 C:\WINDOWS\system32\themeui.dll - ok
13:14:18.0875 0x0938 [ D5A444B63637EC0932172C6719A10252, 5B2F51B102EB3FE551A5D727D5280BA9417C3AC62E224997A3549F19677EAEE0 ] C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
13:14:18.0875 0x0938 C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe - ok
13:14:18.0875 0x0938 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
13:14:18.0875 0x0938 C:\WINDOWS\system32\actxprxy.dll - ok
13:14:18.0875 0x0938 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] C:\WINDOWS\system32\cmd.exe
13:14:18.0875 0x0938 C:\WINDOWS\system32\cmd.exe - ok
13:14:18.0890 0x0938 [ FA4A79DBB0E3CA56E1F0B1FD372559A8, 87BBE8A70DB7C1E3F3A9F42112D5D3A81645FB23A4120DFB926AF7D089ACA462 ] C:\WINDOWS\system32\ieframe.dll
13:14:18.0890 0x0938 C:\WINDOWS\system32\ieframe.dll - ok
13:14:18.0890 0x0938 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] C:\WINDOWS\system32\cabinet.dll
13:14:18.0890 0x0938 C:\WINDOWS\system32\cabinet.dll - ok
13:14:18.0890 0x0938 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] C:\WINDOWS\system32\spoolss.dll
13:14:18.0890 0x0938 C:\WINDOWS\system32\spoolss.dll - ok
13:14:18.0890 0x0938 [ 5677DFE438EC1F009273FC84FEED6B10, 44B62CC4D138E13C22FC29E9751CB7ED0B0C6C8897A8E6469172F8642B0527BE ] C:\WINDOWS\system32\localspl.dll
13:14:18.0890 0x0938 C:\WINDOWS\system32\localspl.dll - ok
13:14:18.0906 0x0938 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] C:\WINDOWS\system32\cnbjmon.dll
13:14:18.0906 0x0938 C:\WINDOWS\system32\cnbjmon.dll - ok
13:14:18.0906 0x0938 [ 27CCEA9CE41A726B13E45795CCC3B7BA, E9B689B0F86A483A64DBD35EB268B6F3A8E4F6ED7B28026820EED12B2580763A ] C:\WINDOWS\system32\mdimon.dll
13:14:18.0906 0x0938 C:\WINDOWS\system32\mdimon.dll - ok
13:14:18.0906 0x0938 [ C9564CF4976E7E96B4052737AA2492B4, C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
13:14:18.0906 0x0938 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
13:14:18.0921 0x0938 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] C:\WINDOWS\system32\pjlmon.dll
13:14:18.0921 0x0938 C:\WINDOWS\system32\pjlmon.dll - ok
13:14:18.0921 0x0938 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] C:\WINDOWS\system32\tcpmon.dll
13:14:18.0921 0x0938 C:\WINDOWS\system32\tcpmon.dll - ok
13:14:18.0921 0x0938 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] C:\WINDOWS\system32\usbmon.dll
13:14:18.0921 0x0938 C:\WINDOWS\system32\usbmon.dll - ok
13:14:18.0921 0x0938 [ 4424AE65F7AF8181AC99FE46BC2700C9, 7FA594C90FDDBE1B99BC0DFA78505BAC40B5FB69EE5CC586876AF5C50CA2A1E4 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
13:14:18.0921 0x0938 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
13:14:18.0937 0x0938 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
13:14:18.0937 0x0938 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
13:14:18.0937 0x0938 [ 291778DFEBAA278B451D457B03C10AC1, 19649A327CC5EC74FB84D1FC347912E21D120C8470CB361DA1E8D4E49968F21E ] C:\WINDOWS\system32\win32spl.dll
13:14:18.0937 0x0938 C:\WINDOWS\system32\win32spl.dll - ok
13:14:18.0937 0x0938 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
13:14:18.0937 0x0938 C:\WINDOWS\system32\netrap.dll - ok
13:14:18.0953 0x0938 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] C:\WINDOWS\system32\inetpp.dll
13:14:18.0953 0x0938 C:\WINDOWS\system32\inetpp.dll - ok
13:14:18.0953 0x0938 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
13:14:18.0953 0x0938 C:\WINDOWS\system32\es.dll - ok
13:14:18.0953 0x0938 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] C:\WINDOWS\system32\drivers\mrxdav.sys
13:14:18.0953 0x0938 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
13:14:18.0953 0x0938 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] C:\WINDOWS\system32\webclnt.dll
13:14:18.0953 0x0938 C:\WINDOWS\system32\webclnt.dll - ok
13:14:18.0968 0x0938 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] C:\WINDOWS\system32\drivers\parport.sys
13:14:18.0968 0x0938 C:\WINDOWS\system32\drivers\parport.sys - ok
13:14:18.0968 0x0938 [ 2FD877742C7F750A8E4B0053AD62CAFE, 8792CB27460DADC7B7D85F89F8449A9C1BDF4DA3FDCBD684E752E98AD6441481 ] C:\WINDOWS\system32\drivers\tmcomm.sys
13:14:18.0968 0x0938 C:\WINDOWS\system32\drivers\tmcomm.sys - ok
13:14:18.0968 0x0938 [ B0F6745DA670754E64146A6E64B96B30, AB76DCC5DFF13A938338572F4255C8BE47233565545EEB277B6E29DBA9B389CF ] C:\WINDOWS\system32\drivers\tmevtmgr.sys
13:14:18.0968 0x0938 C:\WINDOWS\system32\drivers\tmevtmgr.sys - ok
13:14:18.0984 0x0938 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:14:18.0984 0x0938 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
13:14:18.0984 0x0938 [ FBB4A664450EB3905527C01B7F91D5C9, 20125D04011B4F5A820064D1CAD60D1520DFFB19881D54A80C2BBC548FCCA73C ] C:\WINDOWS\system32\drivers\tmactmon.sys
13:14:18.0984 0x0938 C:\WINDOWS\system32\drivers\tmactmon.sys - ok
13:14:18.0984 0x0938 [ BC83108B18756547013ED443B8CDB31B, B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671 ] C:\WINDOWS\system32\msvcp100.dll
13:14:18.0984 0x0938 C:\WINDOWS\system32\msvcp100.dll - ok
13:14:18.0984 0x0938 [ 0E37FBFA79D349D672456923EC5FBBE3, 8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18 ] C:\WINDOWS\system32\msvcr100.dll
13:14:18.0984 0x0938 C:\WINDOWS\system32\msvcr100.dll - ok
13:14:19.0000 0x0938 [ 29158B1DC3F86D4B0D6A127FE586ADFF, 03C17FA518200CE5C53AED55C5AF22D0A2D483110FB1E7EA6F990C56936570E6 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
13:14:19.0000 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
13:14:19.0000 0x0938 [ E26E6A97B94304F78B3A2D85C6056CC2, A4D678729145E9A9E561564B4E15AA67DD8103153BCAA2DD38084E43E33D0D00 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
13:14:19.0000 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
13:14:19.0000 0x0938 [ 461299398E15909598B7002B3FAABCE8, 1965E672088268C91848A100D77A6CD6E689589185B528DD9E0907ED1AD60771 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
13:14:19.0000 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
13:14:19.0015 0x0938 [ 8EAEB0ED23A98DE0F0C812D756E47CE9, D49AB526C0B0356AB1F778E3B6AFC4D148742942F8561C9C4C2183A649661A86 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
13:14:19.0015 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
13:14:19.0015 0x0938 [ EA6C35EBF9F3ED65724E1D65F09E6E7F, D39DD2D98277B0136C47E3C762E76EB12D6BDB79151F673E681B7EA49EBC6A6F ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
13:14:19.0015 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
13:14:19.0015 0x0938 [ 5760B2B5BAA3449C045B6FA222205F60, AC566245868530F6A8F80BEA9C6AB532DB2280F280CA4889C09BCCA9D057C1D4 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
13:14:19.0015 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
13:14:19.0015 0x0938 [ BCE7DD8098CE6DD28EE2B0D5D5028B47, C48E1E455A0C6FC351CA2A8938C78D6D278B753FA7A621628B4E843C3A8F02FE ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
13:14:19.0015 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
13:14:19.0031 0x0938 [ 922563953E405AA9762F90778B711F77, 3DD35372DFC79F309BF419E9BF0043D1B1E00EDC47DCFF4D669416BDD5B094C5 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
13:14:19.0031 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
13:14:19.0031 0x0938 [ 54023DF1A9A7D481B4762B09ECCA330F, 271B46804B2E944B7ABF707939CB498AE78B0EE6DDCE318E26BE0C7BA826DFA3 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt49.dll
13:14:19.0031 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\icudt49.dll - ok
13:14:19.0031 0x0938 [ 3E40BD88F9C0919E7A73D5E070688666, E1441368E4A76D4031D9373ED3F196101080D4E36F14C9B51783E84EEF8C7073 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
13:14:19.0031 0x0938 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
13:14:19.0046 0x0938 [ 2EC5693E2EE393F3A97BBB6C46D67779, 68CCECB20B55247B0DC2EF720FA8905CD039D91002D7450293BE585DF926462B ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
13:14:19.0046 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
13:14:19.0046 0x0938 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
13:14:19.0046 0x0938 C:\WINDOWS\system32\wsock32.dll - ok
13:14:19.0046 0x0938 [ 062373995EAE5F0EAC9EAA9192136BFB, 0392D5656BD677C4C5CB74C96E7B85B0867F2535A37950AEC7F5C4A1A70D19AE ] C:\WINDOWS\system32\dnssd.dll
13:14:19.0046 0x0938 C:\WINDOWS\system32\dnssd.dll - ok
13:14:19.0046 0x0938 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] C:\Program Files\Bonjour\mDNSResponder.exe
13:14:19.0046 0x0938 C:\Program Files\Bonjour\mDNSResponder.exe - ok
13:14:19.0062 0x0938 [ 304A778141AFAA9AD2A5F91AD691A159, 6255518284CB09658072353048E12CAE1C8102126A19ECA2D9CA5D395C6970CF ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
13:14:19.0062 0x0938 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
13:14:19.0062 0x0938 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:14:19.0062 0x0938 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
13:14:19.0062 0x0938 [ 725AB72D5DD462F2EDAF1A6C59C8CFB5, 2420B0D7D132444E79B646787B1B6D89F45C6188E03FC1A4467B154D4774EFC3 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
13:14:19.0062 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
13:14:19.0078 0x0938 [ E5F7C30EDF0892667933BE879F067D67, E4BA45F4C6C74A0CDE9B12A00C91E2F5EF83536C89C9053DEC507CBB4F130A12 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
13:14:19.0078 0x0938 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
13:14:19.0078 0x0938 [ 6BDF91038CB78269B8063617597A6D4F, 737C43E4208B3C1ACD56951B0A24F2F762158B2344405099779F8F1DF69B2548 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
13:14:19.0078 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
13:14:19.0078 0x0938 [ B04DB1F0B2652FCBCCC5FD0C46579F0F, 24D1919B63ED444F5C6629626C239EC78A5BB7A3F29B154FEEA03A6FB8F26148 ] C:\WINDOWS\system32\mscoree.dll
13:14:19.0078 0x0938 C:\WINDOWS\system32\mscoree.dll - ok
