Hi, All: I'm trying to clean up a friend's notebook (Dell Inspiron 910,Intel Atom, CPU [email protected] GHz, .99 GB RAM, 2002 XP Home w/SP 3) that apparently hasn't been running any cleanup or even virus protection. I was able to install/run SuperAntiSpyware that found almost 300 threats - 69 critical threats to the registry. When I try to download Malwarebytes (MB) or AVG, as soon as I click on the Google or download.com selection (Malwarebytes.org, etc), the browser closes and returns to the desktop. I've tried putting MB on a flash drive from another computer, renaming it, and installing into the notebook with no luck. Any ideas? Thanks in advance.
Malwarebytes Killer
- Thread starter jl1
- Start date
Please follow these steps, especially the steps regarding Rkill right below MalwareBytes (found in bold).
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Please download Junkware Removal Tool to your desktop.
•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
3.
Please download Malwarebytes' Anti-Malware and save it to your desktop.
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Please post the log that Malwarebytes displays on your screen.
4.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.
1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Please download Junkware Removal Tool to your desktop.
•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
3.
Please download Malwarebytes' Anti-Malware and save it to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Please post the log that Malwarebytes displays on your screen.
4.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.
1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
Voyager - I was able to download AdwCleaner and Junkware Removal on the notebook. I'll get the logs as soon as I can and send them on this uninvolved computer: when I access Computer Forum, and click on my posted thread, the browser shuts down and returns to the desktop just like when I try to download Malwarebytes. It's as though the malware/virus won't let me access anything with the word "malware". Thanks again.
What web browser is it?
Boot to safe mode with networking and see if you can post the logs then using one of the browsers. If not, then download and run this.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
In your next reply please post
The ComboFix log
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
- Download this file here :
Combofix
- When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
- Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
- We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
- Close all open Windows including this one.
- Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
- Please click on I agree on the disclaimer window.
- ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
- ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
- Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
- At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
- Please click on yes in the next window to continue scanning for malware.
- ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
- ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
- While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
- When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
- This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
- When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
- Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
In your next reply please post
The ComboFix log
Hey, JohnB - Good to hear from you again. You've pulled my fat from the fryer a couple of times before, and it is greatly appreciated. I wasn't even able to connect to computer forum on the infected machine, so I;m sending the adwcleaner logs and combofix log from a thumbdrive. First, the adwcleaner. Here you go:
# AdwCleaner v4.000 - Report created 14/10/2014 at 09:58:23
# Updated 12/10/2014 by Xplode
# Database : 2014-10-13.5
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Scan
***** [ Services ] *****
Service Found : CltMngSvc
Service Found : Viewpoint Manager Service
***** [ Files / Folders ] *****
File Found : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Misty&Steve\Application Data\Viewpoint
Folder Found : C:\Program Files\AskSearch
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Viewpoint
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\AskSA
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [] - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
-\\ Mozilla Firefox v3.5.3 (en-US)
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.date", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.lastDate", "15");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.lastMonth", "7");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.lastYear", "2009");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURL", "");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLh", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLw", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLx", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLy", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.milestone", "-1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.month", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.prevMonth", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.total", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.week", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.year", "1");
[giipvenf.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrie7&query=");
[giipvenf.default] - Line Found : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrab&query=");
*************************
AdwCleaner[R0].txt - [7310 octets] - [14/10/2014 09:58:23]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7370 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 11:57:22
# Updated 12/10/2014 by Xplode
# Database : 2014-10-13.5
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v3.5.3 (en-US)
*************************
AdwCleaner[R0].txt - [7450 octets] - [14/10/2014 09:58:23]
AdwCleaner[R1].txt - [708 octets] - [14/10/2014 11:57:22]
AdwCleaner[S0].txt - [7530 octets] - [14/10/2014 10:05:11]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [827 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 10:05:11
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : CltMngSvc
Service Deleted : Viewpoint Manager Service
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\AskSearch
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\Misty&Steve\Application Data\Viewpoint
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskSA
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
-\\ Mozilla Firefox v3.5.3 (en-US)
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.date", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.lastDate", "15");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "7");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2009");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURL", "");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLh", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLw", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLx", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLy", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.milestone", "-1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.month", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.total", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.week", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.year", "1");
[giipvenf.default] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrie7&query=");
[giipvenf.default] - Line Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrab&query=");
*************************
AdwCleaner[R0].txt - [7450 octets] - [14/10/2014 09:58:23]
AdwCleaner[S0].txt - [7390 octets] - [14/10/2014 10:05:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7450 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 12:03:52
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v3.5.3 (en-US)
*************************
AdwCleaner[R0].txt - [7450 octets] - [14/10/2014 09:58:23]
AdwCleaner[R1].txt - [906 octets] - [14/10/2014 11:57:22]
AdwCleaner[S0].txt - [7530 octets] - [14/10/2014 10:05:11]
AdwCleaner[S1].txt - [821 octets] - [14/10/2014 12:03:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [880 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 09:58:23
# Updated 12/10/2014 by Xplode
# Database : 2014-10-13.5
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Scan
***** [ Services ] *****
Service Found : CltMngSvc
Service Found : Viewpoint Manager Service
***** [ Files / Folders ] *****
File Found : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Misty&Steve\Application Data\Viewpoint
Folder Found : C:\Program Files\AskSearch
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Viewpoint
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\AskSA
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [] - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
-\\ Mozilla Firefox v3.5.3 (en-US)
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.date", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.lastDate", "15");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.lastMonth", "7");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.lastYear", "2009");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURL", "");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLh", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLw", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLx", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.mURLy", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.milestone", "-1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.month", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.prevMonth", "0");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.total", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.week", "1");
[giipvenf.default] - Line Found : user_pref("aol_toolbar.surf.year", "1");
[giipvenf.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrie7&query=");
[giipvenf.default] - Line Found : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrab&query=");
*************************
AdwCleaner[R0].txt - [7310 octets] - [14/10/2014 09:58:23]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7370 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 11:57:22
# Updated 12/10/2014 by Xplode
# Database : 2014-10-13.5
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v3.5.3 (en-US)
*************************
AdwCleaner[R0].txt - [7450 octets] - [14/10/2014 09:58:23]
AdwCleaner[R1].txt - [708 octets] - [14/10/2014 11:57:22]
AdwCleaner[S0].txt - [7530 octets] - [14/10/2014 10:05:11]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [827 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 10:05:11
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : CltMngSvc
Service Deleted : Viewpoint Manager Service
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\AskSearch
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\Misty&Steve\Application Data\Viewpoint
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskSA
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
-\\ Mozilla Firefox v3.5.3 (en-US)
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.date", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.lastDate", "15");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "7");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2009");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURL", "");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLh", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLw", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLx", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.mURLy", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.milestone", "-1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.month", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.total", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.week", "1");
[giipvenf.default] - Line Deleted : user_pref("aol_toolbar.surf.year", "1");
[giipvenf.default] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrie7&query=");
[giipvenf.default] - Line Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocationType=tb50fftrab&query=");
*************************
AdwCleaner[R0].txt - [7450 octets] - [14/10/2014 09:58:23]
AdwCleaner[S0].txt - [7390 octets] - [14/10/2014 10:05:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7450 octets] ##########
# AdwCleaner v4.000 - Report created 14/10/2014 at 12:03:52
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Misty&Steve - FERRARO
# Running from : C:\Documents and Settings\Misty&Steve\My Documents\Downloads\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v3.5.3 (en-US)
*************************
AdwCleaner[R0].txt - [7450 octets] - [14/10/2014 09:58:23]
AdwCleaner[R1].txt - [906 octets] - [14/10/2014 11:57:22]
AdwCleaner[S0].txt - [7530 octets] - [14/10/2014 10:05:11]
AdwCleaner[S1].txt - [821 octets] - [14/10/2014 12:03:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [880 octets] ##########
JohnB - Now the combofix:
ComboFix 14-10-13.01 - Misty&Steve 10/14/2014 18:14:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.568 [GMT -4:00]
Running from: D:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\192948760
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\606c0pb.jpg
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\BRHSaK2.jpg
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\lO4sRE.jpg
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\Ns1V7XRr.jpg
c:\program files\Shared\_lib.sig
c:\program files\Shared\lib.sig
c:\program files\wpp.exe
c:\windows\ateqecuzoz.dll
c:\windows\default32.dll
c:\windows\ekuyerez.dll
c:\windows\esohamirolu.dll
c:\windows\ififoxos.dll
c:\windows\isanegifo.dll
c:\windows\mowmul.dll
c:\windows\obowomewo.dll
c:\windows\oquweqoharusaney.dll
c:\windows\ozosuzuzesesu.dll
c:\windows\system32\69e91e3963468185bbec834e54bc1379.TMP
c:\windows\system32\aaacadeffdfbdbebced.dll
c:\windows\system32\f4585f3c3bf0f484a475384e79ad7cc5.TMP
c:\windows\system32\SET28.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET34.tmp
c:\windows\ukebililahacafof.dll
c:\windows\uminubililahacaf.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-09-14 to 2014-10-14 )))))))))))))))))))))))))))))))
.
.
2014-10-14 21:48 . 2014-10-14 21:48 -------- dc----w- c:\program files\Mozilla Maintenance Service
2014-10-14 21:48 . 2014-10-11 12:54 48240 -c--a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-14 21:48 . 2014-10-11 12:54 904064 -c--a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2014-10-14 14:21 . 2014-10-14 14:21 -------- dc----w- c:\windows\ERUNT
2014-10-14 13:58 . 2014-10-14 16:09 -------- dc----w- C:\AdwCleaner
2014-10-14 13:35 . 2014-10-14 13:35 -------- dc----w- C:\SUPERDelete
2014-10-14 13:26 . 2014-10-14 13:26 -------- dc----w- c:\documents and settings\Misty&Steve\Application Data\SUPERAntiSpyware.com
2014-10-13 16:21 . 2014-10-13 16:21 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2014-10-13 15:58 . 2014-10-13 15:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-10-13 15:57 . 2014-10-14 21:38 -------- dc----w- c:\program files\SUPERAntiSpyware
2014-10-13 15:57 . 2014-10-13 15:57 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-10-13 15:49 . 2014-10-13 15:49 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2014-10-13 15:48 . 2014-10-13 15:48 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\{2C543D8D-4420-4F16-B9A2-A3D172339860}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 22:05 . 2009-12-16 12:48 119312 -c--a-w- c:\program files\mozilla firefox\components\eeabdccc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 09:06 40048 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-07-13 23:58 57344 -c--a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMeter]
2008-07-11 17:15 537896 -c--a-w- c:\program files\Battery Meter\BTMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 -c--a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 19:58 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 -csh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-14 00:51 137752 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-13 23:59 16876032 -c--a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-06 20:46 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-07-14 03:02 1343488 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2010-01-14 23:08 378128 -c--a-w- c:\program files\ThreatFire\TFTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLSS]
2008-07-11 20:15 492840 -c--a-w- c:\program files\Wireless Select Switch\WLSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"sprtsvc_DellSupportCenter"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-092308-165331"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ThreatFire"=2 (0x2)
"PCTAVSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [12/17/2008 7:41 PM 9856]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/14/2010 6:45 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/14/2010 6:46 PM 59664]
R1 cfbd;cfbd;c:\windows\system32\cfbd.sys [3/8/2010 1:28 PM 74752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/17/2008 8:58 PM 93968]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/14/2010 6:46 PM 33552]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-rundll32.exe - (no file)
HKLM-Run-Thapa - c:\windows\ozosuzuzesesu.dll
MSConfigStartUp-00030125 - c:\documents and settings\All Users\Application Data\00030125\00030125.exe
MSConfigStartUp-01724156 - c:\documents and settings\All Users\Application Data\01724156\01724156.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-PCTAVApp - c:\program files\PC Tools AntiVirus\PCTAV.exe
MSConfigStartUp-SightSpeed - c:\program files\Dell Video Chat\DellVideoChat.exe
MSConfigStartUp-spoolsv - c:\windows\temp\spoolsv\spoolsv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-14 18:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(3940)
c:\windows\system32\WININET.dll
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\ieframe.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\MSVCR80.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ThreatFire\TFService.exe
.
**************************************************************************
.
Completion time: 2014-10-14 19:08:41 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-14 23:08
.
Pre-Run: 1,299,943,424 bytes free
Post-Run: 1,557,458,944 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F5256A60081454EC21458AF60259623A
CDB4DE4BBD714F152979DA2DCBEF57EB
ComboFix 14-10-13.01 - Misty&Steve 10/14/2014 18:14:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.568 [GMT -4:00]
Running from: D:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\192948760
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\606c0pb.jpg
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\BRHSaK2.jpg
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\lO4sRE.jpg
c:\documents and settings\Misty&Steve\Local Settings\Temporary Internet Files\Ns1V7XRr.jpg
c:\program files\Shared\_lib.sig
c:\program files\Shared\lib.sig
c:\program files\wpp.exe
c:\windows\ateqecuzoz.dll
c:\windows\default32.dll
c:\windows\ekuyerez.dll
c:\windows\esohamirolu.dll
c:\windows\ififoxos.dll
c:\windows\isanegifo.dll
c:\windows\mowmul.dll
c:\windows\obowomewo.dll
c:\windows\oquweqoharusaney.dll
c:\windows\ozosuzuzesesu.dll
c:\windows\system32\69e91e3963468185bbec834e54bc1379.TMP
c:\windows\system32\aaacadeffdfbdbebced.dll
c:\windows\system32\f4585f3c3bf0f484a475384e79ad7cc5.TMP
c:\windows\system32\SET28.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET34.tmp
c:\windows\ukebililahacafof.dll
c:\windows\uminubililahacaf.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-09-14 to 2014-10-14 )))))))))))))))))))))))))))))))
.
.