13:14:19.0078 0x0938 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
13:14:19.0078 0x0938 C:\WINDOWS\system32\cryptsvc.dll - ok
13:14:19.0093 0x0938 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
13:14:19.0093 0x0938 C:\WINDOWS\system32\certcli.dll - ok
13:14:19.0093 0x0938 [ 5E2C2F8785C7AD89EB81CFDB26C4E0BF, 94F20AC5304CA30F8A170B3148E1821A64EC7B6157A73DCC4A91D12ACF50DEB0 ] C:\Program Files\netinst\mgmtagnt.exe
13:14:19.0093 0x0938 C:\Program Files\netinst\mgmtagnt.exe - ok
13:14:19.0093 0x0938 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] C:\WINDOWS\system32\ersvc.dll
13:14:19.0093 0x0938 C:\WINDOWS\system32\ersvc.dll - ok
13:14:19.0109 0x0938 [ EBE2704172A0156A5879226972509577, DAD5D075710DD227242C7C88A156CF887C25E5AC43AF0D2E52D527AB3BFF80F4 ] C:\Program Files\netinst\logrogue.dll
13:14:19.0109 0x0938 C:\Program Files\netinst\logrogue.dll - ok
13:14:19.0109 0x0938 [ 01201604DB64B2139716D7C96EF1402A, 5EFF0A204F9F16D351C5F9F41D3B9E5E04131F91FB6809E3A58D6016CC02A2FF ] C:\Program Files\netinst\logprov\lgacylog.dll
13:14:19.0109 0x0938 C:\Program Files\netinst\logprov\lgacylog.dll - ok
13:14:19.0109 0x0938 [ 37B62151523774D3F55D9DDD903EE193, 55A60B676BE5E5FCED51F7EDC9D1A55DF851DB148CF1B51711033F4650F02BD7 ] C:\Program Files\netinst\logprov\msgbxlog.dll
13:14:19.0109 0x0938 C:\Program Files\netinst\logprov\msgbxlog.dll - ok
13:14:19.0109 0x0938 [ 4EDB186C455CDEADA24A708AAB884AE3, 836B3176A4A1B57F89D5B950BDA2F6C6F785899ED54632D8CF35DF55B364DB81 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
13:14:19.0109 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
13:14:19.0125 0x0938 [ 6746BB3D35ACB27726B859A61FB21646, 4E0C1AAD745E51E9399681D04B0446ED42BC4AD98E9ACF7D431301337BB0B5F0 ] C:\Program Files\netinst\logprov\filelog.dll
13:14:19.0125 0x0938 C:\Program Files\netinst\logprov\filelog.dll - ok
13:14:19.0125 0x0938 [ 0902D6F78078EBD841D319B1865E217F, 3A1B2D229C623C1169AE500A7697927E794B608B2D1DE633A9E1BADCAA5B04FF ] C:\Program Files\netinst\logprov\evloglog.dll
13:14:19.0125 0x0938 C:\Program Files\netinst\logprov\evloglog.dll - ok
13:14:19.0125 0x0938 [ FE7645B8AE3D4E46B44BFB461BB4C583, 1A0CC77CEB21F06E7DCA8C9E3ECF89E41A2F684A634633A786FDFEB81C23A93D ] C:\Program Files\netinst\logprov\dlglog.dll
13:14:19.0125 0x0938 C:\Program Files\netinst\logprov\dlglog.dll - ok
13:14:19.0140 0x0938 [ 54092A57207AD603481BED99D4E19AAE, 904DF04938D8B4B8C8B9FBF48719000A26A2D97F59452DCB7D3BB14D29ECADB9 ] C:\Program Files\netinst\magntext\clntext.dll
13:14:19.0140 0x0938 C:\Program Files\netinst\magntext\clntext.dll - ok
13:14:19.0140 0x0938 [ CC70674EC53A8B05C026CCBAB69ADF02, A815B471DFBC469C1DE00B8577AE8B1A5A4315FF5220B4FAEDC5448E896C56DB ] C:\Program Files\netinst\magntext\cmsext.dll
13:14:19.0140 0x0938 C:\Program Files\netinst\magntext\cmsext.dll - ok
13:14:19.0140 0x0938 [ D73C8DD791AED035C06E94DB85874439, 65E1695718017889B6AED519335D0383C03DF5A87195A952A7D8E607A23535D1 ] C:\Program Files\netinst\magntext\csactext.dll
13:14:19.0140 0x0938 C:\Program Files\netinst\magntext\csactext.dll - ok
13:14:19.0140 0x0938 [ 374028795955E92CDEA0B3ECC3CB7838, E01E71B30F2DBF3B26E90AC5D7FFA0D0C9D8DC7E6452A267A40E962446787A43 ] C:\Program Files\netinst\magntext\csmanext.dll
13:14:19.0140 0x0938 C:\Program Files\netinst\magntext\csmanext.dll - ok
13:14:19.0156 0x0938 [ 57A6362D71B5003C48EE21F2DBB624B1, E6480D1F219BF3F8E7AC8347A8C50E48632B7BBC9618EEB36DAEA1079AA770B5 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
13:14:19.0156 0x0938 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
13:14:19.0156 0x0938 [ 5F89589FEC88AF5CEB90C2A20F98307C, 3A70FC74FC6C0E1EA11298F8A1D36E7504B510CD7D5CBB4EEA0B3FBCE58C9447 ] C:\Program Files\netinst\magntext\ersupext.dll
13:14:19.0156 0x0938 C:\Program Files\netinst\magntext\ersupext.dll - ok
13:14:19.0156 0x0938 [ C32C0910D268CFD4E30003541628F50B, D0606D7C5778FFD227BBE324EC86E0DAF9D8E5260A07D5F208519FD9EA01D1C2 ] C:\Program Files\netinst\magntext\FpsCacheManager.dll
13:14:19.0156 0x0938 C:\Program Files\netinst\magntext\FpsCacheManager.dll - ok
13:14:19.0171 0x0938 [ 0DBC292727042BC604A9EC023EDE19BF, 9599666677A5D79F038D8760B587C86B9DB758C4F4A46AD0FE958F6140C5646B ] C:\Program Files\netinst\magntext\icdbext.dll
13:14:19.0171 0x0938 C:\Program Files\netinst\magntext\icdbext.dll - ok
13:14:19.0171 0x0938 [ 859734188B4E0DF20629BAC88F976570, 73F8A8D435274F8D0080582C5F6F5682171B18B701516BD08B13A85A3B82EE8C ] C:\Program Files\netinst\magntext\LocalJobManager.dll
13:14:19.0171 0x0938 C:\Program Files\netinst\magntext\LocalJobManager.dll - ok
13:14:19.0171 0x0938 [ EFF65B202DBE85EC4972166254D0309F, 740C76D81BF3A3A9FAAC95238EBCA174E882A82AE1A5B09325534E2F58A8D191 ] C:\Program Files\netinst\magntext\MICacheManager.dll
13:14:19.0171 0x0938 C:\Program Files\netinst\magntext\MICacheManager.dll - ok
13:14:19.0171 0x0938 [ 4A28581C8F0ECD8BA47CB69876D9CF28, BA5DCA3898DB1DDDD67190679F4888F7FD4997B5DD3D5E4F35E37219C5BCF6CE ] C:\Program Files\netinst\magntext\NetStateExt.dll
13:14:19.0171 0x0938 C:\Program Files\netinst\magntext\NetStateExt.dll - ok
13:14:19.0187 0x0938 [ C5BB5770F098D32B8E4B525D708336B4, 8C5D1F606435EEB5689F247E7050168996E293CE700E20DA900A7EF1A7E6CC9F ] C:\Program Files\netinst\magntext\nwcmext.dll
13:14:19.0187 0x0938 C:\Program Files\netinst\magntext\nwcmext.dll - ok
13:14:19.0187 0x0938 [ 97A8841E2E818DFA2621F375E7A4649F, 7510F42904A561691D4DDFBC7897E2800C7DA3EFD2B866DD6F01010F1DB33737 ] C:\Program Files\netinst\magntext\SWUsageService.dll
13:14:19.0187 0x0938 C:\Program Files\netinst\magntext\SWUsageService.dll - ok
13:14:19.0187 0x0938 [ CE3045A4DA368FD7C1B120FC8526505C, 1E477DB84E15C84001E14DCCF0E01202D910C8A0D480CBE19B2960120E9427CC ] C:\Program Files\netinst\magntext\syncserv.dll
13:14:19.0187 0x0938 C:\Program Files\netinst\magntext\syncserv.dll - ok
13:14:19.0203 0x0938 [ D316BB764E63289DEE509F05C31C2956, 3685CD50504725CD7FA65EE27BD450DE5D7058201FF870FF8D833AA81B415C4D ] C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
13:14:19.0203 0x0938 C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe - ok
13:14:19.0203 0x0938 [ CC9B4466049A087D1922958200481766, EF4239D22FCA02DF09D698099B94303FCF3BC4D8C6F50182ADFF4DD4A13175C3 ] C:\Program Files\netinst\blooncln.dll
13:14:19.0203 0x0938 C:\Program Files\netinst\blooncln.dll - ok
13:14:19.0203 0x0938 [ 068CC1633357C9ABC17A70466324851B, 50CFD9AA17AA8E7B9583D84C1F6FFED4319906B3478B4A10A813765EECA2AAA6 ] C:\Program Files\netinst\icdb.dll
13:14:19.0203 0x0938 C:\Program Files\netinst\icdb.dll - ok
13:14:19.0203 0x0938 [ DF44E05F410D80A1858C887C9A3A7BF6, 388EC710F4A5936E602DFAB70EF8BF747D50927F504A2D9D3251CB366670B00C ] C:\Program Files\netinst\icdbhlp.dll
13:14:19.0203 0x0938 C:\Program Files\netinst\icdbhlp.dll - ok
13:14:19.0218 0x0938 [ C3200506FB212A0F4FB736A80E646C40, 19D041704CB052BD52BD0DFD70E66E7A55EDEE56888DEEF56A9739476AF91944 ] C:\WINDOWS\system32\lz32.dll
13:14:19.0218 0x0938 C:\WINDOWS\system32\lz32.dll - ok
13:14:19.0218 0x0938 [ BF8B08E34D106D9D35AA0F3CFB3BE76D, 69D5AC4830D07A962281F3A2EC60D6832EED911B30EEA79548E44D8164C19A93 ] C:\Program Files\netinst\icdbclnt.dll
13:14:19.0218 0x0938 C:\Program Files\netinst\icdbclnt.dll - ok
13:14:19.0218 0x0938 [ 99BD6620320C20DCB7DEBDA58DE0D2DA, AEB6621DC17D5E2A6A7D8F7DCC25EF9DFC8C5D9FED9323E694D9D90F417F90B2 ] C:\Program Files\netinst\SiVarSup.dll
13:14:19.0218 0x0938 C:\Program Files\netinst\SiVarSup.dll - ok
13:14:19.0234 0x0938 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
13:14:19.0234 0x0938 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
13:14:19.0234 0x0938 [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] C:\WINDOWS\system32\inetsrv\inetinfo.exe
13:14:19.0234 0x0938 C:\WINDOWS\system32\inetsrv\inetinfo.exe - ok
13:14:19.0234 0x0938 [ EA77DB688F86723EF710F41E56777734, 49F4A4349981EF9573BDE236B2D8969582CC83D409ACE4C3EBC0E7FBFA9A8D4F ] C:\WINDOWS\system32\iisRtl.dll
13:14:19.0234 0x0938 C:\WINDOWS\system32\iisRtl.dll - ok
13:14:19.0234 0x0938 [ C42ADC86AC5EF0803DE8B92D5AD1A4AD, 988B655716BF630CB3727EBE8D192DA068EE68F89B6160C7661980331DAC5DB5 ] C:\WINDOWS\system32\inetsrv\rpcref.dll
13:14:19.0234 0x0938 C:\WINDOWS\system32\inetsrv\rpcref.dll - ok
13:14:19.0250 0x0938 [ 173531318F4A58593CF5C2F06426C3B6, 72FAA8E728A5AB525A8D871F0C9737FCD51D795F8CF03D5333BDC97B901E06E2 ] C:\WINDOWS\system32\inetsrv\iisadmin.dll
13:14:19.0250 0x0938 C:\WINDOWS\system32\inetsrv\iisadmin.dll - ok
13:14:19.0250 0x0938 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
13:14:19.0250 0x0938 C:\WINDOWS\system32\vssapi.dll - ok
13:14:19.0250 0x0938 [ 5E06A9D23727DAF96FAA796F1135FDCD, CE17B26F6DE8FD229A32A0057855A35EA2A728162808095D2000FF6987AF2939 ] C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe
13:14:19.0250 0x0938 C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe - ok
13:14:19.0265 0x0938 [ 86F1895AE8C5E8B17D99ECE768A70732, 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE ] C:\Program Files\Java\jre1.6.0_24\bin\msvcr71.dll
13:14:19.0265 0x0938 C:\Program Files\Java\jre1.6.0_24\bin\msvcr71.dll - ok
13:14:19.0265 0x0938 [ 0E9106A49B72FF5E6C7EED93373A401A, 01565FF1C23C5A37B42161E978C1D26E3110FDDEDC12753891F88979A80272BB ] C:\WINDOWS\system32\inetsrv\coadmin.dll
13:14:19.0265 0x0938 C:\WINDOWS\system32\inetsrv\coadmin.dll - ok
13:14:19.0265 0x0938 [ 11848E7EBAF7D9624FA99B05226DB027, D16CCFD9F9ADB35723859A5C8A2A87EA9107396C532F78A85FE0BCCB3545DA98 ] C:\WINDOWS\system32\admwprox.dll
13:14:19.0265 0x0938 C:\WINDOWS\system32\admwprox.dll - ok
13:14:19.0265 0x0938 [ 62CF83A6989312A0DD39BBFFB3D1C166, 05FB7F06444B4958BE3EFC6909614D516BE5FE3929E0F58D2C13C2A211C1F86A ] C:\WINDOWS\system32\pdh.dll
13:14:19.0265 0x0938 C:\WINDOWS\system32\pdh.dll - ok
13:14:19.0281 0x0938 [ 4B9E117CB68E8486792176C10337E11D, B69475B2126968EC004E0F0B0F2EA5DB7869ADD640CE285CC6992C412CE8E594 ] C:\WINDOWS\system32\inetsrv\metadata.dll
13:14:19.0281 0x0938 C:\WINDOWS\system32\inetsrv\metadata.dll - ok
13:14:19.0281 0x0938 [ 369F7B1A4F358B976176556A1A331F36, 65A60C4C5D816D53DDAA208FEEDD4F8C185A77BACB8736EADCAE2F454C8FFC08 ] C:\WINDOWS\system32\odbcbcp.dll
13:14:19.0281 0x0938 C:\WINDOWS\system32\odbcbcp.dll - ok
13:14:19.0281 0x0938 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:14:19.0281 0x0938 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - ok
13:14:19.0296 0x0938 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] C:\WINDOWS\system32\srvsvc.dll
13:14:19.0296 0x0938 C:\WINDOWS\system32\srvsvc.dll - ok
13:14:19.0296 0x0938 [ D4F0113C084930EF51D37C156A0E3589, 62A07654B256F26CDE42A789B71E2FE91B8881F598A34368BAFDAC3B85294722 ] C:\WINDOWS\system32\inetsrv\nsepm.dll
13:14:19.0296 0x0938 C:\WINDOWS\system32\inetsrv\nsepm.dll - ok
13:14:19.0296 0x0938 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
13:14:19.0296 0x0938 C:\WINDOWS\system32\netmsg.dll - ok
13:14:19.0296 0x0938 [ CD2DCBA9155D7F03001E5B6EE5963638, 09391826AD4E5AC1BE228504F0635BA6752292EA3C1569BDBA9AAA281E7E6D74 ] C:\WINDOWS\system32\iismap.dll
13:14:19.0296 0x0938 C:\WINDOWS\system32\iismap.dll - ok
13:14:19.0312 0x0938 [ 56BC09F32F22DAC57F0B29519CEDB0C8, D563D8F393FB35D2F8D0B6AD289E8A99F0BFF5F633A4D6ACCF8B6282AB2694ED ] C:\Program Files\netinst\simplexr.dll
13:14:19.0312 0x0938 C:\Program Files\netinst\simplexr.dll - ok
13:14:19.0312 0x0938 [ F6F2BFC17069EB335ACCEEF7595F9302, 7434C4353DD2B2E5C8F3690CEF2E1F7E234C2402E6E3BFCBF29DCB1494125F8A ] C:\WINDOWS\system32\mfc42u.dll
13:14:19.0312 0x0938 C:\WINDOWS\system32\mfc42u.dll - ok
13:14:19.0312 0x0938 [ 1EE883222C4DDC84B4C9A71438E56673, D9F6B1EBD440677658B801ECA9922E014C876506B47B0C65615C824DDCBAA62B ] C:\WINDOWS\system32\inetsrv\wamreg.dll
13:14:19.0312 0x0938 C:\WINDOWS\system32\inetsrv\wamreg.dll - ok
13:14:19.0328 0x0938 [ 8B1520068B9C6BFB58BA63ABF8DBE25E, 4B87074879862795C5D27F8E70FAAB20814D5436BD89264A4CE5A42F4262D952 ] C:\WINDOWS\system32\inetsrv\admexs.dll
13:14:19.0328 0x0938 C:\WINDOWS\system32\inetsrv\admexs.dll - ok
13:14:19.0328 0x0938 [ 15922DE9A8AED8AFD48C229673C83938, 05682744D6FE380C7E468CE8C0ABD2268357A18176D78E21A5E3E369AF026748 ] C:\WINDOWS\system32\inetsrv\svcext.dll
13:14:19.0328 0x0938 C:\WINDOWS\system32\inetsrv\svcext.dll - ok
13:14:19.0328 0x0938 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] C:\WINDOWS\system32\drivers\srv.sys
13:14:19.0328 0x0938 C:\WINDOWS\system32\drivers\srv.sys - ok
13:14:19.0328 0x0938 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] C:\WINDOWS\system32\security.dll
13:14:19.0328 0x0938 C:\WINDOWS\system32\security.dll - ok
13:14:19.0343 0x0938 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] C:\WINDOWS\system32\comsvcs.dll
13:14:19.0343 0x0938 C:\WINDOWS\system32\comsvcs.dll - ok
13:14:19.0343 0x0938 [ A027DE1E6C11BD2DAF61F6F276B2299F, E2B7A9EDE85DB440FE6ECBD87976B00F01A5BB5DB8D19A38AE8AE66A9962128E ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
13:14:19.0343 0x0938 C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
13:14:19.0343 0x0938 [ ACDAFCD14EC0ECE89198503746A5C147, F90876961B6966915C4A1847F91F45282FFA48140D01503EF9013E774661C4E8 ] C:\WINDOWS\system32\perfos.dll
13:14:19.0343 0x0938 C:\WINDOWS\system32\perfos.dll - ok
13:14:19.0359 0x0938 [ ABFB673B24A9B3287761D497529FB5B9, FD0DEC392BE1632C33E90981D799DD5C11C9D257F0B1D3190FA32658EB706F0A ] C:\WINDOWS\system32\perfdisk.dll
13:14:19.0359 0x0938 C:\WINDOWS\system32\perfdisk.dll - ok
13:14:19.0359 0x0938 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] C:\WINDOWS\system32\colbact.dll
13:14:19.0359 0x0938 C:\WINDOWS\system32\colbact.dll - ok
13:14:19.0359 0x0938 [ A5FB5070F78E5C26C39B4E7F9163C6DF, ACE5FCC0B93068BA2D943EF3F1685664E69B3BFA2BFA033ACF2EE9E3C82A0E8A ] C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
13:14:19.0359 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe - ok
13:14:19.0359 0x0938 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] C:\WINDOWS\system32\mtxclu.dll
13:14:19.0359 0x0938 C:\WINDOWS\system32\mtxclu.dll - ok
13:14:19.0375 0x0938 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] C:\WINDOWS\system32\clusapi.dll
13:14:19.0375 0x0938 C:\WINDOWS\system32\clusapi.dll - ok
13:14:19.0375 0x0938 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] C:\WINDOWS\system32\resutils.dll
13:14:19.0375 0x0938 C:\WINDOWS\system32\resutils.dll - ok
13:14:19.0375 0x0938 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] C:\WINDOWS\system32\qagentrt.dll
13:14:19.0375 0x0938 C:\WINDOWS\system32\qagentrt.dll - ok
13:14:19.0390 0x0938 [ 15186771BA084403D6D3DA8E8A5E7FCB, 0261AE086867C6D36ADE5B30F69E993BC76C1F82434F84432C10A57EF4C879C4 ] C:\Program Files\netinst\fpsclnt.dll
13:14:19.0390 0x0938 C:\Program Files\netinst\fpsclnt.dll - ok
13:14:19.0390 0x0938 [ FB8E05CEDB3EF65C80FEBD2698C80998, 9519B19EDF535F9DAD4ECBFD7FB3733C8A70DE04AB549F0D35C96CC06C02C17A ] C:\WINDOWS\system32\qagent.dll
13:14:19.0390 0x0938 C:\WINDOWS\system32\qagent.dll - ok
13:14:19.0390 0x0938 [ 1F2E96D3BF94D86847D2598BA14E33AA, A22EF7044FDC16F0D3484ED5B73B72D501391CF62AD697C4679E6BFC1A465FA9 ] C:\Program Files\netinst\trustchk.dll
13:14:19.0390 0x0938 C:\Program Files\netinst\trustchk.dll - ok
13:14:19.0390 0x0938 [ C2C1F5B846E41832FFAD998C2193C885, 8AFD06D26FDA639167F06C4B9B1A1B507F9A931B04C018333585980116932095 ] C:\Program Files\netinst\LJMClntLib.dll
13:14:19.0390 0x0938 C:\Program Files\netinst\LJMClntLib.dll - ok
13:14:19.0406 0x0938 [ 86B4AD7CFECAB5C828CC78DDC956E857, 1FD30639BB483D36E199ED6C56853171F3A6F79F5880832B1EC16FC3DAB82DEC ] C:\Program Files\netinst\fps.dll
13:14:19.0406 0x0938 C:\Program Files\netinst\fps.dll - ok
13:14:19.0406 0x0938 [ F7BBAA9485F04E46A053E147CDFAD079, 36DB0C367353C0988FB62E07188363DC19038B2275FB93C47C300B81C82403A8 ] C:\WINDOWS\system32\mssha.dll
13:14:19.0406 0x0938 C:\WINDOWS\system32\mssha.dll - ok
13:14:19.0406 0x0938 [ 11A9E0581F6441876FFBF331D294C10A, 22ECBAF9A9E7563249EF63360574F905509992AECBBA609B8BB7EA2009195506 ] C:\WINDOWS\system32\dhcpqec.dll
13:14:19.0406 0x0938 C:\WINDOWS\system32\dhcpqec.dll - ok
13:14:19.0421 0x0938 [ BCC23A7518B19273EE02DC0CF52167B7, C7AF408BEC5A561FB8E982F241376EF240FCB73772FACCB598C7F9D83E4A0BBA ] C:\Program Files\netinst\nwcmclnt.dll
13:14:19.0421 0x0938 C:\Program Files\netinst\nwcmclnt.dll - ok
13:14:19.0421 0x0938 [ 9EEFE69139FDBB4A3C327630F8EB993A, 8B397F6721E7BC8AA93E9B68099084D49AC4776BACC1383089C59A52D8244B49 ] C:\WINDOWS\system32\wlanapi.dll
13:14:19.0421 0x0938 C:\WINDOWS\system32\wlanapi.dll - ok
13:14:19.0421 0x0938 [ 31FC5E1DC25F8A78DB76096DAD046080, 10374E2FE73D3A13C906A7CAD0BE8AEB317470AB71DE571B5822A48CBA79D2BF ] C:\Program Files\netinst\FpsCacheClntLib.dll
13:14:19.0421 0x0938 C:\Program Files\netinst\FpsCacheClntLib.dll - ok
13:14:19.0437 0x0938 [ 545E9409AC5C062575619DF6A8B93C89, 58C3E0D3AF9CABF14F27F4B1565C9FEA562A7FD5438BA9A65D51878E24DFEB6D ] C:\Program Files\netinst\FpsClntHlp.dll
13:14:19.0437 0x0938 C:\Program Files\netinst\FpsClntHlp.dll - ok
13:14:19.0437 0x0938 [ 87906187B3AF89582380D156DA601F68, 96355984BEFC2A9C062BA993508329C5ECBC1106ACB83518326AA4544CED511B ] C:\WINDOWS\system32\napipsec.dll
13:14:19.0437 0x0938 C:\WINDOWS\system32\napipsec.dll - ok
13:14:19.0437 0x0938 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] C:\WINDOWS\system32\winipsec.dll
13:14:19.0437 0x0938 C:\WINDOWS\system32\winipsec.dll - ok
13:14:19.0437 0x0938 [ 7BBF6D3C6F430689991F6E8A36433C0A, 8AC6F32A8C84BFF464BB97277F67A11A6608E5A701A6F5923B93B1A06E899B7C ] C:\Program Files\netinst\zlib1.dll
13:14:19.0437 0x0938 C:\Program Files\netinst\zlib1.dll - ok
13:14:19.0453 0x0938 [ 1396F781364754123E5180074FC3CB85, 0586C97845006EB28F138EA2264FD12A9FE1315236F63F7AAC5B5B70F8CFEB4C ] C:\WINDOWS\system32\tsgqec.dll
13:14:19.0453 0x0938 C:\WINDOWS\system32\tsgqec.dll - ok
13:14:19.0453 0x0938 [ 3B06CDD1A41618944A906589C052F2B3, 08D2452F0CB6051AF0C4E9254D82AC34DE336BB0B5F95D9516AF7D56E31FD51A ] C:\WINDOWS\system32\eapqec.dll
13:14:19.0453 0x0938 C:\WINDOWS\system32\eapqec.dll - ok
13:14:19.0453 0x0938 [ 2FCD1C0ECF3BA1B00F049B83E4BFC98F, A3C3935ABEF45F168C0CFD0C96430A134B7CE8F9DAF97F38C9937A8C5766D495 ] C:\Program Files\netinst\MIClntLibWrapper.dll
13:14:19.0453 0x0938 C:\Program Files\netinst\MIClntLibWrapper.dll - ok
13:14:19.0468 0x0938 [ 18BEA466107EB04610375D241919E89C, A77CF15B79C3B3F47941EBB37057183CF527D0D896BE8F983EF927B1695695AE ] C:\Program Files\netinst\Miclntlib.dll
13:14:19.0468 0x0938 C:\Program Files\netinst\Miclntlib.dll - ok
13:14:19.0468 0x0938 [ 76848CB1AA5818DB47D5F5986E0A7485, 03BAB6981C6F447E41B78A96187FA619E4755C2101FF1A0B2ABF111BE53D9F92 ] C:\WINDOWS\system32\mfc42.dll
13:14:19.0468 0x0938 C:\WINDOWS\system32\mfc42.dll - ok
13:14:19.0468 0x0938 [ 3720F8C660C8A9551E4063E07276A255, E755D70E3857B5372BC75C62062743AD4EE5CE5617BC1FB435342017E6D485F7 ] C:\Program Files\Trend Micro\OfficeScan Client\perfiCrcPerfMonMgr.dll
13:14:19.0468 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\perfiCrcPerfMonMgr.dll - ok
13:14:19.0468 0x0938 [ 6358C181BF021970A897C1FAB0ECF5D2, E85170DA25D32659AB321F6CB2D8707D0B08503FF481F0BF714AD79969223F46 ] C:\WINDOWS\system32\loadperf.dll
13:14:19.0468 0x0938 C:\WINDOWS\system32\loadperf.dll - ok
13:14:19.0484 0x0938 [ 050BB5AE62F1B9054DFB7D41250BBFBC, 025C0DD15D06F9D5F5FC477C88BC0406917FAD9C24A92011AF3B783F7DF4BF9D ] C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.DLL
13:14:19.0484 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.DLL - ok
13:14:19.0484 0x0938 [ E13099F5E09C7C1C0008DCEE42BE8185, 362D2549D1861D361DFBB18E4365A7A19046DA44F27CB1ACB53238829A332406 ] C:\Program Files\netinst\AddOns\ADDirPrv.dll
13:14:19.0484 0x0938 C:\Program Files\netinst\AddOns\ADDirPrv.dll - ok
13:14:19.0484 0x0938 [ E4753285AC3BC5253659B78B52CD8D05, AB5970A14B315D11A3D61229B97D83C35F6BFC362FF532D65127046E3F826E25 ] C:\Program Files\netinst\AddOns\NTDirPrv.dll