2014-10-14 21:48 . 2014-10-14 21:48 -------- dc----w- c:\program files\Mozilla Maintenance Service
2014-10-14 21:48 . 2014-10-11 12:54 48240 -c--a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-14 21:48 . 2014-10-11 12:54 904064 -c--a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2014-10-14 14:21 . 2014-10-14 14:21 -------- dc----w- c:\windows\ERUNT
2014-10-14 13:58 . 2014-10-14 16:09 -------- dc----w- C:\AdwCleaner
2014-10-14 13:35 . 2014-10-14 13:35 -------- dc----w- C:\SUPERDelete
2014-10-14 13:26 . 2014-10-14 13:26 -------- dc----w- c:\documents and settings\Misty&Steve\Application Data\SUPERAntiSpyware.com
2014-10-13 16:21 . 2014-10-13 16:21 -------- dcsh--w- c:\documents and settings\Administrator\PrivacIE
2014-10-13 15:58 . 2014-10-13 15:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-10-13 15:57 . 2014-10-14 21:38 -------- dc----w- c:\program files\SUPERAntiSpyware
2014-10-13 15:57 . 2014-10-13 15:57 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2014-10-13 15:49 . 2014-10-13 15:49 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2014-10-13 15:48 . 2014-10-13 15:48 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\{2C543D8D-4420-4F16-B9A2-A3D172339860}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 22:05 . 2009-12-16 12:48 119312 -c--a-w- c:\program files\mozilla firefox\components\eeabdccc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 09:06 40048 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-07-13 23:58 57344 -c--a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMeter]
2008-07-11 17:15 537896 -c--a-w- c:\program files\Battery Meter\BTMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 -c--a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 19:58 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 -csh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-14 00:51 137752 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-13 23:59 16876032 -c--a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-06 20:46 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-07-14 03:02 1343488 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2010-01-14 23:08 378128 -c--a-w- c:\program files\ThreatFire\TFTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLSS]
2008-07-11 20:15 492840 -c--a-w- c:\program files\Wireless Select Switch\WLSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"sprtsvc_DellSupportCenter"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-092308-165331"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ThreatFire"=2 (0x2)
"PCTAVSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [12/17/2008 7:41 PM 9856]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/14/2010 6:45 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/14/2010 6:46 PM 59664]
R1 cfbd;cfbd;c:\windows\system32\cfbd.sys [3/8/2010 1:28 PM 74752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/17/2008 8:58 PM 93968]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/14/2010 6:46 PM 33552]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-rundll32.exe - (no file)
HKLM-Run-Thapa - c:\windows\ozosuzuzesesu.dll
MSConfigStartUp-00030125 - c:\documents and settings\All Users\Application Data\00030125\00030125.exe
MSConfigStartUp-01724156 - c:\documents and settings\All Users\Application Data\01724156\01724156.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-PCTAVApp - c:\program files\PC Tools AntiVirus\PCTAV.exe
MSConfigStartUp-SightSpeed - c:\program files\Dell Video Chat\DellVideoChat.exe
MSConfigStartUp-spoolsv - c:\windows\temp\spoolsv\spoolsv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-14 18:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(3940)
c:\windows\system32\WININET.dll
c:\program files\ThreatFire\TfWah.dll
c:\windows\system32\ieframe.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\MSVCR80.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ThreatFire\TFService.exe
.
**************************************************************************
.
Completion time: 2014-10-14 19:08:41 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-14 23:08
.
Pre-Run: 1,299,943,424 bytes free
Post-Run: 1,557,458,944 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F5256A60081454EC21458AF60259623A
CDB4DE4BBD714F152979DA2DCBEF57EB
Hey, JohnB - I uninstalled threatfire, and ran an mbam, which showed clear, but I cannot seem to access that log. I was able to download mbam after combofix, about 1/2 hour before my last scan, and that log is below. Thanks again...
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/14/2014
Scan Time: 9:30:14 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.14.12
Rootkit Database: v2014.10.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Misty&Steve
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316191
Time Elapsed: 9 min, 10 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 5
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cfbd, , [376d2aea24588da947ab5cbafa08d12f],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\TYPELIB\{6C5BA655-5CEC-47BB-A6D3-82A4AFE7DA87}, , [d6ce0113ef8da096752bc8fe2fd3b947],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{43143878-EFED-4D03-B1F8-B8A5E5520109}, , [d6ce0113ef8da096752bc8fe2fd3b947],
Trojan.FakeAlert, HKLM\SOFTWARE\CLASSES\TYPELIB\{AE17DD77-E0F3-44DD-8CBA-1EBCE6B5ED55}, , [dfc54ec6c8b456e005a22d9f09f9b749],
Trojan.FakeAlert, HKLM\SOFTWARE\CLASSES\INTERFACE\{4CBCC4E2-073C-4109-A719-458D8CF9900E}, , [dfc54ec6c8b456e005a22d9f09f9b749],
Registry Values: 3
Rogue.Multiple, HKU\S-1-5-21-3723920411-2921579074-2619538146-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{5199201E-60B4-11DE-85CF-260556D89593}, , [851f73a11b6110260b30d4edae54eb15],
Rogue.Multiple, HKU\S-1-5-21-3723920411-2921579074-2619538146-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING|{5199201E-60B4-11DE-85CF-260556D89593}, 8195, , [851f73a11b6110260b30d4edae54eb15]
PUM.Bad.Proxy, HKU\S-1-5-21-3723920411-2921579074-2619538146-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:5577, , [6b39a86c1468cc6a6815648924df8c74]
Registry Data: 0
(No malicious items detected)
Folders: 2
Rogue.Multiple, C:\Documents and Settings\All Users\Application Data\01724156, , [faaa1bf924587eb816bb7f5aeb17c33d],
Trojan.Downloader, C:\WINDOWS\system32\drivers\down, , [386c20f4671592a46f24974dbf43857b],
Files: 6
Rootkit.Agent, C:\WINDOWS\system32\cfbd.sys, , [376d2aea24588da947ab5cbafa08d12f],
Trojan.Agent, C:\Documents and Settings\Misty&Steve\Application Data\Macromedia\Common\8ecf600419.exe, , [ccd84fc54d2fe353c75ee90524e01ae6],
Trojan.Agent, C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Common\8ecf600419.exe, , [1f8557bd700cb6807fa6f6f8848053ad],
Hijack.Sound, C:\Documents and Settings\Misty&Steve\Application Data\Macromedia\Common\8ecf60041.dll, , [5351ca4a4b31c86eb8661e617291d62a],
Rogue.Multiple, C:\Documents and Settings\All Users\Application Data\01724156\pc01724156ins, , [faaa1bf924587eb816bb7f5aeb17c33d],
Trojan.Downloader, C:\WINDOWS\system32\drivers\down\112194593.exe, , [386c20f4671592a46f24974dbf43857b],
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/14/2014
Scan Time: 9:30:14 PM
Logfile: mbam log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.14.12
Rootkit Database: v2014.10.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Misty&Steve
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316191
Time Elapsed: 9 min, 10 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 5
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cfbd, , [376d2aea24588da947ab5cbafa08d12f],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\TYPELIB\{6C5BA655-5CEC-47BB-A6D3-82A4AFE7DA87}, , [d6ce0113ef8da096752bc8fe2fd3b947],
Trojan.BHO, HKLM\SOFTWARE\CLASSES\INTERFACE\{43143878-EFED-4D03-B1F8-B8A5E5520109}, , [d6ce0113ef8da096752bc8fe2fd3b947],
Trojan.FakeAlert, HKLM\SOFTWARE\CLASSES\TYPELIB\{AE17DD77-E0F3-44DD-8CBA-1EBCE6B5ED55}, , [dfc54ec6c8b456e005a22d9f09f9b749],
Trojan.FakeAlert, HKLM\SOFTWARE\CLASSES\INTERFACE\{4CBCC4E2-073C-4109-A719-458D8CF9900E}, , [dfc54ec6c8b456e005a22d9f09f9b749],
Registry Values: 3
Rogue.Multiple, HKU\S-1-5-21-3723920411-2921579074-2619538146-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{5199201E-60B4-11DE-85CF-260556D89593}, , [851f73a11b6110260b30d4edae54eb15],
Rogue.Multiple, HKU\S-1-5-21-3723920411-2921579074-2619538146-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING|{5199201E-60B4-11DE-85CF-260556D89593}, 8195, , [851f73a11b6110260b30d4edae54eb15]
PUM.Bad.Proxy, HKU\S-1-5-21-3723920411-2921579074-2619538146-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:5577, , [6b39a86c1468cc6a6815648924df8c74]
Registry Data: 0
(No malicious items detected)
Folders: 2
Rogue.Multiple, C:\Documents and Settings\All Users\Application Data\01724156, , [faaa1bf924587eb816bb7f5aeb17c33d],
Trojan.Downloader, C:\WINDOWS\system32\drivers\down, , [386c20f4671592a46f24974dbf43857b],
Files: 6
Rootkit.Agent, C:\WINDOWS\system32\cfbd.sys, , [376d2aea24588da947ab5cbafa08d12f],
Trojan.Agent, C:\Documents and Settings\Misty&Steve\Application Data\Macromedia\Common\8ecf600419.exe, , [ccd84fc54d2fe353c75ee90524e01ae6],
Trojan.Agent, C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Common\8ecf600419.exe, , [1f8557bd700cb6807fa6f6f8848053ad],
Hijack.Sound, C:\Documents and Settings\Misty&Steve\Application Data\Macromedia\Common\8ecf60041.dll, , [5351ca4a4b31c86eb8661e617291d62a],
Rogue.Multiple, C:\Documents and Settings\All Users\Application Data\01724156\pc01724156ins, , [faaa1bf924587eb816bb7f5aeb17c33d],
Trojan.Downloader, C:\WINDOWS\system32\drivers\down\112194593.exe, , [386c20f4671592a46f24974dbf43857b],
Physical Sectors: 0
(No malicious items detected)
(end)
Run the following.
1.
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.
2.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
1.
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.
2.
Download OTL to your Desktop
•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.
JohnB - Here's the tdss and OTL logs. I ran the OTL scan the way it opened up, without any changes (e.g., file age 30 days), and again changing the file age to 360 days. I'm posting the 360 day log. Let me know if you need the other. Thanks again!
First part of tdss
16:50:08.0078 0x0720 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:50:10.0140 0x0720 ============================================================
16:50:10.0140 0x0720 Current date / time: 2014/10/15 16:50:10.0140
16:50:10.0140 0x0720 SystemInfo:
16:50:10.0140 0x0720
16:50:10.0140 0x0720 OS Version: 5.1.2600 ServicePack: 3.0
16:50:10.0140 0x0720 Product type: Workstation
16:50:10.0140 0x0720 ComputerName: FERRARO
16:50:10.0140 0x0720 UserName: Misty&Steve
16:50:10.0140 0x0720 Windows directory: C:\WINDOWS
16:50:10.0140 0x0720 System windows directory: C:\WINDOWS
16:50:10.0140 0x0720 Processor architecture: Intel x86
16:50:10.0140 0x0720 Number of processors: 2
16:50:10.0140 0x0720 Page size: 0x1000
16:50:10.0140 0x0720 Boot type: Normal boot
16:50:10.0140 0x0720 ============================================================
16:50:10.0140 0x0720 BG loaded
16:50:11.0625 0x0720 System UUID: {AFCF0BAE-C051-D5ED-0837-0CDF3E5B8912}
16:50:18.0062 0x0720 Drive \Device\Harddisk0\DR0 - Size: 0x1C9EB4000 ( 7.15 Gb ), SectorSize: 0x200, Cylinders: 0x3A6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
16:50:18.0062 0x0720 ============================================================
16:50:18.0062 0x0720 \Device\Harddisk0\DR0:
16:50:18.0078 0x0720 MBR partitions:
16:50:18.0078 0x0720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xE3B3DB
16:50:18.0078 0x0720 ============================================================
16:50:18.0078 0x0720 C: <-> \Device\Harddisk0\DR0\Partition1
16:50:18.0078 0x0720 ============================================================
16:50:18.0078 0x0720 Initialize success
16:50:18.0078 0x0720 ============================================================
16:51:06.0546 0x0d94 ============================================================
16:51:06.0546 0x0d94 Scan started
16:51:06.0546 0x0d94 Mode: Manual; SigCheck; TDLFS;
16:51:06.0546 0x0d94 ============================================================
16:51:06.0546 0x0d94 KSN ping started
16:51:29.0968 0x0d94 KSN ping finished: true
16:51:30.0484 0x0d94 ================ Scan system memory ========================
16:51:30.0484 0x0d94 System memory - ok
16:51:30.0484 0x0d94 ================ Scan services =============================
16:51:30.0515 0x0d94 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:51:30.0765 0x0d94 !SASCORE - ok
16:51:30.0843 0x0d94 Abiosdsk - ok
16:51:30.0859 0x0d94 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:51:33.0156 0x0d94 abp480n5 - ok
16:51:33.0203 0x0d94 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:51:33.0484 0x0d94 ACPI - ok
16:51:33.0500 0x0d94 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:51:33.0718 0x0d94 ACPIEC - ok
16:51:33.0750 0x0d94 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:51:33.0968 0x0d94 adpu160m - ok
16:51:34.0000 0x0d94 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:51:34.0234 0x0d94 aec - ok
16:51:34.0250 0x0d94 [ 7E775010EF291DA96AD17CA4B17137D7, E2B746D5839715432FA073378149545D51C8BEFF8621411E0FF184DE8AA83414 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:51:34.0296 0x0d94 AFD - ok
16:51:34.0312 0x0d94 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:51:34.0921 0x0d94 agp440 - ok
16:51:34.0937 0x0d94 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:51:35.0171 0x0d94 agpCPQ - ok
16:51:35.0187 0x0d94 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:51:35.0296 0x0d94 Aha154x - ok
16:51:35.0312 0x0d94 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:51:35.0531 0x0d94 aic78u2 - ok
16:51:35.0546 0x0d94 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:51:35.0859 0x0d94 aic78xx - ok
16:51:35.0875 0x0d94 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:51:36.0093 0x0d94 Alerter - ok
16:51:36.0109 0x0d94 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
16:51:36.0218 0x0d94 ALG - ok
16:51:36.0218 0x0d94 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:51:36.0453 0x0d94 AliIde - ok
16:51:36.0468 0x0d94 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:51:36.0875 0x0d94 alim1541 - ok
16:51:36.0890 0x0d94 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:51:37.0125 0x0d94 amdagp - ok