13:14:19.0484 0x0938 C:\Program Files\netinst\AddOns\NTDirPrv.dll - ok
13:14:19.0484 0x0938 [ C86834B6BE8CFF32541D4F638B75D7F0, 6A40A45F0AC4FC327F915871D4A295FDF63C3F70F0ADCC69F46741A0534BF035 ] C:\Program Files\netinst\siZipRT.dll
13:14:19.0484 0x0938 C:\Program Files\netinst\siZipRT.dll - ok
13:14:19.0500 0x0938 [ D3A0E4A8C05D250EF0ED598E7E8FC1AD, FFC457FA25F8E326CB8C9CE86D19996CF65A6EBADBFF1ED591065B485444836F ] C:\Program Files\Trend Micro\OfficeScan Client\FlowControl.dll
13:14:19.0500 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\FlowControl.dll - ok
13:14:19.0500 0x0938 [ 8C7DF028B8F2DA22D9853E2F18295DF1, CCCB573F80E94549FDD06E53F5DBC38A7BBED7B7EB5EA5650A7E83C31B7240AB ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll
13:14:19.0500 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll - ok
13:14:19.0500 0x0938 [ 067689E4C92B0A8125829EE972E77F8B, 3F1867E685102F98832B85F49D9F10ED685F3EC29BE48453E4CFAADFF5D34AA3 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll
13:14:19.0500 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll - ok
13:14:19.0515 0x0938 [ 64D5997F973C03080AC434BA547AF5C4, F808678812D80718F12B2A1E0E5E22071FF7612791C8702022AD9B27E58ED003 ] C:\Program Files\Trend Micro\OfficeScan Client\libCNTProdRes.dll
13:14:19.0515 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\libCNTProdRes.dll - ok
13:14:19.0515 0x0938 [ C0440E464DEEDE7994DEDC3C25D9BF26, 816B8FAA83012035C3E24209C0327AAD02A9602481CE910C6BE03A22755DB069 ] C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll
13:14:19.0515 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll - ok
13:14:19.0515 0x0938 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] C:\WINDOWS\system32\ipsecsvc.dll
13:14:19.0515 0x0938 C:\WINDOWS\system32\ipsecsvc.dll - ok
13:14:19.0515 0x0938 [ 584C4DA856450CB22EBBE7A68CC6250F, 56030767CFD2DAFDAE8CC767DC1EED39DD2E6E42152BFAE7904C2C8826B2C3E2 ] C:\WINDOWS\system32\oakley.dll
13:14:19.0515 0x0938 C:\WINDOWS\system32\oakley.dll - ok
13:14:19.0531 0x0938 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ] C:\WINDOWS\system32\pstorsvc.dll
13:14:19.0531 0x0938 C:\WINDOWS\system32\pstorsvc.dll - ok
13:14:19.0531 0x0938 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] C:\WINDOWS\system32\regsvc.dll
13:14:19.0531 0x0938 C:\WINDOWS\system32\regsvc.dll - ok
13:14:19.0531 0x0938 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] C:\WINDOWS\system32\seclogon.dll
13:14:19.0531 0x0938 C:\WINDOWS\system32\seclogon.dll - ok
13:14:19.0546 0x0938 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] C:\WINDOWS\system32\psbase.dll
13:14:19.0546 0x0938 C:\WINDOWS\system32\psbase.dll - ok
13:14:19.0546 0x0938 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] C:\WINDOWS\system32\sens.dll
13:14:19.0546 0x0938 C:\WINDOWS\system32\sens.dll - ok
13:14:19.0546 0x0938 [ F414B37E6B7CB920ABB0517A3F3A01DE, AE23D1A4AE08DB0D9A090AC0D973FC8EA8B81558568EFBCD695959C413742DBA ] C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
13:14:19.0546 0x0938 C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe - ok
13:14:19.0546 0x0938 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
13:14:19.0546 0x0938 C:\WINDOWS\system32\srsvc.dll - ok
13:14:19.0562 0x0938 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] C:\WINDOWS\system32\wiaservc.dll
13:14:19.0562 0x0938 C:\WINDOWS\system32\wiaservc.dll - ok
13:14:19.0562 0x0938 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] C:\WINDOWS\system32\dssenh.dll
13:14:19.0562 0x0938 C:\WINDOWS\system32\dssenh.dll - ok
13:14:19.0562 0x0938 [ 1F8668894ECEF05FC254A3FC0C03B76D, 9372247C19FABCEAFBA5648AB8892068E091E868375A1D1BCA4BA9D7BDD60876 ] C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWIPHlp.dll
13:14:19.0562 0x0938 C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWIPHlp.dll - ok
13:14:19.0578 0x0938 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1, 502B9D43EB6305508E8CDF034528C3F1DDF4525727C1B7663EA835BE2307FF20 ] C:\WINDOWS\system32\mscms.dll
13:14:19.0578 0x0938 C:\WINDOWS\system32\mscms.dll - ok
13:14:19.0578 0x0938 [ 5C1F0537E61F87B435F56E00B4F20EE8, AA4BAD8612F45125421C13536D6E7FB4C85BA6DE7D61BDE19949286FB1910B3D ] C:\WINDOWS\system32\snmpapi.dll
13:14:19.0578 0x0938 C:\WINDOWS\system32\snmpapi.dll - ok
13:14:19.0578 0x0938 [ CEBA73C91C2B17C6D66B4C7C4E926B61, 40F163BD46972456B038939EDB9F327A7EB594FF336FCFE84DAE8872BDCCFD55 ] C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWCommon.dll
13:14:19.0578 0x0938 C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWCommon.dll - ok
13:14:19.0578 0x0938 [ 5D32AA772F07AC13DD0F9197D6A26B38, 8B7E8A49B7F3866AEC3B71D0FB6F2437529391AAB4C3C86FE97F98AB853DE1D8 ] C:\Program Files\netinst\csmancln.dll
13:14:19.0578 0x0938 C:\Program Files\netinst\csmancln.dll - ok
13:14:19.0593 0x0938 [ F6B028F55187426D23E37835F61F0670, 187B207984F703273907476966ACC1C014144591599A134D539B0EF08D9740BF ] C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll
13:14:19.0593 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll - ok
13:14:19.0593 0x0938 [ 4370A38F482759C625BC9D566D0EFD78, 1DAFB0667F1C4F1DF7CFAC0E0E991E2FAB3BE4E39626185B9360FEEEC100E97B ] C:\Program Files\netinst\csactcln.dll
13:14:19.0593 0x0938 C:\Program Files\netinst\csactcln.dll - ok
13:14:19.0593 0x0938 [ 7B70C0242712B020B51C674EA51CC29A, FA348BFE1BE68042124C01568EF1220B37358D755FE1D3DEE151970084E967EF ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll
13:14:19.0593 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll - ok
13:14:19.0609 0x0938 [ FA3B226E70DAF6C90D1761228D0013BE, CE86924E659353C7A585D7C52847A78E0FABAF2E90A49F3FC5C6FC7E695F75D9 ] C:\Program Files\netinst\CmsMaCltLib.dll
13:14:19.0609 0x0938 C:\Program Files\netinst\CmsMaCltLib.dll - ok
13:14:19.0609 0x0938 [ 63E8D944AFBEEBB243F25C4ED07E74C5, 848AEE9975218939F7EB2C3548EA6AE235C54B1B2E2AF6835A034976A0CFDD28 ] C:\WINDOWS\system32\inetmib1.dll
13:14:19.0609 0x0938 C:\WINDOWS\system32\inetmib1.dll - ok
13:14:19.0609 0x0938 [ AB22CAD443E9693C59E82D9EC3DF1B14, 73EB4BDDA5D082CB58148DAD2DD683B7EC4203DC3E375F2AC108585FE2BB2E6D ] C:\WINDOWS\system32\inetsrv\w3svc.dll
13:14:19.0609 0x0938 C:\WINDOWS\system32\inetsrv\w3svc.dll - ok
13:14:19.0609 0x0938 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] C:\WINDOWS\system32\trkwks.dll
13:14:19.0609 0x0938 C:\WINDOWS\system32\trkwks.dll - ok
13:14:19.0625 0x0938 [ 2C3640E8647F6AE9A50698B53AC95192, F7DAA54B72F986E0928F3A1C6C8BA3FD47566165BB62C5C87D2A34DA70FDB8F0 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPluginTray.dll
13:14:19.0625 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\OfcPluginTray.dll - ok
13:14:19.0625 0x0938 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
13:14:19.0625 0x0938 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
13:14:19.0625 0x0938 [ AF7A6C87C5C3BDBF708B1371FE5A38C5, ACA910075E3F191402B517CB8E7551662A87546814ADE15D26428A05458517FF ] C:\Program Files\netinst\CmsClntApi.dll
13:14:19.0625 0x0938 C:\Program Files\netinst\CmsClntApi.dll - ok
13:14:19.0640 0x0938 [ 087C6340B03D82A1AB69D6317E50434B, 8C8AFB3B49FEAE85DE8F3D032DF83DA65419186C3CE671DD7063686A37B8F54E ] C:\WINDOWS\system32\inetsrv\infocomm.dll
13:14:19.0640 0x0938 C:\WINDOWS\system32\inetsrv\infocomm.dll - ok
13:14:19.0640 0x0938 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] C:\WINDOWS\system32\wuauserv.dll
13:14:19.0640 0x0938 C:\WINDOWS\system32\wuauserv.dll - ok
13:14:19.0640 0x0938 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] C:\WINDOWS\system32\wuaueng.dll
13:14:19.0640 0x0938 C:\WINDOWS\system32\wuaueng.dll - ok
13:14:19.0640 0x0938 [ A8BE12886F6A6DD41D1F497BE1257D0A, 7B6CAAA8406818A6DC163D37B78DA8B347CE28E45B3015E76B60A02D345B67E6 ] C:\Program Files\netinst\CMSClntLib.dll
13:14:19.0640 0x0938 C:\Program Files\netinst\CMSClntLib.dll - ok
13:14:19.0656 0x0938 [ 415009D769F1651B83F59AD6625FCDD6, 69489ED2F880DBBF78F0E26BEA0D1018EDD2FE3965502BEDE9EBC7EFBB22A58B ] C:\WINDOWS\system32\inetsrv\isatq.dll
13:14:19.0656 0x0938 C:\WINDOWS\system32\inetsrv\isatq.dll - ok
13:14:19.0656 0x0938 [ 0E64ED5EB846635639B3C658E7711A5E, B6151B3F847121D259F6DC7BA77B4921BA7D2A5B7C0767CA8AFD4CCD13BDCF05 ] C:\WINDOWS\system32\inetsrv\iisfecnv.dll
13:14:19.0656 0x0938 C:\WINDOWS\system32\inetsrv\iisfecnv.dll - ok
13:14:19.0656 0x0938 [ AA146BECA421B20E3319EDA983DC17C1, 5131DDC5FD948204044BED5601E1D0C25BE9BFABEA0B57FF9054466780FFB245 ] C:\WINDOWS\system32\inetsrv\lonsint.dll
13:14:19.0656 0x0938 C:\WINDOWS\system32\inetsrv\lonsint.dll - ok
13:14:19.0671 0x0938 [ 1052A30843A752429AB223779D678AB2, F0336881B15BF0EB291D49818B5283D2317A2AEC6B793FAAE47EA0C4B9C502A2 ] C:\WINDOWS\system32\inetsrv\iscomlog.dll
13:14:19.0671 0x0938 C:\WINDOWS\system32\inetsrv\iscomlog.dll - ok
13:14:19.0671 0x0938 [ 0161C94DBBF5B7F478D97235F95040A1, 520585551B00E9B3F4D010BE45406070BA600B8C4DC98D4093E9205B2924A081 ] C:\WINDOWS\system32\inetsrv\sspifilt.dll
13:14:19.0671 0x0938 C:\WINDOWS\system32\inetsrv\sspifilt.dll - ok
13:14:19.0671 0x0938 [ F005DFD204C96C94D4F1ED32377EF256, 2888CD34012B3AE05C0DCFA6E5A0F4FBE334B5FF0CF623E373F665228F177C4A ] C:\WINDOWS\system32\inetsrv\compfilt.dll
13:14:19.0671 0x0938 C:\WINDOWS\system32\inetsrv\compfilt.dll - ok
13:14:19.0671 0x0938 [ ECA78193AB6F44F5B3DDEC6C4E069186, 5C798DF6801903F4F83EF156A499BAA33D61356A7816245376E9FF04C77052C3 ] C:\WINDOWS\system32\inetsrv\gzip.dll
13:14:19.0671 0x0938 C:\WINDOWS\system32\inetsrv\gzip.dll - ok
13:14:19.0687 0x0938 [ 5A1055ABBD8909B62AB70EE63AC9CA90, 24360D24E2EBB8C7B28C8E801E770713753C7BECDCF84F40822396FBD422F57A ] C:\WINDOWS\system32\inetsrv\pwsdata.dll
13:14:19.0687 0x0938 C:\WINDOWS\system32\inetsrv\pwsdata.dll - ok
13:14:19.0687 0x0938 [ F0F848EF2FE9107D07422F704EB549E7, AB7A2C509F638F34FE2E985853FC1E32C22696E7E6E5A3431BE570F786C10EB6 ] C:\WINDOWS\system32\inetsrv\md5filt.dll
13:14:19.0687 0x0938 C:\WINDOWS\system32\inetsrv\md5filt.dll - ok
13:14:19.0687 0x0938 [ 9B609463552D4413B4E37C9F0870F386, F8DC42BB0458057B3E273929A0F45C76B18CF50196450C0D7397DF49A1B38470 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll
13:14:19.0687 0x0938 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll - ok
13:14:19.0703 0x0938 [ C8B87FEA6BC1428B1A4A2C5964DC3DC5, EB92F7B7D46246DEAA2255486BBA41E5B76817DD04AAFF7F857A330BD063DE49 ] C:\WINDOWS\system32\inetsrv\httpext.dll
13:14:19.0703 0x0938 C:\WINDOWS\system32\inetsrv\httpext.dll - ok
13:14:19.0703 0x0938 [ CA2CB6E534C5FBCD41E811BA15723198, 196E0554DFA12036F56F66C2F4B6206DA50A4BE537A623702423C59FFCFF59AD ] C:\Program Files\netinst\clnexcln.dll
13:14:19.0703 0x0938 C:\Program Files\netinst\clnexcln.dll - ok
13:14:19.0703 0x0938 [ 0E35ABFE0E0D1D3DF6F6F8657530DE3E, 81082FEE61B6B4E5DDCF43EEA50FFBE9FBE8A499F5470BD425F98EBD5E98BC03 ] C:\Program Files\netinst\esiAdminLib.dll
13:14:19.0703 0x0938 C:\Program Files\netinst\esiAdminLib.dll - ok
13:14:19.0703 0x0938 [ 45AE139A4B7CB1951A37BCA3DC6CA372, 0B28ABDB35C85722A5B505E5F1BBB6FCD92E8BA58DA46EDC96CCA0CD9531E489 ] C:\WINDOWS\system32\inetsrv\iislog.dll
13:14:19.0703 0x0938 C:\WINDOWS\system32\inetsrv\iislog.dll - ok
13:14:19.0718 0x0938 [ 7FFD5A923B59A85915AC73DE63988F66, C30D2CF0D764A8EF2C9FF7C30FBFAF7F1E3C7E5CA87E969EB85403BEB5290A20 ] C:\Program Files\netinst\syncclnt.dll
13:14:19.0718 0x0938 C:\Program Files\netinst\syncclnt.dll - ok
13:14:19.0718 0x0938 [ 0A10C6741C45B3AD40FC603A58461B94, AA65A18ADE7F53A1920959B60610BB1B993655A2A03451C1292995A28831BAC9 ] C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
13:14:19.0718 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe - ok
13:14:19.0718 0x0938 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] C:\WINDOWS\system32\mspatcha.dll
13:14:19.0718 0x0938 C:\WINDOWS\system32\mspatcha.dll - ok
13:14:19.0734 0x0938 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] C:\WINDOWS\system32\browser.dll
13:14:19.0734 0x0938 C:\WINDOWS\system32\browser.dll - ok
13:14:19.0734 0x0938 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] C:\WINDOWS\system32\ipnathlp.dll
13:14:19.0734 0x0938 C:\WINDOWS\system32\ipnathlp.dll - ok
13:14:19.0734 0x0938 [ 50A7B4423EAE7C89B03BF4921F75968C, A5CFF83323777D884E6D527A0B15AE1695ABE2F99DB74546EED8142769A7AB1E ] C:\Program Files\netinst\mui\en-US\esiAdminLib.dll.MUI
13:14:19.0734 0x0938 C:\Program Files\netinst\mui\en-US\esiAdminLib.dll.MUI - ok
13:14:19.0734 0x0938 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\WINDOWS\system32\wups.dll
13:14:19.0734 0x0938 C:\WINDOWS\system32\wups.dll - ok
13:14:19.0750 0x0938 [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] C:\WINDOWS\system32\wups2.dll
13:14:19.0750 0x0938 C:\WINDOWS\system32\wups2.dll - ok
13:14:19.0750 0x0938 [ 2E0B0A051FFAA86E358465BB0880D453, 493CF6150DE95B269727631D50FE21405A41E449C4FF43E94F93D27559EA5624 ] C:\WINDOWS\system32\wuauclt.exe
13:14:19.0750 0x0938 C:\WINDOWS\system32\wuauclt.exe - ok
13:14:19.0750 0x0938 [ 227D933ED833E47A7EF524C155E4BD26, DEFBC31024FB60A4868EB0F941DD304C9F96CB18789211FEBDA47B64DB66F6D2 ] C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll
13:14:19.0750 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll - ok
13:14:19.0765 0x0938 [ 51A60CD97D70904311F39EA382E0FADE, A17FD0EAF12D44B98E4DA225EF3C741D54D27637AF55634352651A619D47B7F6 ] C:\Program Files\netinst\NiNetIP.dll
13:14:19.0765 0x0938 C:\Program Files\netinst\NiNetIP.dll - ok
13:14:19.0765 0x0938 [ 4EA92135C436D18975C2EBEC242B71DA, DD2B489667D9A196D120A9AE73E5DA9CECD92E876A59C9C0645DA4C641E8F4B4 ] C:\WINDOWS\system32\icmp.dll
13:14:19.0765 0x0938 C:\WINDOWS\system32\icmp.dll - ok
13:14:19.0765 0x0938 [ 86FCACA7E01F55894A8246A389BF2023, 4E80AAF92A6F8C5B51B177197712BCC6476C313830DF27A5E98D0E84018555A1 ] C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll
13:14:19.0765 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll - ok
13:14:19.0765 0x0938 [ 2FE271235B04F0F7409AFBC8E96BE027, 3C09286155EFBCD4BA545D078CF95AAD40130AE63CB9538E5437BCF9C62FBCD5 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll
13:14:19.0765 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll - ok
13:14:19.0781 0x0938 [ 849358F2EA6BE6F418E89FF8D3F955CE, 1697CB51CAC9BB28C9974D49C1C78A89E4567E94241FC992B3436C01647B84FB ] C:\Program Files\netinst\NiNetIPX.dll
13:14:19.0781 0x0938 C:\Program Files\netinst\NiNetIPX.dll - ok
13:14:19.0781 0x0938 [ C36BBC7EB77F2866234E73DB979454DC, F7D0F7565DE944C27C814DE3D8C251ADF9D06E33B3A0B37B8EA0EBCA83ABF6A5 ] C:\Program Files\Trend Micro\OfficeScan Client\ZLIB.DLL
13:14:19.0781 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\ZLIB.DLL - ok
13:14:19.0781 0x0938 [ 73072340083B539120DF37123A8B6466, 33D277E911DBC1DB7A07C01D1B02174B033112525F977489310E63886B98631A ] C:\Program Files\Trend Micro\OfficeScan Client\TmListen.dll
13:14:19.0781 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmListen.dll - ok
13:14:19.0796 0x0938 [ 32DA83A24D5350B70A557724CFFCB144, 3D601BB732D5EFA9DD4BC204FBB92C0D3B2F206C5F17C553605E9F3ABC4E7B9E ] C:\Program Files\netinst\NiNetNBT.dll
13:14:19.0796 0x0938 C:\Program Files\netinst\NiNetNBT.dll - ok
13:14:19.0796 0x0938 [ 1F65FE5671883973F9625D6458C8F004, 2738B9ED146F416C7BD121C0F698AE9F0A4F538625380C9FB2A95C747CA98D6B ] C:\Program Files\Trend Micro\OfficeScan Client\TmListenShare.dll
13:14:19.0796 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmListenShare.dll - ok
13:14:19.0796 0x0938 [ 2685F5A47BA02ED465CD898BF2F847EF, 3A86DE44B18F79D8E45C89518B9969A27AFE7CBDE68B137051E672F5E97EBB97 ] C:\Program Files\netinst\NiNetNT.dll
13:14:19.0796 0x0938 C:\Program Files\netinst\NiNetNT.dll - ok
13:14:19.0796 0x0938 [ 438CFC6D1AC1131953F2C31699C8A35F, 35702D8827E9FADED0C5FAB924E29A6AB64E535A326443DB9614CFB033CA593C ] C:\Program Files\Trend Micro\OfficeScan Client\libNetCtrl.dll
13:14:19.0796 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\libNetCtrl.dll - ok
13:14:19.0812 0x0938 [ A5CE0AD1FFAE68EA7F333497C7A560F9, 38BA2C3CEB9CEB7C7B0583CC2E7DA14473ED332E30F20060223AC4F6664D8B82 ] C:\Program Files\Trend Micro\OfficeScan Client\TmSock.dll
13:14:19.0812 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmSock.dll - ok
13:14:19.0812 0x0938 [ 5B24A151B955ADD67326554584297C39, 828A61B0E8666B0EE29AF582CB8DC5BFA9143F225539F25B195FE33334A544CB ] C:\WINDOWS\system32\wshnetbs.dll
13:14:19.0812 0x0938 C:\WINDOWS\system32\wshnetbs.dll - ok
13:14:19.0812 0x0938 [ 178F08F98AFCC84A432ED8521C17D99E, CD9B053921F0FEB8C25528A630D95F4CAE3043A7C5111DA8CF734792A7B86617 ] C:\Program Files\Trend Micro\OfficeScan Client\PccWFWMo.dll
13:14:19.0812 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\PccWFWMo.dll - ok
13:14:19.0828 0x0938 [ 6E8D640C1C34C280BE9AA9DF23A2220A, A7D27BB45254BD69382D7F734DF5AA12E91BC9237ECA841BE1CE476253125DBD ] C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll
13:14:19.0828 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll - ok
13:14:19.0828 0x0938 [ 85A652C4CF1BFD5913F98A1F8A11993E, C8BC8A377D3C1F76B1C6D499EC86FEBB4B62D719BB78DA916443C48308A10CD1 ] C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll
13:14:19.0828 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll - ok
13:14:19.0828 0x0938 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] C:\WINDOWS\system32\wscsvc.dll
13:14:19.0828 0x0938 C:\WINDOWS\system32\wscsvc.dll - ok
13:14:19.0828 0x0938 [ 4EFAA53C545F4FFB1EE0ED1709C15EA7, 21582B3A68E8753322A1B1C7E550AE7FD305DE4935DE68FBDE9F87570F484D00 ] C:\Program Files\Trend Micro\OfficeScan Client\zlibwapi.dll
13:14:19.0828 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\zlibwapi.dll - ok
13:14:19.0843 0x0938 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
13:14:19.0843 0x0938 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
13:14:19.0843 0x0938 [ 06F2AEA1065838AAE394553063CDF28E, 2B61C857C638097C3896CD2A4C55C3D423D531BD16D535DA91B7E90CC2BD42A4 ] C:\WINDOWS\system32\crtdll.dll
13:14:19.0843 0x0938 C:\WINDOWS\system32\crtdll.dll - ok
13:14:19.0843 0x0938 [ 538EF50A58814A9652B08B5E7515E8D7, F453AD47FEF8015E060419033103AB6915C108A8E0EC478868D0B0365BCCC130 ] C:\Program Files\Trend Micro\OfficeScan Client\Tmupdate.dll
13:14:19.0843 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\Tmupdate.dll - ok
13:14:19.0859 0x0938 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
13:14:19.0859 0x0938 C:\WINDOWS\system32\wbem\esscli.dll - ok
13:14:19.0859 0x0938 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
13:14:19.0859 0x0938 C:\WINDOWS\system32\wbem\fastprox.dll - ok
13:14:19.0859 0x0938 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
13:14:19.0859 0x0938 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
13:14:19.0859 0x0938 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
13:14:19.0859 0x0938 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
13:14:19.0875 0x0938 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
13:14:19.0875 0x0938 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
13:14:19.0875 0x0938 [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] C:\WINDOWS\system32\drprov.dll
13:14:19.0875 0x0938 C:\WINDOWS\system32\drprov.dll - ok
13:14:19.0875 0x0938 [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] C:\WINDOWS\system32\ntlanman.dll
13:14:19.0875 0x0938 C:\WINDOWS\system32\ntlanman.dll - ok
13:14:19.0890 0x0938 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
13:14:19.0890 0x0938 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
13:14:19.0890 0x0938 [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] C:\WINDOWS\system32\netui0.dll
13:14:19.0890 0x0938 C:\WINDOWS\system32\netui0.dll - ok
13:14:19.0890 0x0938 [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] C:\WINDOWS\system32\netui1.dll
13:14:19.0890 0x0938 C:\WINDOWS\system32\netui1.dll - ok