16:51:37.0140 0x0d94 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:51:37.0234 0x0d94 amsint - ok
16:51:37.0250 0x0d94 AppMgmt - ok
16:51:37.0265 0x0d94 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:51:37.0500 0x0d94 asc - ok
16:51:37.0500 0x0d94 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:51:37.0718 0x0d94 asc3350p - ok
16:51:37.0828 0x0d94 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:51:38.0062 0x0d94 asc3550 - ok
16:51:38.0093 0x0d94 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:51:38.0109 0x0d94 aspnet_state - ok
16:51:38.0125 0x0d94 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
16:51:38.0234 0x0d94 aswHwid - ok
16:51:38.0250 0x0d94 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:51:38.0281 0x0d94 aswMonFlt - ok
16:51:38.0296 0x0d94 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
16:51:38.0312 0x0d94 aswRdr - ok
16:51:38.0328 0x0d94 [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
16:51:38.0359 0x0d94 aswRvrt - ok
16:51:38.0421 0x0d94 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:51:39.0046 0x0d94 aswSnx - ok
16:51:39.0125 0x0d94 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:51:39.0203 0x0d94 aswSP - ok
16:51:39.0218 0x0d94 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:51:39.0234 0x0d94 aswTdi - ok
16:51:39.0265 0x0d94 [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
16:51:39.0296 0x0d94 aswVmm - ok
16:51:39.0312 0x0d94 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:51:39.0546 0x0d94 AsyncMac - ok
16:51:39.0703 0x0d94 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:51:39.0968 0x0d94 atapi - ok
16:51:39.0968 0x0d94 Atdisk - ok
16:51:40.0031 0x0d94 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:51:40.0265 0x0d94 Atmarpc - ok
16:51:40.0281 0x0d94 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:51:40.0515 0x0d94 AudioSrv - ok
16:51:40.0531 0x0d94 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:51:40.0750 0x0d94 audstub - ok
16:51:40.0765 0x0d94 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:51:40.0796 0x0d94 avast! Antivirus - ok
16:51:40.0921 0x0d94 [ 9208C78BD9283F79A30252AD954C77A2, B3632642D1780109A2AE42D35CF45E52C6A4422A30673107464B3969CC6225B7 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:51:41.0296 0x0d94 BCM43XX - ok
16:51:41.0312 0x0d94 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:51:41.0796 0x0d94 Beep - ok
16:51:41.0843 0x0d94 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
16:51:42.0187 0x0d94 BITS - ok
16:51:42.0203 0x0d94 [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser C:\WINDOWS\System32\browser.dll
16:51:42.0453 0x0d94 Browser - ok
16:51:42.0453 0x0d94 catchme - ok
16:51:42.0468 0x0d94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:51:42.0921 0x0d94 cbidf - ok
16:51:42.0937 0x0d94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:51:43.0171 0x0d94 cbidf2k - ok
16:51:43.0187 0x0d94 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:51:43.0296 0x0d94 cd20xrnt - ok
16:51:43.0312 0x0d94 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:51:43.0906 0x0d94 Cdaudio - ok
16:51:43.0921 0x0d94 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:51:44.0234 0x0d94 Cdfs - ok
16:51:44.0250 0x0d94 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:51:44.0484 0x0d94 Cdrom - ok
16:51:44.0500 0x0d94 Changer - ok
16:51:44.0500 0x0d94 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:51:44.0750 0x0d94 CiSvc - ok
16:51:44.0765 0x0d94 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:51:45.0125 0x0d94 ClipSrv - ok
16:51:45.0140 0x0d94 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:45.0171 0x0d94 clr_optimization_v2.0.50727_32 - ok
16:51:45.0171 0x0d94 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:51:45.0406 0x0d94 CmBatt - ok
16:51:45.0421 0x0d94 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:51:45.0921 0x0d94 CmdIde - ok
16:51:45.0937 0x0d94 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:51:46.0171 0x0d94 Compbatt - ok
16:51:46.0187 0x0d94 COMSysApp - ok
16:51:46.0203 0x0d94 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:51:46.0468 0x0d94 Cpqarray - ok
16:51:46.0484 0x0d94 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:51:46.0718 0x0d94 CryptSvc - ok
16:51:46.0843 0x0d94 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:51:47.0093 0x0d94 dac2w2k - ok
16:51:47.0093 0x0d94 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:51:47.0328 0x0d94 dac960nt - ok
16:51:47.0375 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:51:47.0687 0x0d94 DcomLaunch - ok
16:51:47.0703 0x0d94 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:51:47.0937 0x0d94 Dhcp - ok
16:51:47.0953 0x0d94 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:51:48.0187 0x0d94 Disk - ok
16:51:48.0203 0x0d94 dmadmin - ok
16:51:48.0265 0x0d94 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:51:48.0718 0x0d94 dmboot - ok
16:51:48.0859 0x0d94 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:51:49.0109 0x0d94 dmio - ok
16:51:49.0125 0x0d94 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:51:49.0343 0x0d94 dmload - ok
16:51:49.0359 0x0d94 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
16:51:49.0812 0x0d94 dmserver - ok
16:51:49.0828 0x0d94 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:51:50.0046 0x0d94 DMusic - ok
16:51:50.0062 0x0d94 [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:51:50.0296 0x0d94 Dnscache - ok
16:51:50.0312 0x0d94 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:51:50.0546 0x0d94 Dot3svc - ok
16:51:50.0718 0x0d94 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:51:50.0937 0x0d94 dpti2o - ok
16:51:50.0953 0x0d94 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:51:51.0171 0x0d94 drmkaud - ok
16:51:51.0187 0x0d94 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:51:51.0406 0x0d94 EapHost - ok
16:51:51.0421 0x0d94 [ 553CFF6CF3622DE0D7FEFDEBE72A6395, 009D92AE081A581478BA6FEC8244B04671D18AD2C0D7D6EBED689F1F88BE7202 ] EMSC C:\WINDOWS\system32\DRIVERS\EMSC.SYS
16:51:51.0453 0x0d94 EMSC - ok
16:51:51.0468 0x0d94 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:51:51.0781 0x0d94 ERSvc - ok
16:51:51.0796 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
16:51:51.0843 0x0d94 Eventlog - ok
16:51:51.0875 0x0d94 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
16:51:51.0937 0x0d94 EventSystem - ok
16:51:51.0953 0x0d94 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:51:52.0187 0x0d94 Fastfat - ok
16:51:52.0218 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:51:52.0453 0x0d94 FastUserSwitchingCompatibility - ok
16:51:52.0453 0x0d94 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:51:52.0937 0x0d94 Fdc - ok
16:51:52.0937 0x0d94 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:51:53.0171 0x0d94 Fips - ok
16:51:53.0171 0x0d94 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:51:53.0390 0x0d94 Flpydisk - ok
16:51:53.0406 0x0d94 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:51:53.0718 0x0d94 FltMgr - ok
16:51:53.0734 0x0d94 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:53.0765 0x0d94 FontCache3.0.0.0 - ok
16:51:53.0765 0x0d94 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:51:53.0984 0x0d94 Fs_Rec - ok
16:51:54.0000 0x0d94 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:51:54.0234 0x0d94 Ftdisk - ok
16:51:54.0250 0x0d94 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:51:54.0453 0x0d94 Gpc - ok
16:51:54.0484 0x0d94 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:51:54.0703 0x0d94 HDAudBus - ok
16:51:54.0718 0x0d94 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:51:54.0937 0x0d94 helpsvc - ok
16:51:54.0953 0x0d94 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:51:55.0156 0x0d94 HidServ - ok
16:51:55.0312 0x0d94 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:51:55.0515 0x0d94 hidusb - ok
16:51:55.0656 0x0d94 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:51:55.0875 0x0d94 hkmsvc - ok
16:51:55.0875 0x0d94 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:51:56.0093 0x0d94 hpn - ok
16:51:56.0125 0x0d94 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:51:56.0171 0x0d94 HTTP - ok
16:51:56.0187 0x0d94 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:51:56.0421 0x0d94 HTTPFilter - ok
16:51:56.0437 0x0d94 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:51:56.0640 0x0d94 i2omgmt - ok
16:51:56.0656 0x0d94 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:51:56.0859 0x0d94 i2omp - ok
16:51:56.0875 0x0d94 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:51:57.0078 0x0d94 i8042prt - ok
16:51:57.0437 0x0d94 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:51:58.0281 0x0d94 ialm - ok
16:51:58.0328 0x0d94 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:51:58.0359 0x0d94 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
16:52:01.0343 0x0d94 Detect skipped due to KSN trusted
16:52:01.0343 0x0d94 IDriverT - ok
16:52:01.0484 0x0d94 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:52:01.0703 0x0d94 idsvc - ok
16:52:01.0718 0x0d94 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:52:01.0921 0x0d94 Imapi - ok
16:52:01.0953 0x0d94 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
16:52:02.0171 0x0d94 ImapiService - ok
16:52:02.0187 0x0d94 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:52:02.0390 0x0d94 ini910u - ok
16:52:02.0875 0x0d94 [ 41BB402C2ADE27B32439BB765864AB3B, E109226D113F78D25DCD331B15B886AA6276EF8CD041E685A72C61BBA7374EB6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:52:05.0015 0x0d94 IntcAzAudAddService - ok
16:52:05.0046 0x0d94 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:52:05.0250 0x0d94 IntelIde - ok
16:52:05.0265 0x0d94 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:52:05.0468 0x0d94 intelppm - ok
16:52:05.0500 0x0d94 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:52:05.0734 0x0d94 Ip6Fw - ok
16:52:05.0750 0x0d94 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:52:05.0953 0x0d94 IpFilterDriver - ok
16:52:05.0968 0x0d94 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:52:06.0171 0x0d94 IpInIp - ok
16:52:06.0203 0x0d94 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:52:06.0421 0x0d94 IpNat - ok
16:52:06.0437 0x0d94 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:52:06.0718 0x0d94 IPSec - ok
16:52:06.0734 0x0d94 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:52:06.0843 0x0d94 IRENUM - ok
16:52:06.0859 0x0d94 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:52:07.0062 0x0d94 isapnp - ok
16:52:07.0093 0x0d94 [ 32192B4EBE8720ED8D49A455C962CB91, 00EEFA0E6FCF329DE0A9D98F1231A9F23D059A4CF41460F7728C3DD0CD1746C4 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:52:07.0125 0x0d94 JavaQuickStarterService - ok
16:52:07.0140 0x0d94 [ FA4A5B32CAE6074205B26971191EFEE4, 86A097D3E27A9F7D532155FE6BE2D056B72B29C6CCEE046D6471875B08745453 ] JMCR C:\WINDOWS\system32\DRIVERS\jmcr.sys
16:52:07.0203 0x0d94 JMCR - ok
16:52:07.0203 0x0d94 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:52:07.0421 0x0d94 Kbdclass - ok
16:52:07.0437 0x0d94 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:52:07.0656 0x0d94 kbdhid - ok
16:52:07.0687 0x0d94 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:52:07.0906 0x0d94 kmixer - ok
16:52:07.0921 0x0d94 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:52:07.0968 0x0d94 KSecDD - ok
16:52:07.0984 0x0d94 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:52:08.0031 0x0d94 LanmanServer - ok
16:52:08.0062 0x0d94 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:52:08.0109 0x0d94 lanmanworkstation - ok
16:52:08.0125 0x0d94 lbrtfdc - ok
16:52:08.0140 0x0d94 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:52:08.0359 0x0d94 LmHosts - ok
16:52:08.0375 0x0d94 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:52:08.0796 0x0d94 Messenger - ok
16:52:08.0796 0x0d94 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:52:09.0000 0x0d94 mnmdd - ok
16:52:09.0015 0x0d94 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:52:09.0250 0x0d94 mnmsrvc - ok
16:52:09.0265 0x0d94 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:52:09.0468 0x0d94 Modem - ok
16:52:09.0484 0x0d94 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:52:09.0718 0x0d94 Mouclass - ok
16:52:09.0734 0x0d94 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:52:09.0937 0x0d94 mouhid - ok
16:52:09.0953 0x0d94 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:52:10.0171 0x0d94 MountMgr - ok
16:52:10.0187 0x0d94 [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:52:10.0218 0x0d94 MozillaMaintenance - ok
16:52:10.0234 0x0d94 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:52:10.0453 0x0d94 mraid35x - ok
16:52:10.0468 0x0d94 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:52:10.0703 0x0d94 MRxDAV - ok
16:52:10.0750 0x0d94 [ F3AEFB11ABC521122B67095044169E98, A9FF6C9256FC1F08338F179FF7434AE064B5B6828F16AC8B5C8F362872E3078B ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:52:11.0031 0x0d94 MRxSmb - ok
16:52:11.0062 0x0d94 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:52:11.0281 0x0d94 MSDTC - ok
16:52:11.0296 0x0d94 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:52:11.0531 0x0d94 Msfs - ok
16:52:11.0546 0x0d94 MSIServer - ok
16:52:11.0546 0x0d94 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:52:11.0765 0x0d94 MSKSSRV - ok
16:52:11.0765 0x0d94 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:52:11.0984 0x0d94 MSPCLOCK - ok
16:52:11.0984 0x0d94 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:52:12.0187 0x0d94 MSPQM - ok
16:52:12.0203 0x0d94 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:52:12.0406 0x0d94 mssmbios - ok
16:52:12.0421 0x0d94 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:52:12.0640 0x0d94 Mup - ok
16:52:12.0671 0x0d94 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:52:12.0921 0x0d94 napagent - ok
16:52:12.0953 0x0d94 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:52:13.0187 0x0d94 NDIS - ok
16:52:13.0203 0x0d94 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:52:13.0406 0x0d94 NdisTapi - ok
16:52:13.0406 0x0d94 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:52:13.0609 0x0d94 Ndisuio - ok
16:52:13.0640 0x0d94 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:52:13.0843 0x0d94 NdisWan - ok