13:14:19.0890 0x0938 [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] C:\WINDOWS\system32\davclnt.dll
13:14:19.0890 0x0938 C:\WINDOWS\system32\davclnt.dll - ok
13:14:19.0906 0x0938 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
13:14:19.0906 0x0938 C:\WINDOWS\system32\wbem\wbemess.dll - ok
13:14:19.0906 0x0938 [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] C:\WINDOWS\system32\wuapi.dll
13:14:19.0906 0x0938 C:\WINDOWS\system32\wuapi.dll - ok
13:14:19.0906 0x0938 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
13:14:19.0906 0x0938 C:\WINDOWS\system32\wbem\ncprov.dll - ok
13:14:19.0921 0x0938 [ F92E1076C42FCD6DB3D72D8CFE9816D5, 94135ACF2D9426BB78E4522429120B03D94B541422C277B9ACA31410874A464C ] C:\WINDOWS\system32\wscntfy.exe
13:14:19.0921 0x0938 C:\WINDOWS\system32\wscntfy.exe - ok
13:14:19.0921 0x0938 [ 4FB68D1AD8CAD9A627CE71AB3D9B525C, 164640A2436DFF41AE8E3D9093C4B087BF8C5F995631B6E3D5AB9CED3C0A85D5 ] C:\Program Files\Trend Micro\OfficeScan Client\TMNotify.dll
13:14:19.0921 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TMNotify.dll - ok
13:14:19.0921 0x0938 [ 9AA69A2F61E7C4F1C6D94A6C3E3680E0, 33B4B1D44D6A571059F112E429F984D18C2AAD98AE89B43EFB17F09EB0DAF897 ] C:\Program Files\Trend Micro\OfficeScan Client\libeay32.dll
13:14:19.0921 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\libeay32.dll - ok
13:14:19.0921 0x0938 [ DF6FEFE6F98FAFD3E5CE55C81079AF23, 7C0682F924C9AFEC4528E4CD2049677E4849F67A0B37242F5015ABBB0FCC3AAE ] C:\Program Files\Trend Micro\OfficeScan Client\ssleay32.dll
13:14:19.0921 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\ssleay32.dll - ok
13:14:19.0937 0x0938 [ 4EF524AFA6148EE87C19222E6771297A, 0A3C86232991B95D808CB87587D4701205C148835B9940C0341292BE3ED9F0EB ] C:\Program Files\Trend Micro\OfficeScan Client\tmfbeng.dll
13:14:19.0937 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\tmfbeng.dll - ok
13:14:19.0937 0x0938 [ D2F600A2C151A1FDC33B2B181B2BFAD4, 594CF41E5B63F524C84A5777F966BE3E0C8B295F18DC5E424AC821C2C47AC202 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcTmProxy.dll
13:14:19.0937 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\OfcTmProxy.dll - ok
13:14:19.0937 0x0938 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] C:\WINDOWS\system32\netcfgx.dll
13:14:19.0937 0x0938 C:\WINDOWS\system32\netcfgx.dll - ok
13:14:19.0953 0x0938 [ D8D3C0014C305C5A43DD1F715A1100B0, 0C9D0493534159537B03494B87D60C4F0317738A0CC21BED7368E425DAC5738F ] C:\Program Files\Trend Micro\OfficeScan Client\TmExtIns.exe
13:14:19.0953 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmExtIns.exe - ok
13:14:19.0953 0x0938 [ C14AA05881A35B6D6BB8D55B117EE22D, F30873FA983CE21734BE1A357CDF855EF33511990C14B454EBAA3D6059CD823D ] C:\WINDOWS\system32\shfolder.dll
13:14:19.0953 0x0938 C:\WINDOWS\system32\shfolder.dll - ok
13:14:19.0953 0x0938 [ EBE2FE6BD9B938789D7B3BD56A788230, 536FDD710EB356FFEAE9FCF175A9C12C4E5696A1173C9393C87D025970EC56D5 ] C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll
13:14:19.0953 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll - ok
13:14:19.0968 0x0938 [ 4D34E18A2F895ACB4903A299E922314B, 7289CAF00F0D39A5F0DE812A7197F6B1D2B88DDC171D0E33336523F9E128BF46 ] C:\DOCUME~1\user\LOCALS~1\Temp\{714AB8A8-C785-4504-8070-2C3ACE643A42}.exe
13:14:19.0968 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{714AB8A8-C785-4504-8070-2C3ACE643A42}.exe - ok
13:14:19.0968 0x0938 [ 2CACCC1D3C91DFC1B0BEC2E5D03EBC4F, 2FD66D6C7202BEC94CE1CEEA5079A73B9EB6A25DEC0ECD1E9AD9FC72B6FD45E7 ] C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.dll
13:14:19.0968 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.dll - ok
13:14:19.0968 0x0938 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
13:14:19.0968 0x0938 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
13:14:19.0968 0x0938 [ 037B1E7798960E0420003D05BB577EE6, DEE53D6D332DADD40C0CE34A425A6C0781F611765DCD4299D869F2B1EE80AE66 ] C:\WINDOWS\system32\rundll32.exe
13:14:19.0968 0x0938 C:\WINDOWS\system32\rundll32.exe - ok
13:14:19.0984 0x0938 [ E59170B1797948F1043576EE53348CED, 7CB6E81657A2BF86546476DFA873C03F667C756CDEFA48CFD65440C1041573F4 ] C:\PROGRA~1\netinst\nihwmgnt.dll
13:14:19.0984 0x0938 C:\PROGRA~1\netinst\nihwmgnt.dll - ok
13:14:19.0984 0x0938 [ 115332A83AC2726FA974D30DB4BFD8DE, D86869A8CA6824CF8D3703420FCF6EC3E7E70CEEF05E230BDE1250C4550C7356 ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
13:14:19.0984 0x0938 C:\Program Files\Analog Devices\Core\smax4pnp.exe - ok
13:14:19.0984 0x0938 [ 001201D08F51AE90C8B28A93AF3B53EF, 343324AFC58BD2E80064784B5E6D895FE28E3A6F53F709690227630E8A23FF85 ] C:\Program Files\netinst\eTray.exe
13:14:19.0984 0x0938 C:\Program Files\netinst\eTray.exe - ok
13:14:20.0000 0x0938 [ E97140424C378ACBD47DF493A6AB7235, 00F26F670AD6B03C465C4FC834DC993B551B8A8E73B603FE7B9CFFA893094A3D ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
13:14:20.0000 0x0938 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
13:14:20.0000 0x0938 [ 63368D3E65AACE7D26F69D8B29384243, 1F3EE92038958ACCB766C41B5FE730E73117C5436259E93894CDCD23B198570A ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
13:14:20.0000 0x0938 C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
13:14:20.0000 0x0938 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:14:20.0000 0x0938 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
13:14:20.0000 0x0938 [ 03C76895F47A1339A697269000675266, 10C28DFF648A6510830F3F1FFCAADAA3E62E1A40C3426D92D4373DF33B0FD576 ] C:\WINDOWS\system32\newdev.dll
13:14:20.0000 0x0938 C:\WINDOWS\system32\newdev.dll - ok
13:14:20.0015 0x0938 [ A774AADDAEF9ECD565A5376F08995789, D7E9B9F0112382B8E774AA7DEA9EE80B221A90871636D710CE09DD3BFAE44986 ] C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
13:14:20.0015 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe - ok
13:14:20.0015 0x0938 [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] C:\WINDOWS\system32\linkinfo.dll
13:14:20.0015 0x0938 C:\WINDOWS\system32\linkinfo.dll - ok
13:14:20.0015 0x0938 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
13:14:20.0015 0x0938 C:\WINDOWS\system32\ntshrui.dll - ok
13:14:20.0031 0x0938 [ 4C39358EBDD2FFCD9132A30E1EC31E16, 06918CF99AD26CD6CF106881C0D5BDB212DC0BAC4549805C9F5906E3D03D152C ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
13:14:20.0031 0x0938 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
13:14:20.0031 0x0938 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
13:14:20.0031 0x0938 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
13:14:20.0031 0x0938 [ ED4E01BF881E20D7BED5DAEFA54950E1, 2B7069E9EC3DE3731EE44BCEEFC9EC9C63C05E96BBF7942749F15C5AFDDAB0EB ] C:\PROGRA~1\TRENDM~1\OFFICE~1\tmufeng.dll
13:14:20.0031 0x0938 C:\PROGRA~1\TRENDM~1\OFFICE~1\tmufeng.dll - ok
13:14:20.0031 0x0938 [ 2E5212A0BFB98FE0167C92C76C87AFE3, 8C8ACD175A626453878154AF48760D99979C6D2836BC4816575B347C668D4F9E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
13:14:20.0031 0x0938 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
13:14:20.0046 0x0938 [ 32F4B6D627297C567C7AFA929FE6430E, 601A1027F675B29F022F6C152ECD2FF3EE4F01F479EED66023C66813E50A4D83 ] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
13:14:20.0046 0x0938 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - ok
13:14:20.0046 0x0938 [ 73D90A309AB764411A07D4FE7351BB28, 8AB99368A403C9762FFB490A7417097511CECA25B4FB66002569EC4822954A5A ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
13:14:20.0046 0x0938 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
13:14:20.0046 0x0938 [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files\iTunes\iTunesHelper.exe
13:14:20.0046 0x0938 C:\Program Files\iTunes\iTunesHelper.exe - ok
13:14:20.0046 0x0938 [ 8E16BF5600797E678EA97051CF93E6BF, D9EA7C799AA0BD71FA99731A0AD6B0AEB1D85741285405BFFF8F2C7E5935D714 ] C:\WINDOWS\system32\dumprep.exe
13:14:20.0046 0x0938 C:\WINDOWS\system32\dumprep.exe - ok
13:14:20.0062 0x0938 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:14:20.0062 0x0938 C:\WINDOWS\system32\ctfmon.exe - ok
13:14:20.0062 0x0938 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
13:14:20.0062 0x0938 C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - ok
13:14:20.0062 0x0938 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] C:\WINDOWS\system32\MSCTF.dll
13:14:20.0062 0x0938 C:\WINDOWS\system32\MSCTF.dll - ok
13:14:20.0078 0x0938 [ F6041A72058ADD22166C31B5FD5E919C, 3B10A1273C7E687B1C2D5895B576D4786E4D051E06D001F7B7B969401C58FD2D ] C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe
13:14:20.0078 0x0938 C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe - ok
13:14:20.0078 0x0938 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] C:\WINDOWS\system32\alg.exe
13:14:20.0078 0x0938 C:\WINDOWS\system32\alg.exe - ok
13:14:20.0078 0x0938 [ 606CE3CED3ED3E29E72A7829F2B4EC4D, 05FAB570567302FAEAEDFBA7D0FEC7692D1270A366442C341AD014D97F8F23C9 ] C:\WINDOWS\system32\SynTPFcs.dll
13:14:20.0078 0x0938 C:\WINDOWS\system32\SynTPFcs.dll - ok
13:14:20.0078 0x0938 [ 6BEEA8D05C9144DC17C9E93B1DCA645B, A0207345B7054F253604F963C2232B9E8603DB0DD98A19ED3B9E83D66F3165C5 ] C:\Program Files\iTunes\iTunesHelper.dll
13:14:20.0078 0x0938 C:\Program Files\iTunes\iTunesHelper.dll - ok
13:14:20.0093 0x0938 [ CDBE9690CF2B8409FACAD94FAC9479C9, 8E7FE1A1F3550C479FFD86A77BC9D10686D47F8727025BB891D8F4F0259354C8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
13:14:20.0093 0x0938 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
13:14:20.0093 0x0938 [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] C:\WINDOWS\system32\webcheck.dll
13:14:20.0093 0x0938 C:\WINDOWS\system32\webcheck.dll - ok
13:14:20.0093 0x0938 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] C:\WINDOWS\system32\msutb.dll
13:14:20.0093 0x0938 C:\WINDOWS\system32\msutb.dll - ok
13:14:20.0109 0x0938 [ B803132B79EB449F3E7ED04988AFEA1A, F789763E1C4800FDD20A058EDCF5C179E6DE3374456C0041B2D88C39AB9CBBFE ] C:\Program Files\Analog Devices\Core\smwdmif.dll