16:52:13.0859 0x0d94 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:52:13.0906 0x0d94 NDProxy - ok
16:52:13.0906 0x0d94 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:52:14.0109 0x0d94 NetBIOS - ok
16:52:14.0140 0x0d94 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:52:14.0359 0x0d94 NetBT - ok
16:52:14.0375 0x0d94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
16:52:14.0718 0x0d94 NetDDE - ok
16:52:14.0734 0x0d94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:52:14.0968 0x0d94 NetDDEdsdm - ok
16:52:14.0984 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:52:15.0187 0x0d94 Netlogon - ok
16:52:15.0218 0x0d94 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
16:52:15.0437 0x0d94 Netman - ok
16:52:15.0468 0x0d94 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:15.0500 0x0d94 NetTcpPortSharing - ok
16:52:15.0531 0x0d94 [ 832E4DD8964AB7ACC880B2837CB1ED20, 9774411C6B66C3199348A7FDF448971CEBFFC18D45C11354DBC615AA8FEBF6F0 ] Nla C:\WINDOWS\System32\mswsock.dll
16:52:15.0593 0x0d94 Nla - ok
16:52:15.0593 0x0d94 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:52:15.0812 0x0d94 Npfs - ok
16:52:15.0875 0x0d94 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:52:16.0156 0x0d94 Ntfs - ok
16:52:16.0171 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:52:16.0375 0x0d94 NtLmSsp - ok
16:52:16.0421 0x0d94 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:52:16.0906 0x0d94 NtmsSvc - ok
16:52:16.0921 0x0d94 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
16:52:17.0125 0x0d94 Null - ok
16:52:17.0125 0x0d94 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:52:17.0328 0x0d94 NwlnkFlt - ok
16:52:17.0343 0x0d94 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:52:17.0546 0x0d94 NwlnkFwd - ok
16:52:17.0562 0x0d94 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:52:17.0781 0x0d94 Parport - ok
16:52:17.0796 0x0d94 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:52:18.0000 0x0d94 PartMgr - ok
16:52:18.0015 0x0d94 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:52:18.0203 0x0d94 ParVdm - ok
16:52:18.0234 0x0d94 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:52:18.0437 0x0d94 PCI - ok
16:52:18.0453 0x0d94 PCIDump - ok
16:52:18.0453 0x0d94 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:52:18.0656 0x0d94 PCIIde - ok
16:52:18.0671 0x0d94 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:52:18.0906 0x0d94 Pcmcia - ok
16:52:18.0906 0x0d94 PDCOMP - ok
16:52:18.0921 0x0d94 PDFRAME - ok
16:52:18.0937 0x0d94 PDRELI - ok
16:52:18.0937 0x0d94 PDRFRAME - ok
16:52:18.0953 0x0d94 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:52:19.0156 0x0d94 perc2 - ok
16:52:19.0171 0x0d94 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:52:19.0375 0x0d94 perc2hib - ok
16:52:19.0406 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
16:52:19.0453 0x0d94 PlugPlay - ok
16:52:19.0468 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:52:19.0671 0x0d94 PolicyAgent - ok
16:52:19.0687 0x0d94 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:52:19.0906 0x0d94 PptpMiniport - ok
16:52:19.0921 0x0d94 [ 36C46561FDC566FD4943216ABA090343, 89D7AA3B784AC07E7F4229A5BABAA8B5CCEA9E88CFF7C646354F6D46762F0D3F ] PROCEXP113 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
16:52:19.0937 0x0d94 PROCEXP113 - detected UnsignedFile.Multi.Generic ( 1 )
16:52:22.0921 0x0d94 Detect skipped due to KSN trusted
16:52:22.0921 0x0d94 PROCEXP113 - ok
16:52:22.0937 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:52:23.0218 0x0d94 ProtectedStorage - ok
16:52:23.0234 0x0d94 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:52:23.0453 0x0d94 PSched - ok
16:52:23.0453 0x0d94 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:52:23.0656 0x0d94 Ptilink - ok
16:52:23.0671 0x0d94 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:52:23.0906 0x0d94 ql1080 - ok
16:52:23.0906 0x0d94 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:52:24.0125 0x0d94 Ql10wnt - ok
16:52:24.0140 0x0d94 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:52:24.0343 0x0d94 ql12160 - ok
16:52:24.0359 0x0d94 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:52:24.0562 0x0d94 ql1240 - ok
16:52:24.0734 0x0d94 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:52:24.0937 0x0d94 ql1280 - ok
16:52:24.0953 0x0d94 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:52:26.0250 0x0d94 RasAcd - ok
16:52:26.0281 0x0d94 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:52:26.0546 0x0d94 RasAuto - ok
16:52:26.0562 0x0d94 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:52:26.0765 0x0d94 Rasl2tp - ok
16:52:26.0781 0x0d94 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:52:27.0015 0x0d94 RasMan - ok
16:52:27.0015 0x0d94 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:52:27.0234 0x0d94 RasPppoe - ok
16:52:27.0250 0x0d94 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:52:27.0453 0x0d94 Raspti - ok
16:52:27.0468 0x0d94 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:52:27.0734 0x0d94 Rdbss - ok
16:52:27.0734 0x0d94 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:52:27.0937 0x0d94 RDPCDD - ok
16:52:27.0968 0x0d94 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:52:28.0203 0x0d94 rdpdr - ok
16:52:28.0234 0x0d94 [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:52:28.0437 0x0d94 RDPWD - ok
16:52:28.0468 0x0d94 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:52:28.0687 0x0d94 RDSessMgr - ok
16:52:28.0703 0x0d94 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:52:28.0906 0x0d94 redbook - ok
16:52:28.0921 0x0d94 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:52:29.0140 0x0d94 RemoteAccess - ok
16:52:29.0171 0x0d94 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
16:52:29.0390 0x0d94 RpcLocator - ok
16:52:29.0421 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:52:29.0734 0x0d94 RpcSs - ok
16:52:29.0750 0x0d94 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:52:29.0984 0x0d94 RSVP - ok
16:52:30.0000 0x0d94 [ 79B4FE884C18DD82D5449F6B6026D092, 434D2D39D20279B566B7C7E5367034DF981B2C8F5F16B0BF94360CE7B6BA0ADC ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:52:30.0078 0x0d94 RTLE8023xp - ok
16:52:30.0093 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
16:52:30.0312 0x0d94 SamSs - ok
16:52:30.0328 0x0d94 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:52:30.0343 0x0d94 SASDIFSV - ok
16:52:30.0359 0x0d94 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:52:30.0375 0x0d94 SASKUTIL - ok
16:52:30.0390 0x0d94 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:52:30.0875 0x0d94 SCardSvr - ok
16:52:30.0890 0x0d94 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:52:31.0125 0x0d94 Schedule - ok
16:52:31.0140 0x0d94 [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:52:31.0406 0x0d94 sdbus - ok
16:52:31.0421 0x0d94 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:52:31.0515 0x0d94 Secdrv - ok
16:52:31.0656 0x0d94 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:52:31.0859 0x0d94 seclogon - ok
16:52:31.0875 0x0d94 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
16:52:32.0093 0x0d94 SENS - ok
16:52:32.0109 0x0d94 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:52:32.0312 0x0d94 Serial - ok
16:52:32.0343 0x0d94 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:52:32.0609 0x0d94 Sfloppy - ok
16:52:32.0640 0x0d94 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:52:32.0890 0x0d94 SharedAccess - ok
16:52:32.0906 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:52:33.0140 0x0d94 ShellHWDetection - ok
16:52:33.0140 0x0d94 Simbad - ok
16:52:33.0156 0x0d94 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:52:33.0375 0x0d94 sisagp - ok
16:52:33.0390 0x0d94 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:52:33.0484 0x0d94 Sparrow - ok
16:52:33.0500 0x0d94 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:52:33.0718 0x0d94 splitter - ok
16:52:33.0734 0x0d94 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:52:33.0781 0x0d94 Spooler - ok
16:52:33.0812 0x0d94 [ 777115C9CC675BD98127660712D2F784, F9873482BEB148E6798643820DF1ECDEE2642C3793EE27E94FF2D6B9E4CEB2D4 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
16:52:33.0843 0x0d94 sprtsvc_DellSupportCenter - ok
16:52:33.0859 0x0d94 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:52:33.0968 0x0d94 sr - ok
16:52:33.0984 0x0d94 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
16:52:34.0109 0x0d94 srservice - ok
16:52:34.0156 0x0d94 [ 0F6AEFAD3641A657E18081F52D0C15AF, 00513F28BB5D85BCC3B124BD157EAE32C6010541B6A7B69572993BCEC8E720DA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:52:34.0406 0x0d94 Srv - ok
16:52:34.0421 0x0d94 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:52:34.0562 0x0d94 SSDPSRV - ok
16:52:34.0593 0x0d94 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:52:35.0062 0x0d94 stisvc - ok
16:52:35.0062 0x0d94 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:52:35.0281 0x0d94 swenum - ok
16:52:35.0296 0x0d94 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:52:35.0500 0x0d94 swmidi - ok
16:52:35.0515 0x0d94 SwPrv - ok
16:52:35.0531 0x0d94 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:52:35.0734 0x0d94 symc810 - ok
16:52:35.0750 0x0d94 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:52:35.0953 0x0d94 symc8xx - ok
16:52:35.0968 0x0d94 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:52:36.0156 0x0d94 sym_hi - ok
16:52:36.0171 0x0d94 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:52:36.0390 0x0d94 sym_u3 - ok
16:52:36.0421 0x0d94 [ 64A8508B82A62BF661670884D1FD0E13, 099BCEAD9532BB592AFEC8A79E34E3B3AA0A43C20E6060792884817C2AA46482 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:52:36.0468 0x0d94 SynTP - ok
16:52:36.0484 0x0d94 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ]
First part of tdss
16:50:08.0078 0x0720 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:50:10.0140 0x0720 ============================================================
16:50:10.0140 0x0720 Current date / time: 2014/10/15 16:50:10.0140
16:50:10.0140 0x0720 SystemInfo:
16:50:10.0140 0x0720
16:50:10.0140 0x0720 OS Version: 5.1.2600 ServicePack: 3.0
16:50:10.0140 0x0720 Product type: Workstation
16:50:10.0140 0x0720 ComputerName: FERRARO
16:50:10.0140 0x0720 UserName: Misty&Steve
16:50:10.0140 0x0720 Windows directory: C:\WINDOWS
16:50:10.0140 0x0720 System windows directory: C:\WINDOWS
16:50:10.0140 0x0720 Processor architecture: Intel x86
16:50:10.0140 0x0720 Number of processors: 2
16:50:10.0140 0x0720 Page size: 0x1000
16:50:10.0140 0x0720 Boot type: Normal boot
16:50:10.0140 0x0720 ============================================================
16:50:10.0140 0x0720 BG loaded
16:50:11.0625 0x0720 System UUID: {AFCF0BAE-C051-D5ED-0837-0CDF3E5B8912}
16:50:18.0062 0x0720 Drive \Device\Harddisk0\DR0 - Size: 0x1C9EB4000 ( 7.15 Gb ), SectorSize: 0x200, Cylinders: 0x3A6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
16:50:18.0062 0x0720 ============================================================
16:50:18.0062 0x0720 \Device\Harddisk0\DR0:
16:50:18.0078 0x0720 MBR partitions:
16:50:18.0078 0x0720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xE3B3DB
16:50:18.0078 0x0720 ============================================================
16:50:18.0078 0x0720 C: <-> \Device\Harddisk0\DR0\Partition1
16:50:18.0078 0x0720 ============================================================
16:50:18.0078 0x0720 Initialize success
16:50:18.0078 0x0720 ============================================================
16:51:06.0546 0x0d94 ============================================================
16:51:06.0546 0x0d94 Scan started
16:51:06.0546 0x0d94 Mode: Manual; SigCheck; TDLFS;
16:51:06.0546 0x0d94 ============================================================
16:51:06.0546 0x0d94 KSN ping started
16:51:29.0968 0x0d94 KSN ping finished: true
16:51:30.0484 0x0d94 ================ Scan system memory ========================
16:51:30.0484 0x0d94 System memory - ok
16:51:30.0484 0x0d94 ================ Scan services =============================
16:51:30.0515 0x0d94 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:51:30.0765 0x0d94 !SASCORE - ok
16:51:30.0843 0x0d94 Abiosdsk - ok
16:51:30.0859 0x0d94 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:51:33.0156 0x0d94 abp480n5 - ok
16:51:33.0203 0x0d94 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:51:33.0484 0x0d94 ACPI - ok
16:51:33.0500 0x0d94 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:51:33.0718 0x0d94 ACPIEC - ok
16:51:33.0750 0x0d94 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:51:33.0968 0x0d94 adpu160m - ok
16:51:34.0000 0x0d94 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:51:34.0234 0x0d94 aec - ok
16:51:34.0250 0x0d94 [ 7E775010EF291DA96AD17CA4B17137D7, E2B746D5839715432FA073378149545D51C8BEFF8621411E0FF184DE8AA83414 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:51:34.0296 0x0d94 AFD - ok
16:51:34.0312 0x0d94 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:51:34.0921 0x0d94 agp440 - ok
16:51:34.0937 0x0d94 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:51:35.0171 0x0d94 agpCPQ - ok
16:51:35.0187 0x0d94 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:51:35.0296 0x0d94 Aha154x - ok
16:51:35.0312 0x0d94 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:51:35.0531 0x0d94 aic78u2 - ok
16:51:35.0546 0x0d94 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:51:35.0859 0x0d94 aic78xx - ok
16:51:35.0875 0x0d94 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:51:36.0093 0x0d94 Alerter - ok
16:51:36.0109 0x0d94 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
16:51:36.0218 0x0d94 ALG - ok
16:51:36.0218 0x0d94 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:51:36.0453 0x0d94 AliIde - ok
16:51:36.0468 0x0d94 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:51:36.0875 0x0d94 alim1541 - ok
16:51:36.0890 0x0d94 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:51:37.0125 0x0d94 amdagp - ok
16:51:37.0140 0x0d94 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:51:37.0234 0x0d94 amsint - ok
16:51:37.0250 0x0d94 AppMgmt - ok
16:51:37.0265 0x0d94 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:51:37.0500 0x0d94 asc - ok
16:51:37.0500 0x0d94 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:51:37.0718 0x0d94 asc3350p - ok
16:51:37.0828 0x0d94 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:51:38.0062 0x0d94 asc3550 - ok