13:14:20.0109 0x0938 C:\Program Files\Analog Devices\Core\smwdmif.dll - ok
13:14:20.0109 0x0938 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
13:14:20.0109 0x0938 C:\WINDOWS\system32\mlang.dll - ok
13:14:20.0109 0x0938 [ 7647660D3402CCE55D49AF11F6A02F45, 16ADEFA3621C96204DD4BA15644E7168125FD2BA9023956D1B1B2CA79BACADFE ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
13:14:20.0109 0x0938 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
13:14:20.0109 0x0938 [ DA24EDFC1D6C1B67C010D34652B7052F, 0499E99F7B794C1FE8E8C03658F0DCDFC3B0FF5315A1871FCB0C33D612A15BD1 ] C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\goopdate.dll
13:14:20.0109 0x0938 C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\goopdate.dll - ok
13:14:20.0125 0x0938 [ DD4E70222498A50840FB365D548CBA0C, 6A3C9ACDC932DA275AC08FF4E959A6F3235A37746CE22AE49902653B294680BD ] C:\WINDOWS\system32\SynTPAPI.dll
13:14:20.0125 0x0938 C:\WINDOWS\system32\SynTPAPI.dll - ok
13:14:20.0125 0x0938 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3, 4687B8DD40CA9B83AA5CE1268F62476EBA886C10CC8B7B5AB716E4C56AF1EEAF ] C:\WINDOWS\system32\dsound.dll
13:14:20.0125 0x0938 C:\WINDOWS\system32\dsound.dll - ok
13:14:20.0125 0x0938 [ C3EF5513D0F18A7900DE9E3BE8736F4E, 236D737C74EE82563F70384947BA794FC23EE9DC41499C38AC56DF7CE0CDC618 ] C:\Program Files\Trend Micro\OfficeScan Client\NTMonRes.dll
13:14:20.0125 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\NTMonRes.dll - ok
13:14:20.0140 0x0938 [ 2664048B560DF3433C0186435E3BB63D, 452E07A9218B2F7F488DDC56E6760D9164ED4FE26A42223FE11E9958675CD1E7 ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
13:14:20.0140 0x0938 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
13:14:20.0140 0x0938 [ 0099D24356585743B0B35C222092FD8F, 9EBC6DF134F0A2984E6385FD9CAD25961D2D789B94A0F8AD9F255947A790655F ] C:\WINDOWS\system32\faultrep.dll
13:14:20.0140 0x0938 C:\WINDOWS\system32\faultrep.dll - ok
13:14:20.0140 0x0938 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] C:\WINDOWS\ime\SPTIP.dll
13:14:20.0140 0x0938 C:\WINDOWS\ime\SPTIP.dll - ok
13:14:20.0140 0x0938 [ 6895427873D6C37A6D6DA7C3DB37DA14, 199E55B171752B32E172913BDD79D86E7298C7C6B838F871E937B5E1DF8C59F4 ] C:\WINDOWS\system32\licwmi.dll
13:14:20.0140 0x0938 C:\WINDOWS\system32\licwmi.dll - ok
13:14:20.0156 0x0938 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] C:\WINDOWS\system32\imapi.exe
13:14:20.0156 0x0938 C:\WINDOWS\system32\imapi.exe - ok
13:14:20.0156 0x0938 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
13:14:20.0156 0x0938 C:\WINDOWS\system32\wbem\framedyn.dll - ok
13:14:20.0156 0x0938 [ FACCA225EA28985C0574C19927746B8B, 8A248C342E392A4CB07B29595A6CA37F79CC7036125CDB8E630B6466D00309EB ] C:\PROGRA~1\TRENDM~1\OFFICE~1\TmpxCfg.dll
13:14:20.0156 0x0938 C:\PROGRA~1\TRENDM~1\OFFICE~1\TmpxCfg.dll - ok
13:14:20.0171 0x0938 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9, F64DEF5213CC6E96DD62125A3D44522200F66FF6A2CBA198096484F61D1C088B ] C:\WINDOWS\system32\ksuser.dll
13:14:20.0171 0x0938 C:\WINDOWS\system32\ksuser.dll - ok
13:14:20.0171 0x0938 [ 3B961948665558C20EDBEF74F547D872, 74F119C2E671B5A5EC79EDF14A068A63885920999F5F6792F893151582854B19 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
13:14:20.0171 0x0938 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
13:14:20.0171 0x0938 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] C:\WINDOWS\system32\stobject.dll
13:14:20.0171 0x0938 C:\WINDOWS\system32\stobject.dll - ok
13:14:20.0171 0x0938 [ A693A49A67673F2C8D76797EA9A628D0, 479B6AE531EACC2A8C1B6BDE2AC1F6938753105790B0F04F81477F4CCD1C276E ] C:\WINDOWS\system32\licdll.dll
13:14:20.0171 0x0938 C:\WINDOWS\system32\licdll.dll - ok
13:14:20.0187 0x0938 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] C:\WINDOWS\system32\batmeter.dll
13:14:20.0187 0x0938 C:\WINDOWS\system32\batmeter.dll - ok
13:14:20.0187 0x0938 [ 7A4609AABE8E8492288DF9C00A7ED870, B702B8908F4961BE5581E66F1FFCEBE7E91822C5A0CE86DF26562FCB0605DE94 ] C:\Program Files\netinst\bloonsrv.dll
13:14:20.0187 0x0938 C:\Program Files\netinst\bloonsrv.dll - ok
13:14:20.0187 0x0938 [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] C:\WINDOWS\system32\upnp.dll
13:14:20.0187 0x0938 C:\WINDOWS\system32\upnp.dll - ok
13:14:20.0203 0x0938 [ A1E51EF686802AEEBE270887F94A8A4C, B4958A44426AA7EF06173461ACE240D70E9BEB1650D2041B21BC2596E7D6CD59 ] C:\Program Files\netinst\etrayrtl.dll
13:14:20.0203 0x0938 C:\Program Files\netinst\etrayrtl.dll - ok
13:14:20.0203 0x0938 [ D5A444B63637EC0932172C6719A10252, 5B2F51B102EB3FE551A5D727D5280BA9417C3AC62E224997A3549F19677EAEE0 ] C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\GoogleCrashHandler.exe
13:14:20.0203 0x0938 C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.7\GoogleCrashHandler.exe - ok
13:14:20.0203 0x0938 [ 66D4F63628490F1D28DB338206F377A3, 25BECEB2874505FD60D0DCB1C4F4076C469BA5F16101824D19F3555362970228 ] C:\Program Files\netinst\mui\en-US\etray.exe.MUI
13:14:20.0203 0x0938 C:\Program Files\netinst\mui\en-US\etray.exe.MUI - ok
13:14:20.0203 0x0938 [ 9908C758CF947A70BD97967C7884785A, CFCD9367125683300BBE15F138E8F871F133E12EA6969B94CEA85E597339CB79 ] C:\Program Files\netinst\etrayext\AwEvPRv.DLL
13:14:20.0203 0x0938 C:\Program Files\netinst\etrayext\AwEvPRv.DLL - ok
13:14:20.0218 0x0938 [ 3FB692CFFC0FEAC59B5D6625FC1FC4DD, CCA3EEAB1485829C530C784AABD719F637431B9098CFBF6462EAC2EF58D0AC82 ] C:\Program Files\netinst\etrayext\etabout.dll
13:14:20.0218 0x0938 C:\Program Files\netinst\etrayext\etabout.dll - ok
13:14:20.0218 0x0938 [ 90FD99CDC799845762FD66436C3F5086, 019F573E88DFDBADF649A9453F46D85EFBDE5BF6C96A17FE6C3AD511ADA1F63A ] C:\Program Files\netinst\etrayext\etactext.dll
13:14:20.0218 0x0938 C:\Program Files\netinst\etrayext\etactext.dll - ok
13:14:20.0218 0x0938 [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] C:\WINDOWS\system32\ssdpapi.dll
13:14:20.0218 0x0938 C:\WINDOWS\system32\ssdpapi.dll - ok
13:14:20.0234 0x0938 [ A183AF497C5B9F6C7E71CA73671E5F3D, 5CD54ECDDCB61F790617CF2948A4BF44657D19B5158DA87A9577ADB1B1D7EB50 ] C:\Program Files\netinst\etrayext\etcsmmod.dll
13:14:20.0234 0x0938 C:\Program Files\netinst\etrayext\etcsmmod.dll - ok
13:14:20.0234 0x0938 [ BD1A23AF5FA5B70456DE4AB99D6014E9, 00FD9ACADEADF40525834541B3849C6AA5602E5CF9C54883808E23174ECE7DC0 ] C:\Program Files\netinst\etrayext\etcsmrst.dll
13:14:20.0234 0x0938 C:\Program Files\netinst\etrayext\etcsmrst.dll - ok
13:14:20.0234 0x0938 [ EA3F20987701D14163AE380FEDD9E938, D738D34925B6E8F3A104ABB67FD8F7C7D088019F5F1FAC4F8DB016CD5A61C9CA ] C:\Program Files\netinst\etrayext\etexit.dll
13:14:20.0234 0x0938 C:\Program Files\netinst\etrayext\etexit.dll - ok
13:14:20.0234 0x0938 [ 5F621F0E0A21F316CFD2ACB38E68152B, 0E26471956B780978CE99B5E041905DC88D89D31F74FED98A8BA3696970FA1D0 ] C:\Program Files\netinst\etrayext\ethelp.dll
13:14:20.0234 0x0938 C:\Program Files\netinst\etrayext\ethelp.dll - ok
13:14:20.0250 0x0938 [ 5411E6F8C9BCD0127CBAAFBE75580308, 2F872BF743647E10C99B266C415884B9DE25E8590A7BE647129E906936AC6247 ] C:\Program Files\netinst\etrayext\ethideai.dll
13:14:20.0250 0x0938 C:\Program Files\netinst\etrayext\ethideai.dll - ok
13:14:20.0250 0x0938 [ 91A99680B8DE55AC8709EC3BD677E3D6, 0A9CD475FAC938BB81B1B17B9DB058144193D5EB6175812BC544CC8F0255D872 ] C:\Program Files\netinst\etrayext\ethideii.dll
13:14:20.0250 0x0938 C:\Program Files\netinst\etrayext\ethideii.dll - ok
13:14:20.0250 0x0938 [ 78E4ECFB5474C418CBEE4795C9E2C480, 23078781B72A9573D887F71E9227F76845D43A0EFE65E73C12AF3864DE254CFE ] C:\Program Files\netinst\etrayext\etinsdet.dll
13:14:20.0250 0x0938 C:\Program Files\netinst\etrayext\etinsdet.dll - ok
13:14:20.0265 0x0938 [ 1BAB298B491D69E2E26F406791834B60, 131488866403071E866F6699D5B5114B96B0A26974377F246BC696D9D6ACE73D ] C:\Program Files\netinst\etrayext\etshowai.dll
13:14:20.0265 0x0938 C:\Program Files\netinst\etrayext\etshowai.dll - ok
13:14:20.0265 0x0938 [ A1449C357D5848EE863BCFEE686C1BDF, 11CDE874A97658C78C184AD0160767D666A6D852565BEF9F4059478758392F4E ] C:\Program Files\netinst\etrayext\etshowii.dll
13:14:20.0265 0x0938 C:\Program Files\netinst\etrayext\etshowii.dll - ok
13:14:20.0265 0x0938 [ 317495CA6640C879CFFC18DEBCA8FE7F, EBC4DB4B83AB562373A4FCA30688845DC9F77C70831DEB57385D5AED4582B1B3 ] C:\Program Files\netinst\etrayext\etstrtii.dll
13:14:20.0265 0x0938 C:\Program Files\netinst\etrayext\etstrtii.dll - ok
13:14:20.0265 0x0938 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] C:\WINDOWS\system32\drivers\http.sys
13:14:20.0265 0x0938 C:\WINDOWS\system32\drivers\http.sys - ok
13:14:20.0281 0x0938 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] C:\WINDOWS\system32\rasdlg.dll
13:14:20.0281 0x0938 C:\WINDOWS\system32\rasdlg.dll - ok
13:14:20.0281 0x0938 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] C:\WINDOWS\system32\ssdpsrv.dll
13:14:20.0281 0x0938 C:\WINDOWS\system32\ssdpsrv.dll - ok
13:14:20.0281 0x0938 [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] C:\Program Files\iPod\bin\iPodService.exe
13:14:20.0281 0x0938 C:\Program Files\iPod\bin\iPodService.exe - ok
13:14:20.0296 0x0938 [ 92C229CBE688A7E274D39739954A4DA4, ADD6BC96333CA3CFBE984A940B60009CE8224A9D42A6DAFD7C8F95FEA176F340 ] C:\PROGRA~1\TRENDM~1\OFFICE~1\tmaseng.dll
13:14:20.0296 0x0938 C:\PROGRA~1\TRENDM~1\OFFICE~1\tmaseng.dll - ok
13:14:20.0296 0x0938 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9, 8CF9C8882C1DF59E51E2D65425C595E1C37005E6F94C47EBCDEBFF991788C162 ] C:\WINDOWS\system32\msxml6.dll
13:14:20.0296 0x0938 C:\WINDOWS\system32\msxml6.dll - ok
13:14:20.0296 0x0938 [ 3D54E4179BB1146A7B19975C691C74CA, 9D8E7507EAC13CA631EA11EAEB22B7EF5081AFB61B1C5C3627C1A37BF12D8CCD ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
13:14:20.0296 0x0938 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