16:51:38.0093 0x0d94 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:51:38.0109 0x0d94 aspnet_state - ok
16:51:38.0125 0x0d94 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
16:51:38.0234 0x0d94 aswHwid - ok
16:51:38.0250 0x0d94 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:51:38.0281 0x0d94 aswMonFlt - ok
16:51:38.0296 0x0d94 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
16:51:38.0312 0x0d94 aswRdr - ok
16:51:38.0328 0x0d94 [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
16:51:38.0359 0x0d94 aswRvrt - ok
16:51:38.0421 0x0d94 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
16:51:39.0046 0x0d94 aswSnx - ok
16:51:39.0125 0x0d94 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
16:51:39.0203 0x0d94 aswSP - ok
16:51:39.0218 0x0d94 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
16:51:39.0234 0x0d94 aswTdi - ok
16:51:39.0265 0x0d94 [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
16:51:39.0296 0x0d94 aswVmm - ok
16:51:39.0312 0x0d94 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:51:39.0546 0x0d94 AsyncMac - ok
16:51:39.0703 0x0d94 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:51:39.0968 0x0d94 atapi - ok
16:51:39.0968 0x0d94 Atdisk - ok
16:51:40.0031 0x0d94 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:51:40.0265 0x0d94 Atmarpc - ok
16:51:40.0281 0x0d94 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:51:40.0515 0x0d94 AudioSrv - ok
16:51:40.0531 0x0d94 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:51:40.0750 0x0d94 audstub - ok
16:51:40.0765 0x0d94 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:51:40.0796 0x0d94 avast! Antivirus - ok
16:51:40.0921 0x0d94 [ 9208C78BD9283F79A30252AD954C77A2, B3632642D1780109A2AE42D35CF45E52C6A4422A30673107464B3969CC6225B7 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:51:41.0296 0x0d94 BCM43XX - ok
16:51:41.0312 0x0d94 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:51:41.0796 0x0d94 Beep - ok
16:51:41.0843 0x0d94 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
16:51:42.0187 0x0d94 BITS - ok
16:51:42.0203 0x0d94 [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser C:\WINDOWS\System32\browser.dll
16:51:42.0453 0x0d94 Browser - ok
16:51:42.0453 0x0d94 catchme - ok
16:51:42.0468 0x0d94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:51:42.0921 0x0d94 cbidf - ok
16:51:42.0937 0x0d94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:51:43.0171 0x0d94 cbidf2k - ok
16:51:43.0187 0x0d94 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:51:43.0296 0x0d94 cd20xrnt - ok
16:51:43.0312 0x0d94 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:51:43.0906 0x0d94 Cdaudio - ok
16:51:43.0921 0x0d94 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:51:44.0234 0x0d94 Cdfs - ok
16:51:44.0250 0x0d94 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:51:44.0484 0x0d94 Cdrom - ok
16:51:44.0500 0x0d94 Changer - ok
16:51:44.0500 0x0d94 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:51:44.0750 0x0d94 CiSvc - ok
16:51:44.0765 0x0d94 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:51:45.0125 0x0d94 ClipSrv - ok
16:51:45.0140 0x0d94 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:45.0171 0x0d94 clr_optimization_v2.0.50727_32 - ok
16:51:45.0171 0x0d94 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:51:45.0406 0x0d94 CmBatt - ok
16:51:45.0421 0x0d94 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:51:45.0921 0x0d94 CmdIde - ok
16:51:45.0937 0x0d94 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:51:46.0171 0x0d94 Compbatt - ok
16:51:46.0187 0x0d94 COMSysApp - ok
16:51:46.0203 0x0d94 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:51:46.0468 0x0d94 Cpqarray - ok
16:51:46.0484 0x0d94 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:51:46.0718 0x0d94 CryptSvc - ok
16:51:46.0843 0x0d94 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:51:47.0093 0x0d94 dac2w2k - ok
16:51:47.0093 0x0d94 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:51:47.0328 0x0d94 dac960nt - ok
16:51:47.0375 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:51:47.0687 0x0d94 DcomLaunch - ok
16:51:47.0703 0x0d94 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:51:47.0937 0x0d94 Dhcp - ok
16:51:47.0953 0x0d94 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:51:48.0187 0x0d94 Disk - ok
16:51:48.0203 0x0d94 dmadmin - ok
16:51:48.0265 0x0d94 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:51:48.0718 0x0d94 dmboot - ok
16:51:48.0859 0x0d94 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:51:49.0109 0x0d94 dmio - ok
16:51:49.0125 0x0d94 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:51:49.0343 0x0d94 dmload - ok
16:51:49.0359 0x0d94 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
16:51:49.0812 0x0d94 dmserver - ok
16:51:49.0828 0x0d94 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:51:50.0046 0x0d94 DMusic - ok
16:51:50.0062 0x0d94 [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:51:50.0296 0x0d94 Dnscache - ok
16:51:50.0312 0x0d94 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:51:50.0546 0x0d94 Dot3svc - ok
16:51:50.0718 0x0d94 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:51:50.0937 0x0d94 dpti2o - ok
16:51:50.0953 0x0d94 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:51:51.0171 0x0d94 drmkaud - ok
16:51:51.0187 0x0d94 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:51:51.0406 0x0d94 EapHost - ok
16:51:51.0421 0x0d94 [ 553CFF6CF3622DE0D7FEFDEBE72A6395, 009D92AE081A581478BA6FEC8244B04671D18AD2C0D7D6EBED689F1F88BE7202 ] EMSC C:\WINDOWS\system32\DRIVERS\EMSC.SYS
16:51:51.0453 0x0d94 EMSC - ok
16:51:51.0468 0x0d94 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:51:51.0781 0x0d94 ERSvc - ok
16:51:51.0796 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
16:51:51.0843 0x0d94 Eventlog - ok
16:51:51.0875 0x0d94 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
16:51:51.0937 0x0d94 EventSystem - ok
16:51:51.0953 0x0d94 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:51:52.0187 0x0d94 Fastfat - ok
16:51:52.0218 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:51:52.0453 0x0d94 FastUserSwitchingCompatibility - ok
16:51:52.0453 0x0d94 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:51:52.0937 0x0d94 Fdc - ok
16:51:52.0937 0x0d94 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:51:53.0171 0x0d94 Fips - ok
16:51:53.0171 0x0d94 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:51:53.0390 0x0d94 Flpydisk - ok
16:51:53.0406 0x0d94 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:51:53.0718 0x0d94 FltMgr - ok
16:51:53.0734 0x0d94 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:53.0765 0x0d94 FontCache3.0.0.0 - ok
16:51:53.0765 0x0d94 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:51:53.0984 0x0d94 Fs_Rec - ok
16:51:54.0000 0x0d94 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:51:54.0234 0x0d94 Ftdisk - ok
16:51:54.0250 0x0d94 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:51:54.0453 0x0d94 Gpc - ok
16:51:54.0484 0x0d94 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:51:54.0703 0x0d94 HDAudBus - ok
16:51:54.0718 0x0d94 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:51:54.0937 0x0d94 helpsvc - ok
16:51:54.0953 0x0d94 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:51:55.0156 0x0d94 HidServ - ok
16:51:55.0312 0x0d94 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:51:55.0515 0x0d94 hidusb - ok
16:51:55.0656 0x0d94 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:51:55.0875 0x0d94 hkmsvc - ok
16:51:55.0875 0x0d94 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:51:56.0093 0x0d94 hpn - ok
16:51:56.0125 0x0d94 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:51:56.0171 0x0d94 HTTP - ok
16:51:56.0187 0x0d94 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:51:56.0421 0x0d94 HTTPFilter - ok
16:51:56.0437 0x0d94 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:51:56.0640 0x0d94 i2omgmt - ok
16:51:56.0656 0x0d94 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:51:56.0859 0x0d94 i2omp - ok
16:51:56.0875 0x0d94 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:51:57.0078 0x0d94 i8042prt - ok
16:51:57.0437 0x0d94 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:51:58.0281 0x0d94 ialm - ok
16:51:58.0328 0x0d94 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:51:58.0359 0x0d94 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
16:52:01.0343 0x0d94 Detect skipped due to KSN trusted
16:52:01.0343 0x0d94 IDriverT - ok
16:52:01.0484 0x0d94 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:52:01.0703 0x0d94 idsvc - ok
16:52:01.0718 0x0d94 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:52:01.0921 0x0d94 Imapi - ok
16:52:01.0953 0x0d94 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
16:52:02.0171 0x0d94 ImapiService - ok
16:52:02.0187 0x0d94 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:52:02.0390 0x0d94 ini910u - ok
16:52:02.0875 0x0d94 [ 41BB402C2ADE27B32439BB765864AB3B, E109226D113F78D25DCD331B15B886AA6276EF8CD041E685A72C61BBA7374EB6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:52:05.0015 0x0d94 IntcAzAudAddService - ok
16:52:05.0046 0x0d94 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:52:05.0250 0x0d94 IntelIde - ok
16:52:05.0265 0x0d94 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:52:05.0468 0x0d94 intelppm - ok
16:52:05.0500 0x0d94 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:52:05.0734 0x0d94 Ip6Fw - ok
16:52:05.0750 0x0d94 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:52:05.0953 0x0d94 IpFilterDriver - ok
16:52:05.0968 0x0d94 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:52:06.0171 0x0d94 IpInIp - ok
16:52:06.0203 0x0d94 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:52:06.0421 0x0d94 IpNat - ok
16:52:06.0437 0x0d94 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:52:06.0718 0x0d94 IPSec - ok
16:52:06.0734 0x0d94 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:52:06.0843 0x0d94 IRENUM - ok
16:52:06.0859 0x0d94 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:52:07.0062 0x0d94 isapnp - ok
16:52:07.0093 0x0d94 [ 32192B4EBE8720ED8D49A455C962CB91, 00EEFA0E6FCF329DE0A9D98F1231A9F23D059A4CF41460F7728C3DD0CD1746C4 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:52:07.0125 0x0d94 JavaQuickStarterService - ok
16:52:07.0140 0x0d94 [ FA4A5B32CAE6074205B26971191EFEE4, 86A097D3E27A9F7D532155FE6BE2D056B72B29C6CCEE046D6471875B08745453 ] JMCR C:\WINDOWS\system32\DRIVERS\jmcr.sys
16:52:07.0203 0x0d94 JMCR - ok
16:52:07.0203 0x0d94 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:52:07.0421 0x0d94 Kbdclass - ok
16:52:07.0437 0x0d94 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:52:07.0656 0x0d94 kbdhid - ok
16:52:07.0687 0x0d94 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:52:07.0906 0x0d94 kmixer - ok
16:52:07.0921 0x0d94 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:52:07.0968 0x0d94 KSecDD - ok
16:52:07.0984 0x0d94 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:52:08.0031 0x0d94 LanmanServer - ok
16:52:08.0062 0x0d94 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:52:08.0109 0x0d94 lanmanworkstation - ok
16:52:08.0125 0x0d94 lbrtfdc - ok
16:52:08.0140 0x0d94 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:52:08.0359 0x0d94 LmHosts - ok
16:52:08.0375 0x0d94 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:52:08.0796 0x0d94 Messenger - ok
16:52:08.0796 0x0d94 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:52:09.0000 0x0d94 mnmdd - ok
16:52:09.0015 0x0d94 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:52:09.0250 0x0d94 mnmsrvc - ok
16:52:09.0265 0x0d94 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:52:09.0468 0x0d94 Modem - ok
16:52:09.0484 0x0d94 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:52:09.0718 0x0d94 Mouclass - ok
16:52:09.0734 0x0d94 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:52:09.0937 0x0d94 mouhid - ok
16:52:09.0953 0x0d94 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:52:10.0171 0x0d94 MountMgr - ok
16:52:10.0187 0x0d94 [ 6ACCF2E8210880D7005C608AFDB5301C, D00122C928C5818A24E6C11183F79C253CFB6576AD54DC92AEEFC630ABBDE655 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:52:10.0218 0x0d94 MozillaMaintenance - ok
16:52:10.0234 0x0d94 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:52:10.0453 0x0d94 mraid35x - ok
16:52:10.0468 0x0d94 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:52:10.0703 0x0d94 MRxDAV - ok
16:52:10.0750 0x0d94 [ F3AEFB11ABC521122B67095044169E98, A9FF6C9256FC1F08338F179FF7434AE064B5B6828F16AC8B5C8F362872E3078B ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:52:11.0031 0x0d94 MRxSmb - ok
16:52:11.0062 0x0d94 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:52:11.0281 0x0d94 MSDTC - ok
16:52:11.0296 0x0d94 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:52:11.0531 0x0d94 Msfs - ok
16:52:11.0546 0x0d94 MSIServer - ok
16:52:11.0546 0x0d94 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:52:11.0765 0x0d94 MSKSSRV - ok
16:52:11.0765 0x0d94 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:52:11.0984 0x0d94 MSPCLOCK - ok
16:52:11.0984 0x0d94 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:52:12.0187 0x0d94 MSPQM - ok
16:52:12.0203 0x0d94 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:52:12.0406 0x0d94 mssmbios - ok
16:52:12.0421 0x0d94 [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:52:12.0640 0x0d94 Mup - ok
16:52:12.0671 0x0d94 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:52:12.0921 0x0d94 napagent - ok
16:52:12.0953 0x0d94 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:52:13.0187 0x0d94 NDIS - ok
16:52:13.0203 0x0d94 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:52:13.0406 0x0d94 NdisTapi - ok
16:52:13.0406 0x0d94 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:52:13.0609 0x0d94 Ndisuio - ok
16:52:13.0640 0x0d94 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:52:13.0843 0x0d94 NdisWan - ok
16:52:13.0859 0x0d94 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:52:13.0906 0x0d94 NDProxy - ok
16:52:13.0906 0x0d94 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:52:14.0109 0x0d94 NetBIOS - ok
16:52:14.0140 0x0d94 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:52:14.0359 0x0d94 NetBT - ok
16:52:14.0375 0x0d94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
16:52:14.0718 0x0d94 NetDDE - ok
16:52:14.0734 0x0d94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:52:14.0968 0x0d94 NetDDEdsdm - ok
16:52:14.0984 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:52:15.0187 0x0d94 Netlogon - ok
16:52:15.0218 0x0d94 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
16:52:15.0437 0x0d94 Netman - ok
16:52:15.0468 0x0d94 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:15.0500 0x0d94 NetTcpPortSharing - ok
16:52:15.0531 0x0d94 [ 832E4DD8964AB7ACC880B2837CB1ED20, 9774411C6B66C3199348A7FDF448971CEBFFC18D45C11354DBC615AA8FEBF6F0 ] Nla C:\WINDOWS\System32\mswsock.dll
16:52:15.0593 0x0d94 Nla - ok
16:52:15.0593 0x0d94 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:52:15.0812 0x0d94 Npfs - ok
16:52:15.0875 0x0d94 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:52:16.0156 0x0d94 Ntfs - ok
16:52:16.0171 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:52:16.0375 0x0d94 NtLmSsp - ok
16:52:16.0421 0x0d94 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:52:16.0906 0x0d94 NtmsSvc - ok
16:52:16.0921 0x0d94 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
16:52:17.0125 0x0d94 Null - ok
16:52:17.0125 0x0d94 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:52:17.0328 0x0d94 NwlnkFlt - ok
16:52:17.0343 0x0d94 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:52:17.0546 0x0d94 NwlnkFwd - ok
16:52:17.0562 0x0d94 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:52:17.0781 0x0d94 Parport - ok
16:52:17.0796 0x0d94 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:52:18.0000 0x0d94 PartMgr - ok
16:52:18.0015 0x0d94 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:52:18.0203 0x0d94 ParVdm - ok
16:52:18.0234 0x0d94 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:52:18.0437 0x0d94 PCI - ok
16:52:18.0453 0x0d94 PCIDump - ok
16:52:18.0453 0x0d94 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:52:18.0656 0x0d94 PCIIde - ok
16:52:18.0671 0x0d94 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:52:18.0906 0x0d94 Pcmcia - ok
16:52:18.0906 0x0d94 PDCOMP - ok
16:52:18.0921 0x0d94 PDFRAME - ok
16:52:18.0937 0x0d94 PDRELI - ok
16:52:18.0937 0x0d94 PDRFRAME - ok
16:52:18.0953 0x0d94 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:52:19.0156 0x0d94 perc2 - ok
16:52:19.0171 0x0d94 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:52:19.0375 0x0d94 perc2hib - ok
16:52:19.0406 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
16:52:19.0453 0x0d94 PlugPlay - ok
16:52:19.0468 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:52:19.0671 0x0d94 PolicyAgent - ok
16:52:19.0687 0x0d94 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:52:19.0906 0x0d94 PptpMiniport - ok
16:52:19.0921 0x0d94 [ 36C46561FDC566FD4943216ABA090343, 89D7AA3B784AC07E7F4229A5BABAA8B5CCEA9E88CFF7C646354F6D46762F0D3F ] PROCEXP113 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
16:52:19.0937 0x0d94 PROCEXP113 - detected UnsignedFile.Multi.Generic ( 1 )
16:52:22.0921 0x0d94 Detect skipped due to KSN trusted
16:52:22.0921 0x0d94 PROCEXP113 - ok
16:52:22.0937 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:52:23.0218 0x0d94 ProtectedStorage - ok
16:52:23.0234 0x0d94 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:52:23.0453 0x0d94 PSched - ok
16:52:23.0453 0x0d94 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:52:23.0656 0x0d94 Ptilink - ok
16:52:23.0671 0x0d94 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:52:23.0906 0x0d94 ql1080 - ok
16:52:23.0906 0x0d94 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:52:24.0125 0x0d94 Ql10wnt - ok
16:52:24.0140 0x0d94 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:52:24.0343 0x0d94 ql12160 - ok
16:52:24.0359 0x0d94 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:52:24.0562 0x0d94 ql1240 - ok
16:52:24.0734 0x0d94 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:52:24.0937 0x0d94 ql1280 - ok
16:52:24.0953 0x0d94 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:52:26.0250 0x0d94 RasAcd - ok
16:52:26.0281 0x0d94 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:52:26.0546 0x0d94 RasAuto - ok
16:52:26.0562 0x0d94 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:52:26.0765 0x0d94 Rasl2tp - ok
16:52:26.0781 0x0d94 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:52:27.0015 0x0d94 RasMan - ok
16:52:27.0015 0x0d94 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:52:27.0234 0x0d94 RasPppoe - ok
16:52:27.0250 0x0d94 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:52:27.0453 0x0d94 Raspti - ok
16:52:27.0468 0x0d94 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:52:27.0734 0x0d94 Rdbss - ok
16:52:27.0734 0x0d94 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:52:27.0937 0x0d94 RDPCDD - ok
16:52:27.0968 0x0d94 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:52:28.0203 0x0d94 rdpdr - ok
16:52:28.0234 0x0d94 [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:52:28.0437 0x0d94 RDPWD - ok
16:52:28.0468 0x0d94 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:52:28.0687 0x0d94 RDSessMgr - ok
16:52:28.0703 0x0d94 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:52:28.0906 0x0d94 redbook - ok
16:52:28.0921 0x0d94 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:52:29.0140 0x0d94 RemoteAccess - ok
16:52:29.0171 0x0d94 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
16:52:29.0390 0x0d94 RpcLocator - ok
16:52:29.0421 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:52:29.0734 0x0d94 RpcSs - ok
16:52:29.0750 0x0d94 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:52:29.0984 0x0d94 RSVP - ok
16:52:30.0000 0x0d94 [ 79B4FE884C18DD82D5449F6B6026D092, 434D2D39D20279B566B7C7E5367034DF981B2C8F5F16B0BF94360CE7B6BA0ADC ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:52:30.0078 0x0d94 RTLE8023xp - ok
16:52:30.0093 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
16:52:30.0312 0x0d94 SamSs - ok
16:52:30.0328 0x0d94 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:52:30.0343 0x0d94 SASDIFSV - ok
16:52:30.0359 0x0d94 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:52:30.0375 0x0d94 SASKUTIL - ok
16:52:30.0390 0x0d94 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:52:30.0875 0x0d94 SCardSvr - ok
16:52:30.0890 0x0d94 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:52:31.0125 0x0d94 Schedule - ok
16:52:31.0140 0x0d94 [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:52:31.0406 0x0d94 sdbus - ok
16:52:31.0421 0x0d94 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:52:31.0515 0x0d94 Secdrv - ok
16:52:31.0656 0x0d94 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:52:31.0859 0x0d94 seclogon - ok
16:52:31.0875 0x0d94 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
16:52:32.0093 0x0d94 SENS - ok
16:52:32.0109 0x0d94 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:52:32.0312 0x0d94 Serial - ok
16:52:32.0343 0x0d94 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:52:32.0609 0x0d94 Sfloppy - ok
16:52:32.0640 0x0d94 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:52:32.0890 0x0d94 SharedAccess - ok
16:52:32.0906 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:52:33.0140 0x0d94 ShellHWDetection - ok
16:52:33.0140 0x0d94 Simbad - ok
16:52:33.0156 0x0d94 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:52:33.0375 0x0d94 sisagp - ok
16:52:33.0390 0x0d94 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:52:33.0484 0x0d94 Sparrow - ok
16:52:33.0500 0x0d94 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:52:33.0718 0x0d94 splitter - ok
16:52:33.0734 0x0d94 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:52:33.0781 0x0d94 Spooler - ok
16:52:33.0812 0x0d94 [ 777115C9CC675BD98127660712D2F784, F9873482BEB148E6798643820DF1ECDEE2642C3793EE27E94FF2D6B9E4CEB2D4 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
16:52:33.0843 0x0d94 sprtsvc_DellSupportCenter - ok
16:52:33.0859 0x0d94 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:52:33.0968 0x0d94 sr - ok
16:52:33.0984 0x0d94 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
16:52:34.0109 0x0d94 srservice - ok
16:52:34.0156 0x0d94 [ 0F6AEFAD3641A657E18081F52D0C15AF, 00513F28BB5D85BCC3B124BD157EAE32C6010541B6A7B69572993BCEC8E720DA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:52:34.0406 0x0d94 Srv - ok
16:52:34.0421 0x0d94 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:52:34.0562 0x0d94 SSDPSRV - ok
16:52:34.0593 0x0d94 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:52:35.0062 0x0d94 stisvc - ok
16:52:35.0062 0x0d94 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:52:35.0281 0x0d94 swenum - ok
16:52:35.0296 0x0d94 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:52:35.0500 0x0d94 swmidi - ok
16:52:35.0515 0x0d94 SwPrv - ok
16:52:35.0531 0x0d94 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:52:35.0734 0x0d94 symc810 - ok
16:52:35.0750 0x0d94 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:52:35.0953 0x0d94 symc8xx - ok
16:52:35.0968 0x0d94 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:52:36.0156 0x0d94 sym_hi - ok
16:52:36.0171 0x0d94 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:52:36.0390 0x0d94 sym_u3 - ok
16:52:36.0421 0x0d94 [ 64A8508B82A62BF661670884D1FD0E13, 099BCEAD9532BB592AFEC8A79E34E3B3AA0A43C20E6060792884817C2AA46482 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:52:36.0468 0x0d94 SynTP - ok
16:52:36.0484 0x0d94 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ]
MWB Killer
Second part of TDSS
sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:52:36.0703 0x0d94 sysaudio - ok
16:52:36.0718 0x0d94 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:52:36.0937 0x0d94 SysmonLog - ok
16:52:36.0968 0x0d94 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:52:37.0187 0x0d94 TapiSrv - ok
16:52:37.0234 0x0d94 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:52:37.0328 0x0d94 Tcpip - ok
16:52:37.0328 0x0d94 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:52:37.0546 0x0d94 TDPIPE - ok
16:52:37.0562 0x0d94 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:52:37.0765 0x0d94 TDTCP - ok
16:52:37.0781 0x0d94 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:52:37.0984 0x0d94 TermDD - ok
16:52:38.0015 0x0d94 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
16:52:38.0250 0x0d94 TermService - ok
16:52:38.0265 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:52:38.0500 0x0d94 Themes - ok
16:52:38.0515 0x0d94 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:52:38.0718 0x0d94 TosIde - ok
16:52:38.0734 0x0d94 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:52:38.0953 0x0d94 TrkWks - ok
16:52:38.0968 0x0d94 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:52:39.0187 0x0d94 Udfs - ok
16:52:39.0203 0x0d94 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:52:39.0296 0x0d94 ultra - ok
16:52:39.0343 0x0d94 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:52:39.0734 0x0d94 Update - ok
16:52:39.0750 0x0d94 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
16:52:39.0890 0x0d94 upnphost - ok
16:52:39.0906 0x0d94 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
16:52:40.0109 0x0d94 UPS - ok
16:52:40.0125 0x0d94 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:52:40.0343 0x0d94 usbccgp - ok
16:52:40.0359 0x0d94 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:52:40.0718 0x0d94 usbehci - ok
16:52:40.0734 0x0d94 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:52:40.0937 0x0d94 usbhub - ok
16:52:40.0953 0x0d94 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:52:41.0171 0x0d94 usbscan - ok
16:52:41.0187 0x0d94 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:52:41.0390 0x0d94 USBSTOR - ok
16:52:41.0406 0x0d94 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:52:41.0656 0x0d94 usbuhci - ok
16:52:41.0656 0x0d94 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:52:41.0859 0x0d94 VgaSave - ok
16:52:41.0875 0x0d94 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:52:42.0078 0x0d94 viaagp - ok
16:52:42.0093 0x0d94 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:52:42.0296 0x0d94 ViaIde - ok
16:52:42.0312 0x0d94 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:52:42.0609 0x0d94 VolSnap - ok
16:52:42.0640 0x0d94 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
16:52:42.0781 0x0d94 VSS - ok
16:52:42.0796 0x0d94 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll
16:52:43.0031 0x0d94 w32time - ok
16:52:43.0046 0x0d94 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:52:43.0250 0x0d94 Wanarp - ok
16:52:43.0296 0x0d94 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:52:43.0765 0x0d94 Wdf01000 - ok
16:52:43.0765 0x0d94 WDICA - ok
16:52:43.0796 0x0d94 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:52:44.0000 0x0d94 wdmaud - ok
16:52:44.0015 0x0d94 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
16:52:44.0234 0x0d94 WebClient - ok
16:52:44.0265 0x0d94 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:52:44.0468 0x0d94 winmgmt - ok
16:52:44.0500 0x0d94 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:52:44.0562 0x0d94 WmdmPmSN - ok
16:52:44.0578 0x0d94 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:52:44.0796 0x0d94 WmiApSrv - ok
16:52:44.0875 0x0d94 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:52:45.0140 0x0d94 WMPNetworkSvc - ok
16:52:45.0156 0x0d94 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:52:45.0375 0x0d94 WS2IFSL - ok
16:52:45.0390 0x0d94 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:52:45.0734 0x0d94 wscsvc - ok
16:52:45.0750 0x0d94 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:52:45.0968 0x0d94 wuauserv - ok
16:52:45.0984 0x0d94 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:52:46.0015 0x0d94 WudfPf - ok
16:52:46.0031 0x0d94 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:52:46.0078 0x0d94 WudfRd - ok
16:52:46.0093 0x0d94 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:52:46.0140 0x0d94 WudfSvc - ok
16:52:46.0187 0x0d94 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:52:47.0203 0x0d94 WZCSVC - ok
16:52:47.0234 0x0d94 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:52:47.0468 0x0d94 xmlprov - ok
16:52:47.0468 0x0d94 ================ Scan global ===============================
16:52:47.0484 0x0d94 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:52:47.0515 0x0d94 [ 42B5427FAC23BF6F1F31E466B7FEB084, 84B8297D82CBD0A38CDC15BC00E691BC849DECFE5A2184816FDD49C63C350059 ] C:\WINDOWS\system32\winsrv.dll