13:14:20.0296 0x0938 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{DD06299F-03CC-44F9-BC7F-3DF2DE9FA092}.tmp
13:14:20.0296 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{DD06299F-03CC-44F9-BC7F-3DF2DE9FA092}.tmp - ok
13:14:20.0312 0x0938 [ 76FA286F72CDD155234ED34F37C85AC2, E80C156ED655F342228284A8E400F7FC43DE8D1810EB978DE2346F132C2B056B ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
13:14:20.0312 0x0938 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
13:14:20.0312 0x0938 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{BF0B7D85-392C-4834-9171-C85102AA1C45}.tmp
13:14:20.0312 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{BF0B7D85-392C-4834-9171-C85102AA1C45}.tmp - ok
13:14:20.0312 0x0938 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{893D1BA5-C8E2-430B-9A87-77D9309AFFB7}.tmp
13:14:20.0312 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{893D1BA5-C8E2-430B-9A87-77D9309AFFB7}.tmp - ok
13:14:20.0328 0x0938 [ 3245606BADBD5D0ABECAB2A0CB1EB796, DECBCA3E217A193F3BE42283C7B87616FFF83C0D42C5A4CCC321A396B4AD127B ] C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
13:14:20.0328 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll - ok
13:14:20.0328 0x0938 [ 8D3DC7F2689583C5EF34BE16902407FE, 2D35CA5FC2E6BD06323558A44DDC0B2C6A2220A80F2C00FBAFB09C73087FE1DF ] C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
13:14:20.0328 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe - ok
13:14:20.0328 0x0938 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{BC0ABC62-A658-4172-9905-938F0562FDF5}.tmp
13:14:20.0328 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{BC0ABC62-A658-4172-9905-938F0562FDF5}.tmp - ok
13:14:20.0328 0x0938 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{F66BDEBD-5386-4854-B9DD-4254804186F3}.tmp
13:14:20.0328 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{F66BDEBD-5386-4854-B9DD-4254804186F3}.tmp - ok
13:14:20.0343 0x0938 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{FE78C368-3599-4803-86CA-BCE001951CBE}.tmp
13:14:20.0343 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{FE78C368-3599-4803-86CA-BCE001951CBE}.tmp - ok
13:14:20.0343 0x0938 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{707B1892-0486-4D12-896D-EA72199F98B4}.tmp
13:14:20.0343 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{707B1892-0486-4D12-896D-EA72199F98B4}.tmp - ok
13:14:20.0343 0x0938 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{3C278F38-6437-4638-AFAF-2220E89E6137}.tmp
13:14:20.0343 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{3C278F38-6437-4638-AFAF-2220E89E6137}.tmp - ok
13:14:20.0359 0x0938 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{831FE7A4-C197-4BAB-8467-5EC18E77544A}.tmp
13:14:20.0359 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{831FE7A4-C197-4BAB-8467-5EC18E77544A}.tmp - ok
13:14:20.0359 0x0938 [ 86042F6F6A5287EAF9379C91D0BF72B6, 92E5974DFD91ACEBF5D8BD5F14361C0AFD7528EF6503D1D8A8C26E64C115A0CB ] C:\WINDOWS\system32\dwwin.exe
13:14:20.0359 0x0938 C:\WINDOWS\system32\dwwin.exe - ok
13:14:20.0359 0x0938 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{3EC8DFC6-A8E0-4A7B-9346-B99CB5138BA8}.tmp
13:14:20.0359 0x0938 C:\DOCUME~1\user\LOCALS~1\Temp\{06F8CE66-324A-45C5-9288-04CDB3F4B54A}\{3EC8DFC6-A8E0-4A7B-9346-B99CB5138BA8}.tmp - ok
13:14:20.0359 0x0938 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
13:14:20.0359 0x0938 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
13:14:20.0375 0x0938 [ EF32415C2755E66CA1B345DF68C71243, AAD88984799414684E83F894254A4CA2E61F8B7D0EE28F9A7BF6CC8A0B479903 ] C:\WINDOWS\system32\1033\dwintl.dll
13:14:20.0375 0x0938 C:\WINDOWS\system32\1033\dwintl.dll - ok
13:14:20.0375 0x0938 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] C:\WINDOWS\system32\tapisrv.dll
13:14:20.0375 0x0938 C:\WINDOWS\system32\tapisrv.dll - ok
13:14:20.0375 0x0938 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] C:\WINDOWS\system32\rasmans.dll
13:14:20.0375 0x0938 C:\WINDOWS\system32\rasmans.dll - ok
13:14:20.0390 0x0938 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] C:\WINDOWS\system32\rastapi.dll
13:14:20.0390 0x0938 C:\WINDOWS\system32\rastapi.dll - ok
13:14:20.0390 0x0938 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] C:\WINDOWS\system32\drivers\hidclass.sys
13:14:20.0390 0x0938 C:\WINDOWS\system32\drivers\hidclass.sys - ok
13:14:20.0390 0x0938 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] C:\WINDOWS\system32\drivers\hidusb.sys
13:14:20.0390 0x0938 C:\WINDOWS\system32\drivers\hidusb.sys - ok
13:14:20.0390 0x0938 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] C:\WINDOWS\system32\unimdm.tsp
13:14:20.0390 0x0938 C:\WINDOWS\system32\unimdm.tsp - ok
13:14:20.0406 0x0938 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] C:\WINDOWS\system32\drivers\mouhid.sys
13:14:20.0406 0x0938 C:\WINDOWS\system32\drivers\mouhid.sys - ok
13:14:20.0406 0x0938 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] C:\WINDOWS\system32\uniplat.dll
13:14:20.0406 0x0938 C:\WINDOWS\system32\uniplat.dll - ok
13:14:20.0406 0x0938 [ 19AE6CBA05B9005698A6DEDCC88F202E, 047016D4989FB1460BE11C0C22E10858E3D6598EBA31C98B8489413C1A350A9C ] C:\WINDOWS\system32\unimdmat.dll
13:14:20.0406 0x0938 C:\WINDOWS\system32\unimdmat.dll - ok
13:14:20.0421 0x0938 [ B1A6D03E435FC3800C9EB6F46CBFE28C, 02C5F522459B334FF1DF7174678E65167122276DD1E310DF2367E560460A2EED ] C:\Program Files\Trend Micro\OfficeScan Client\TMBMCLI.dll
13:14:20.0421 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TMBMCLI.dll - ok
13:14:20.0421 0x0938 [ FE4A73CDBC882A19D070F1C01586E81A, EAF450BA7E168EA41EAA7556E14CBDFCF1B96D7E57A17EC20C3BECFDA9FDFD9A ] C:\WINDOWS\system32\modemui.dll
13:14:20.0421 0x0938 C:\WINDOWS\system32\modemui.dll - ok
13:14:20.0421 0x0938 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] C:\WINDOWS\system32\kmddsp.tsp
13:14:20.0421 0x0938 C:\WINDOWS\system32\kmddsp.tsp - ok
13:14:20.0421 0x0938 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] C:\WINDOWS\system32\wbem\wmipcima.dll
13:14:20.0421 0x0938 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
13:14:20.0437 0x0938 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] C:\WINDOWS\system32\ndptsp.tsp
13:14:20.0437 0x0938 C:\WINDOWS\system32\ndptsp.tsp - ok
13:14:20.0437 0x0938 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] C:\WINDOWS\system32\ipconf.tsp
13:14:20.0437 0x0938 C:\WINDOWS\system32\ipconf.tsp - ok
13:14:20.0437 0x0938 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] C:\WINDOWS\system32\h323.tsp
13:14:20.0437 0x0938 C:\WINDOWS\system32\h323.tsp - ok
13:14:20.0453 0x0938 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] C:\WINDOWS\system32\hidphone.tsp
13:14:20.0453 0x0938 C:\WINDOWS\system32\hidphone.tsp - ok
13:14:20.0453 0x0938 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] C:\WINDOWS\system32\hid.dll
13:14:20.0453 0x0938 C:\WINDOWS\system32\hid.dll - ok
13:14:20.0453 0x0938 [ 810DD061653F6A8DE7570FDA191C8F3C, 4E78E24110F672A49EC0945F985A3686B46DE522827199FD644EDC4F5D5CC63D ] C:\Program Files\Trend Micro\OfficeScan Client\TmEngDrv.dll
13:14:20.0453 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\TmEngDrv.dll - ok
13:14:20.0453 0x0938 [ 72174586311092393977B3BF13ADA779, DD98651C3D6C5CAF959F3A5D3648D647F8935DBB5B1EB0A787B03D871A998BD4 ] C:\WINDOWS\system32\syssetup.dll
13:14:20.0453 0x0938 C:\WINDOWS\system32\syssetup.dll - ok
13:14:20.0468 0x0938 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] C:\WINDOWS\system32\rasppp.dll
13:14:20.0468 0x0938 C:\WINDOWS\system32\rasppp.dll - ok
13:14:20.0468 0x0938 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] C:\WINDOWS\system32\ntlsapi.dll
13:14:20.0468 0x0938 C:\WINDOWS\system32\ntlsapi.dll - ok
13:14:20.0468 0x0938 [ 5B80E7FBD710D0C19A93E41C2BA90E09, 5DBA4E8BECD5F905739E298C7B52BC18A0C2E311A7F396A887614986384FF310 ] C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
13:14:20.0468 0x0938 C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe - ok
13:14:20.0484 0x0938 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] C:\WINDOWS\system32\rasqec.dll
13:14:20.0484 0x0938 C:\WINDOWS\system32\rasqec.dll - ok
13:14:20.0765 0x0938 AV detected via SS1: Trend Micro OfficeScan Antivirus, 10.6, enabled, outofdate
13:14:20.0765 0x0938 Win FW state via NFM: enabled
13:14:20.0765 0x0938 ============================================================
13:14:20.0765 0x0938 Scan finished
13:14:20.0765 0x0938 ============================================================
13:14:20.0765 0x0930 Detected object count: 3
13:14:20.0765 0x0930 Actual detected object count: 3
13:17:15.0109 0x0930 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:15.0109 0x0930 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:15.0109 0x0930 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:15.0109 0x0930 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:17:15.0109 0x0930 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:17:15.0109 0x0930 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Attached Files

•  ALL LOGS.txt   508.34KB   90 downloads

[Machiavelli]

Hello,
just edit your post and posted the Logs into your thread.

Step 1: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 2: ESET

Please disable your AntiVirus before doing these steps!

• If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
• This will only work for Internet Explorer or FireFox
• Please download ESET Online Scanner from here

How to do this?

• Visit this website here
• You will see a screen like this:
  
  
  • Click Run ESET Online Scanner
    
    
  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)
    
    
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    
    
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.

[Machiavelli]

Are you still with me?

[Machiavelli]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.