16:52:47.0593 0x0d94 [ 42B5427FAC23BF6F1F31E466B7FEB084, 84B8297D82CBD0A38CDC15BC00E691BC849DECFE5A2184816FDD49C63C350059 ] C:\WINDOWS\system32\winsrv.dll
16:52:47.0640 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:52:47.0656 0x0d94 [ Global ] - ok
16:52:47.0656 0x0d94 ================ Scan MBR ==================================
16:52:47.0671 0x0d94 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
16:52:47.0828 0x0d94 \Device\Harddisk0\DR0 - ok
16:52:47.0828 0x0d94 ================ Scan VBR ==================================
16:52:47.0828 0x0d94 [ CD2E87F8E0AD5605F3BFDDA37850CD2D ] \Device\Harddisk0\DR0\Partition1
16:52:47.0843 0x0d94 \Device\Harddisk0\DR0\Partition1 - ok
16:52:47.0843 0x0d94 ================ Scan active images ========================
16:52:47.0843 0x0d94 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] C:\WINDOWS\system32\drivers\intelppm.sys
16:52:47.0843 0x0d94 C:\WINDOWS\system32\drivers\intelppm.sys - ok
16:52:47.0859 0x0d94 [ DED98A3E466251CCAB93D579144B048C, 62F84856F9BEB7FE254E776B010A76EBD1F0F6B592A6D619366EFA972E2A33A8 ] C:\WINDOWS\system32\drivers\wdfldr.sys
16:52:47.0859 0x0d94 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
16:52:47.0859 0x0d94 [ 553CFF6CF3622DE0D7FEFDEBE72A6395, 009D92AE081A581478BA6FEC8244B04671D18AD2C0D7D6EBED689F1F88BE7202 ] C:\WINDOWS\system32\drivers\EMSC.sys
16:52:47.0859 0x0d94 C:\WINDOWS\system32\drivers\EMSC.sys - ok
16:52:47.0875 0x0d94 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] C:\WINDOWS\system32\drivers\wdf01000.sys
16:52:47.0875 0x0d94 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
16:52:47.0875 0x0d94 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
16:52:47.0875 0x0d94 C:\WINDOWS\system32\drivers\videoprt.sys - ok
16:52:47.0890 0x0d94 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
16:52:47.0890 0x0d94 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
16:52:47.0890 0x0d94 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] C:\WINDOWS\system32\drivers\hdaudbus.sys
16:52:47.0890 0x0d94 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
16:52:47.0906 0x0d94 [ 76C465F570E90C28942D52CCB2580A10, 6C19806C00CE1178044845C1DD02562FF2FA0552AAA284115D7F151676BA52FC ] C:\WINDOWS\system32\drivers\scsiport.sys
16:52:47.0906 0x0d94 C:\WINDOWS\system32\drivers\scsiport.sys - ok
16:52:47.0921 0x0d94 [ FA4A5B32CAE6074205B26971191EFEE4, 86A097D3E27A9F7D532155FE6BE2D056B72B29C6CCEE046D6471875B08745453 ] C:\WINDOWS\system32\drivers\jmcr.sys
16:52:47.0921 0x0d94 C:\WINDOWS\system32\drivers\jmcr.sys - ok
16:52:47.0921 0x0d94 [ 9208C78BD9283F79A30252AD954C77A2, B3632642D1780109A2AE42D35CF45E52C6A4422A30673107464B3969CC6225B7 ] C:\WINDOWS\system32\drivers\BCMWL5.SYS
16:52:47.0921 0x0d94 C:\WINDOWS\system32\drivers\BCMWL5.SYS - ok
16:52:47.0937 0x0d94 [ 79B4FE884C18DD82D5449F6B6026D092, 434D2D39D20279B566B7C7E5367034DF981B2C8F5F16B0BF94360CE7B6BA0ADC ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
16:52:47.0937 0x0d94 C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
16:52:47.0937 0x0d94 [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] C:\WINDOWS\system32\drivers\usbport.sys
16:52:47.0937 0x0d94 C:\WINDOWS\system32\drivers\usbport.sys - ok
16:52:47.0953 0x0d94 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] C:\WINDOWS\system32\drivers\usbuhci.sys
16:52:47.0953 0x0d94 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
16:52:47.0953 0x0d94 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] C:\WINDOWS\system32\drivers\CmBatt.sys
16:52:47.0953 0x0d94 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
16:52:47.0968 0x0d94 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] C:\WINDOWS\system32\drivers\usbehci.sys
16:52:47.0968 0x0d94 C:\WINDOWS\system32\drivers\usbehci.sys - ok
16:52:47.0984 0x0d94 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
16:52:47.0984 0x0d94 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
16:52:47.0984 0x0d94 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
16:52:47.0984 0x0d94 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
16:52:48.0000 0x0d94 [ 64A8508B82A62BF661670884D1FD0E13, 099BCEAD9532BB592AFEC8A79E34E3B3AA0A43C20E6060792884817C2AA46482 ] C:\WINDOWS\system32\drivers\SynTP.sys
16:52:48.0000 0x0d94 C:\WINDOWS\system32\drivers\SynTP.sys - ok
16:52:48.0000 0x0d94 [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] C:\WINDOWS\system32\drivers\usbd.sys
16:52:48.0000 0x0d94 C:\WINDOWS\system32\drivers\usbd.sys - ok
16:52:48.0015 0x0d94 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
16:52:48.0015 0x0d94 C:\WINDOWS\system32\drivers\mouclass.sys - ok
16:52:48.0015 0x0d94 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
16:52:48.0015 0x0d94 C:\WINDOWS\system32\drivers\audstub.sys - ok
16:52:48.0031 0x0d94 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] C:\WINDOWS\system32\drivers\rasl2tp.sys
16:52:48.0031 0x0d94 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
16:52:48.0031 0x0d94 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] C:\WINDOWS\system32\drivers\ndistapi.sys
16:52:48.0031 0x0d94 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
16:52:48.0046 0x0d94 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] C:\WINDOWS\system32\drivers\ndiswan.sys
16:52:48.0046 0x0d94 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
16:52:48.0062 0x0d94 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] C:\WINDOWS\system32\drivers\raspppoe.sys
16:52:48.0062 0x0d94 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
16:52:48.0062 0x0d94 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] C:\WINDOWS\system32\drivers\psched.sys
16:52:48.0062 0x0d94 C:\WINDOWS\system32\drivers\psched.sys - ok
16:52:48.0078 0x0d94 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] C:\WINDOWS\system32\drivers\raspptp.sys
16:52:48.0078 0x0d94 C:\WINDOWS\system32\drivers\raspptp.sys - ok
16:52:48.0078 0x0d94 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] C:\WINDOWS\system32\drivers\tdi.sys
16:52:48.0078 0x0d94 C:\WINDOWS\system32\drivers\tdi.sys - ok
16:52:48.0093 0x0d94 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] C:\WINDOWS\system32\drivers\msgpc.sys
16:52:48.0093 0x0d94 C:\WINDOWS\system32\drivers\msgpc.sys - ok
16:52:48.0093 0x0d94 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
16:52:48.0093 0x0d94 C:\WINDOWS\system32\drivers\ptilink.sys - ok
16:52:48.0109 0x0d94 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
16:52:48.0109 0x0d94 C:\WINDOWS\system32\drivers\raspti.sys - ok
16:52:48.0125 0x0d94 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
16:52:48.0125 0x0d94 C:\WINDOWS\system32\drivers\termdd.sys - ok
16:52:48.0125 0x0d94 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
16:52:48.0125 0x0d94 C:\WINDOWS\system32\drivers\ks.sys - ok
16:52:48.0140 0x0d94 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
16:52:48.0140 0x0d94 C:\WINDOWS\system32\drivers\swenum.sys - ok
16:52:48.0140 0x0d94 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
16:52:48.0140 0x0d94 C:\WINDOWS\system32\drivers\update.sys - ok
16:52:48.0156 0x0d94 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
16:52:48.0156 0x0d94 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
16:52:48.0156 0x0d94 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] C:\WINDOWS\system32\drivers\ndproxy.sys
16:52:48.0156 0x0d94 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
16:52:48.0171 0x0d94 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
16:52:48.0171 0x0d94 C:\WINDOWS\system32\drivers\usbhub.sys - ok
16:52:48.0187 0x0d94 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] C:\WINDOWS\system32\drivers\drmk.sys
16:52:48.0187 0x0d94 C:\WINDOWS\system32\drivers\drmk.sys - ok
16:52:48.0187 0x0d94 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] C:\WINDOWS\system32\drivers\portcls.sys
16:52:48.0187 0x0d94 C:\WINDOWS\system32\drivers\portcls.sys - ok
16:52:48.0203 0x0d94 [ 41BB402C2ADE27B32439BB765864AB3B, E109226D113F78D25DCD331B15B886AA6276EF8CD041E685A72C61BBA7374EB6 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:52:48.0203 0x0d94 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
16:52:48.0203 0x0d94 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
16:52:48.0203 0x0d94 C:\WINDOWS\system32\drivers\fdc.sys - ok
16:52:48.0218 0x0d94 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
16:52:48.0218 0x0d94 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
16:52:48.0234 0x0d94 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
16:52:48.0234 0x0d94 C:\WINDOWS\system32\drivers\cdrom.sys - ok
16:52:48.0234 0x0d94 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] C:\WINDOWS\system32\drivers\i2omgmt.sys
16:52:48.0234 0x0d94 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
16:52:48.0250 0x0d94 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
16:52:48.0250 0x0d94 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
16:52:48.0250 0x0d94 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] C:\WINDOWS\system32\drivers\aswsp.sys
16:52:48.0250 0x0d94 C:\WINDOWS\system32\drivers\aswsp.sys - ok
16:52:48.0265 0x0d94 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
16:52:48.0265 0x0d94 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
16:52:48.0265 0x0d94 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
16:52:48.0265 0x0d94 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
16:52:48.0281 0x0d94 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
16:52:48.0281 0x0d94 C:\WINDOWS\system32\drivers\null.sys - ok
16:52:48.0281 0x0d94 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
16:52:48.0281 0x0d94 C:\WINDOWS\system32\drivers\beep.sys - ok
16:52:48.0296 0x0d94 [ 96ECCF28FDBF1B2CC12725818A63628D, 0F25069EE8A44B6F4B18F82F384D404CC1776A2AFC5032D9ED19CE36FF2A61DC ] C:\WINDOWS\system32\drivers\hidparse.sys
16:52:48.0296 0x0d94 C:\WINDOWS\system32\drivers\hidparse.sys - ok
16:52:48.0312 0x0d94 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] C:\WINDOWS\system32\drivers\kbdhid.sys
16:52:48.0312 0x0d94 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
16:52:48.0312 0x0d94 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
16:52:48.0312 0x0d94 C:\WINDOWS\system32\drivers\vga.sys - ok
16:52:48.0328 0x0d94 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
16:52:48.0328 0x0d94 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
16:52:48.0328 0x0d94 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
16:52:48.0328 0x0d94 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
16:52:48.0343 0x0d94 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
16:52:48.0343 0x0d94 C:\WINDOWS\system32\drivers\msfs.sys - ok
16:52:48.0343 0x0d94 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
16:52:48.0343 0x0d94 C:\WINDOWS\system32\drivers\npfs.sys - ok
16:52:48.0359 0x0d94 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
16:52:48.0359 0x0d94 C:\WINDOWS\system32\drivers\rasacd.sys - ok
16:52:48.0375 0x0d94 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] C:\WINDOWS\system32\drivers\ipsec.sys
16:52:48.0375 0x0d94 C:\WINDOWS\system32\drivers\ipsec.sys - ok
16:52:48.0375 0x0d94 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] C:\WINDOWS\system32\drivers\tcpip.sys
16:52:48.0375 0x0d94 C:\WINDOWS\system32\drivers\tcpip.sys - ok
16:52:48.0390 0x0d94 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] C:\WINDOWS\system32\drivers\ipnat.sys
16:52:48.0390 0x0d94 C:\WINDOWS\system32\drivers\ipnat.sys - ok
16:52:48.0390 0x0d94 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] C:\WINDOWS\system32\drivers\aswTdi.sys
16:52:48.0390 0x0d94 C:\WINDOWS\system32\drivers\aswTdi.sys - ok
16:52:48.0406 0x0d94 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] C:\WINDOWS\system32\drivers\netbt.sys
16:52:48.0406 0x0d94 C:\WINDOWS\system32\drivers\netbt.sys - ok
16:52:48.0406 0x0d94 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] C:\WINDOWS\system32\drivers\aswRdr.sys
16:52:48.0406 0x0d94 C:\WINDOWS\system32\drivers\aswRdr.sys - ok
16:52:48.0421 0x0d94 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
16:52:48.0421 0x0d94 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
16:52:48.0437 0x0d94 [ 7E775010EF291DA96AD17CA4B17137D7, E2B746D5839715432FA073378149545D51C8BEFF8621411E0FF184DE8AA83414 ] C:\WINDOWS\system32\drivers\afd.sys
16:52:48.0437 0x0d94 C:\WINDOWS\system32\drivers\afd.sys - ok
16:52:48.0437 0x0d94 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] C:\WINDOWS\system32\drivers\netbios.sys
16:52:48.0437 0x0d94 C:\WINDOWS\system32\drivers\netbios.sys - ok
16:52:48.0453 0x0d94 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
16:52:48.0453 0x0d94 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok
16:52:48.0453 0x0d94 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:52:48.0453 0x0d94 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
16:52:48.0468 0x0d94 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
16:52:48.0468 0x0d94 C:\WINDOWS\system32\drivers\redbook.sys - ok
16:52:48.0468 0x0d94 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] C:\WINDOWS\system32\drivers\rdbss.sys
16:52:48.0468 0x0d94 C:\WINDOWS\system32\drivers\rdbss.sys - ok
16:52:48.0484 0x0d94 [ F3AEFB11ABC521122B67095044169E98, A9FF6C9256FC1F08338F179FF7434AE064B5B6828F16AC8B5C8F362872E3078B ] C:\WINDOWS\system32\drivers\mrxsmb.sys
16:52:48.0484 0x0d94 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
16:52:48.0500 0x0d94 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
16:52:48.0500 0x0d94 C:\WINDOWS\system32\drivers\imapi.sys - ok
16:52:48.0500 0x0d94 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] C:\WINDOWS\system32\drivers\fips.sys
16:52:48.0500 0x0d94 C:\WINDOWS\system32\drivers\fips.sys - ok
16:52:48.0515 0x0d94 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] C:\WINDOWS\system32\drivers\aswSnx.sys
16:52:48.0515 0x0d94 C:\WINDOWS\system32\drivers\aswSnx.sys - ok
16:52:48.0515 0x0d94 [ 911DDF2E16761643A47225F654D811E5, 09BD981EAEBCCE6AFF0F17596CEBDD19A48955C268349E25FD1AAB73838A1940 ] C:\WINDOWS\system32\ntdll.dll
16:52:48.0515 0x0d94 C:\WINDOWS\system32\ntdll.dll - ok
16:52:48.0531 0x0d94 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
16:52:48.0687 0x0d94 C:\WINDOWS\system32\smss.exe - ok
16:52:48.0687 0x0d94 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
16:52:48.0687 0x0d94 C:\WINDOWS\system32\autochk.exe - ok
16:52:48.0703 0x0d94 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
16:52:48.0703 0x0d94 C:\WINDOWS\system32\sfcfiles.dll - ok
16:52:48.0718 0x0d94 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] C:\WINDOWS\system32\drivers\atapi.sys
16:52:48.0718 0x0d94 C:\WINDOWS\system32\drivers\atapi.sys - ok
16:52:48.0718 0x0d94 [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] C:\WINDOWS\system32\drivers\wmilib.sys
16:52:48.0718 0x0d94 C:\WINDOWS\system32\drivers\wmilib.sys - ok
16:52:48.0734 0x0d94 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] C:\WINDOWS\system32\drivers\wanarp.sys
16:52:48.0734 0x0d94 C:\WINDOWS\system32\drivers\wanarp.sys - ok
16:52:48.0734 0x0d94 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
16:52:48.0734 0x0d94 C:\WINDOWS\system32\drivers\dxapi.sys - ok
16:52:48.0750 0x0d94 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
16:52:48.0750 0x0d94 C:\WINDOWS\system32\watchdog.sys - ok
16:52:48.0750 0x0d94 [ E40E572FD5DA970921A893B05FB217D9, C5E5EDA6087185BC4983BC3F57CD3143BA58B415AB729D918897653EADEB4D87 ] C:\WINDOWS\system32\win32k.sys
16:52:48.0750 0x0d94 C:\WINDOWS\system32\win32k.sys - ok
16:52:48.0765 0x0d94 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
16:52:48.0765 0x0d94 C:\WINDOWS\system32\csrss.exe - ok
16:52:48.0781 0x0d94 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:52:48.0781 0x0d94 C:\WINDOWS\system32\basesrv.dll - ok
16:52:48.0781 0x0d94 [ 51C5B2BC37AE9EC5FED75B4AEEE04B18, 97BDC15CAFC49C612A23E9E5F5794A02B0CB81E6F59DB5DD886710A456E4A8D2 ] C:\WINDOWS\system32\csrsrv.dll
16:52:48.0781 0x0d94 C:\WINDOWS\system32\csrsrv.dll - ok
16:52:48.0781 0x0d94 [ 42B5427FAC23BF6F1F31E466B7FEB084, 84B8297D82CBD0A38CDC15BC00E691BC849DECFE5A2184816FDD49C63C350059 ] C:\WINDOWS\system32\winsrv.dll
16:52:48.0781 0x0d94 C:\WINDOWS\system32\winsrv.dll - ok
16:52:48.0796 0x0d94 [ 8B1F3320AEBB536E021A5014409862DE, AF87414100C16882B5CB6852C94205EC646A42B2616C5EC8AD5010611427FAF1 ] C:\WINDOWS\system32\gdi32.dll
16:52:48.0796 0x0d94 C:\WINDOWS\system32\gdi32.dll - ok
16:52:48.0812 0x0d94 [ B921FB870C9AC0D509B2CCABBBBE95F3, D3B69A8B59E07E775F99871C4AD107A4F72F392325695E7F261F6AA6E590D4E6 ] C:\WINDOWS\system32\kernel32.dll
16:52:48.0812 0x0d94 C:\WINDOWS\system32\kernel32.dll - ok
16:52:48.0812 0x0d94 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
16:52:48.0812 0x0d94 C:\WINDOWS\system32\user32.dll - ok
16:52:48.0828 0x0d94 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
16:52:48.0828 0x0d94 C:\WINDOWS\system32\drivers\dxg.sys - ok
16:52:48.0828 0x0d94 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
16:52:48.0828 0x0d94 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
16:52:48.0843 0x0d94 [ C1A0DEB3A8E701D53C7B25A7735B9CD2, A64CE3ED71FAD0592CD4E729DF7ADC438D8FADEC7DC80CD9239D09BEEB6920BF ] C:\WINDOWS\system32\igxprd32.dll
16:52:48.0843 0x0d94 C:\WINDOWS\system32\igxprd32.dll - ok
16:52:48.0843 0x0d94 [ 74DBB7ED3ABB6C9F0D8E1A2CCADDF4FB, 7275455598BAFE0A5BCA1A24D3EACF87C74FC92C4DC1F6EB67541778FE24C164 ] C:\WINDOWS\system32\igxpgd32.dll
16:52:48.0843 0x0d94 C:\WINDOWS\system32\igxpgd32.dll - ok
16:52:48.0859 0x0d94 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
16:52:48.0859 0x0d94 C:\WINDOWS\system32\vga.dll - ok
16:52:48.0875 0x0d94 [ CBAE8185F15210BE3F9E09F5BF14E94E, 7764A28EAB6871EEA930587EF40847DA662051A6361BF128CC60BB4ABC7E00E8 ] C:\WINDOWS\system32\igxpdv32.dll
16:52:48.0875 0x0d94 C:\WINDOWS\system32\igxpdv32.dll - ok
16:52:48.0875 0x0d94 [ 8BF96C13124872CC1054D7F8CC9F5A26, C8F2202A1F1DD4923941E8E05B68818E51C214BB1A0D6E80E14E2B344AF220C8 ] C:\WINDOWS\system32\igxpdx32.dll
16:52:48.0875 0x0d94 C:\WINDOWS\system32\igxpdx32.dll - ok
16:52:48.0890 0x0d94 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
16:52:48.0890 0x0d94 C:\WINDOWS\system32\winlogon.exe - ok
16:52:48.0890 0x0d94 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
16:52:48.0890 0x0d94 C:\WINDOWS\system32\advapi32.dll - ok
16:52:48.0906 0x0d94 [ D4502F124289A31976130CCCB014C9AA, 54A54C5CAA73F4B872AE04B984EFD65F812AED1461C8B3D543413502C92C42AD ] C:\WINDOWS\system32\rpcrt4.dll
16:52:48.0906 0x0d94 C:\WINDOWS\system32\rpcrt4.dll - ok
16:52:48.0906 0x0d94 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
16:52:48.0906 0x0d94 C:\WINDOWS\system32\secur32.dll - ok
16:52:48.0921 0x0d94 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
16:52:48.0921 0x0d94 C:\WINDOWS\system32\authz.dll - ok
16:52:48.0937 0x0d94 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
16:52:48.0937 0x0d94 C:\WINDOWS\system32\msvcrt.dll - ok
16:52:48.0937 0x0d94 [ BDAAF79DD63F194434D31A74B9BB8B77, 6A4478F0344243427206AC99047675083E05673ACFE9B037B5FA471BCF4694D8 ] C:\WINDOWS\system32\crypt32.dll
16:52:48.0937 0x0d94 C:\WINDOWS\system32\crypt32.dll - ok
16:52:48.0953 0x0d94 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
16:52:48.0953 0x0d94 C:\WINDOWS\system32\msasn1.dll - ok
16:52:48.0953 0x0d94 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
16:52:48.0953 0x0d94 C:\WINDOWS\system32\nddeapi.dll - ok
16:52:48.0968 0x0d94 [ 318230E845919255EF3C5D5E1E863631, FEA487503602A6DC85EA0E07FBECEB32296776B6DCD4703E67AF90B4631073EA ] C:\WINDOWS\system32\netapi32.dll
16:52:48.0968 0x0d94 C:\WINDOWS\system32\netapi32.dll - ok
16:52:48.0968 0x0d94 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
16:52:48.0968 0x0d94 C:\WINDOWS\system32\profmap.dll - ok
16:52:48.0984 0x0d94 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
16:52:48.0984 0x0d94 C:\WINDOWS\system32\userenv.dll - ok
16:52:49.0000 0x0d94 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
16:52:49.0000 0x0d94 C:\WINDOWS\system32\psapi.dll - ok
16:52:49.0000 0x0d94 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
16:52:49.0000 0x0d94 C:\WINDOWS\system32\regapi.dll - ok
16:52:49.0015 0x0d94 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
16:52:49.0015 0x0d94 C:\WINDOWS\system32\setupapi.dll - ok
16:52:49.0015 0x0d94 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
16:52:49.0015 0x0d94 C:\WINDOWS\system32\version.dll - ok
16:52:49.0031 0x0d94 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
16:52:49.0031 0x0d94 C:\WINDOWS\system32\winsta.dll - ok
16:52:49.0031 0x0d94 [ AEADC4FE32D6D60F36D9B9ACE5C642A2, 053798FBBCFF1B0CCB1EED8FDC9847483B9140D7C1C1E39DE41D27DA74FD0C08 ] C:\WINDOWS\system32\wintrust.dll
16:52:49.0031 0x0d94 C:\WINDOWS\system32\wintrust.dll - ok
16:52:49.0046 0x0d94 [ CA648BD638245EB83F971FF71B031BEC, 57ED175F0A0B8916181B582100F44C5C7F7382E40E7043952B58C43CED2B7492 ] C:\WINDOWS\system32\imagehlp.dll
16:52:49.0046 0x0d94 C:\WINDOWS\system32\imagehlp.dll - ok
16:52:49.0046 0x0d94 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
16:52:49.0046 0x0d94 C:\WINDOWS\system32\ws2help.dll - ok
16:52:49.0062 0x0d94 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
16:52:49.0062 0x0d94 C:\WINDOWS\system32\ws2_32.dll - ok
16:52:49.0078 0x0d94 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
16:52:49.0078 0x0d94 C:\WINDOWS\system32\imm32.dll - ok
16:52:49.0078 0x0d94 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
16:52:49.0078 0x0d94 C:\WINDOWS\system32\kbdus.dll - ok
16:52:49.0093 0x0d94 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
16:52:49.0093 0x0d94 C:\WINDOWS\system32\msgina.dll - ok
16:52:49.0093 0x0d94 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
16:52:49.0093 0x0d94 C:\WINDOWS\system32\comctl32.dll - ok
16:52:49.0109 0x0d94 [ 52A5A388661FF3A889593185367B7226, 7500D72CCDBFF8724FF3A42A8970CE31DE1E23561FE70A1F49B7C863CDEC6D12 ] C:\WINDOWS\system32\odbc32.dll
16:52:49.0109 0x0d94 C:\WINDOWS\system32\odbc32.dll - ok
16:52:49.0109 0x0d94 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
16:52:49.0109 0x0d94 C:\WINDOWS\system32\comdlg32.dll - ok
16:52:49.0125 0x0d94 [ 304CFF53C9C9BEB03607ABE94A8FC781, 08DCAF75DB78995620DDDE57F6F441C5D466A5508497721594A4C921CC3B87ED ] C:\WINDOWS\system32\shell32.dll
16:52:49.0125 0x0d94 C:\WINDOWS\system32\shell32.dll - ok
16:52:49.0140 0x0d94 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
16:52:49.0140 0x0d94 C:\WINDOWS\system32\shlwapi.dll - ok
16:52:49.0140 0x0d94 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
16:52:49.0140 0x0d94 C:\WINDOWS\system32\sxs.dll - ok
16:52:49.0156 0x0d94 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
16:52:49.0156 0x0d94 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
16:52:49.0156 0x0d94 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
16:52:49.0156 0x0d94 C:\WINDOWS\system32\odbcint.dll - ok
16:52:49.0171 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] C:\WINDOWS\system32\shsvcs.dll
16:52:49.0171 0x0d94 C:\WINDOWS\system32\shsvcs.dll - ok
16:52:49.0171 0x0d94 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
16:52:49.0171 0x0d94 C:\WINDOWS\system32\sfc.dll - ok
16:52:49.0187 0x0d94 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
16:52:49.0187 0x0d94 C:\WINDOWS\system32\sfc_os.dll - ok
16:52:49.0203 0x0d94 [ 7A6A7900B5E322763430BA6FD9A31224, BECF20E73A17A9BBF9A43F4B859CDE78176B839A9ACAC488D9B0955513BD8C56 ] C:\WINDOWS\system32\ole32.dll
16:52:49.0203 0x0d94 C:\WINDOWS\system32\ole32.dll - ok
16:52:49.0203 0x0d94 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
16:52:49.0203 0x0d94 C:\WINDOWS\system32\apphelp.dll - ok
16:52:49.0218 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:52:49.0218 0x0d94 C:\WINDOWS\system32\services.exe - ok
16:52:49.0218 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
16:52:49.0218 0x0d94 C:\WINDOWS\system32\lsass.exe - ok
16:52:49.0234 0x0d94 [ 6A77C91890CFE08135301574BB29559F, FA4041DC4920E45F9172DF121A03A94CC97F32B8CDF7689281CEB24B18847AE3 ] C:\WINDOWS\system32\lsasrv.dll
16:52:49.0234 0x0d94 C:\WINDOWS\system32\lsasrv.dll - ok
16:52:49.0250 0x0d94 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
16:52:49.0250 0x0d94 C:\WINDOWS\system32\msvcp60.dll - ok
16:52:49.0250 0x0d94 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
16:52:49.0250 0x0d94 C:\WINDOWS\system32\ncobjapi.dll - ok
16:52:49.0265 0x0d94 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
16:52:49.0265 0x0d94 C:\WINDOWS\system32\scesrv.dll - ok
16:52:49.0265 0x0d94 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
16:52:49.0265 0x0d94 C:\WINDOWS\system32\umpnpmgr.dll - ok
16:52:49.0281 0x0d94 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
16:52:49.0281 0x0d94 C:\WINDOWS\system32\mpr.dll - ok
16:52:49.0281 0x0d94 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
16:52:49.0281 0x0d94 C:\WINDOWS\system32\shimeng.dll - ok
16:52:49.0296 0x0d94 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\AcAdProc.dll
16:52:49.0296 0x0d94 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
16:52:49.0296 0x0d94 [ 5D3FDE8FB2801A2041D1B965372C4928, 4CCDC67160606ACDC67B50D93F760E7C689FD3F33375DD259F35C76451ACB7A8 ] C:\WINDOWS\system32\dnsapi.dll
16:52:49.0296 0x0d94 C:\WINDOWS\system32\dnsapi.dll - ok
16:52:49.0312 0x0d94 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
16:52:49.0312 0x0d94 C:\WINDOWS\system32\ntdsapi.dll - ok
16:52:49.0312 0x0d94 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
16:52:49.0328 0x0d94 C:\WINDOWS\system32\wldap32.dll - ok
16:52:49.0328 0x0d94 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
16:52:49.0328 0x0d94 C:\WINDOWS\system32\samlib.dll - ok
16:52:49.0343 0x0d94 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
16:52:49.0343 0x0d94 C:\WINDOWS\system32\samsrv.dll - ok
16:52:49.0343 0x0d94 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
16:52:49.0343 0x0d94 C:\WINDOWS\system32\cryptdll.dll - ok
16:52:49.0359 0x0d94 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\AcGenral.dll
16:52:49.0359 0x0d94 C:\WINDOWS\AppPatch\AcGenral.dll - ok
16:52:49.0359 0x0d94 [ F1300D0B4C40754A01DF16F350F0EF60, 43FD39BEE0881D30E784A38FBC57B84E58C28181A66F03F2699823EED18C6F16 ] C:\WINDOWS\system32\winmm.dll
16:52:49.0359 0x0d94 C:\WINDOWS\system32\winmm.dll - ok
16:52:49.0375 0x0d94 [ 387006CF9983000BAB76DD250D424045, 415A3AC2D5BEAB89E7151E39E639D97BFDEFF9646BD416185EC03D10847EAAA7 ] C:\WINDOWS\system32\oleaut32.dll
16:52:49.0375 0x0d94 C:\WINDOWS\system32\oleaut32.dll - ok
16:52:49.0375 0x0d94 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
16:52:49.0375 0x0d94 C:\WINDOWS\system32\msacm32.dll - ok
16:52:49.0390 0x0d94 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
16:52:49.0390 0x0d94 C:\WINDOWS\system32\uxtheme.dll - ok
16:52:49.0406 0x0d94 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
16:52:49.0406 0x0d94 C:\WINDOWS\system32\msapsspc.dll - ok
16:52:49.0406 0x0d94 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
16:52:49.0406 0x0d94 C:\WINDOWS\system32\msvcrt40.dll - ok
16:52:49.0421 0x0d94 [ 30ACE70B3C0242F0D1AC3B4FA708710F, 252CD590EE9168635C21AC78718868ABD5036731EBE9AA210C2055CA6F7C7BE7 ] C:\WINDOWS\system32\schannel.dll
16:52:49.0421 0x0d94 C:\WINDOWS\system32\schannel.dll - ok
16:52:49.0421 0x0d94 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
16:52:49.0421 0x0d94 C:\WINDOWS\system32\digest.dll - ok
16:52:49.0437 0x0d94 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ]
Second part of TDSS
sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:52:36.0703 0x0d94 sysaudio - ok
16:52:36.0718 0x0d94 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:52:36.0937 0x0d94 SysmonLog - ok
16:52:36.0968 0x0d94 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:52:37.0187 0x0d94 TapiSrv - ok
16:52:37.0234 0x0d94 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:52:37.0328 0x0d94 Tcpip - ok
16:52:37.0328 0x0d94 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:52:37.0546 0x0d94 TDPIPE - ok
16:52:37.0562 0x0d94 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:52:37.0765 0x0d94 TDTCP - ok
16:52:37.0781 0x0d94 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:52:37.0984 0x0d94 TermDD - ok
16:52:38.0015 0x0d94 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
16:52:38.0250 0x0d94 TermService - ok
16:52:38.0265 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:52:38.0500 0x0d94 Themes - ok
16:52:38.0515 0x0d94 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:52:38.0718 0x0d94 TosIde - ok
16:52:38.0734 0x0d94 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:52:38.0953 0x0d94 TrkWks - ok
16:52:38.0968 0x0d94 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:52:39.0187 0x0d94 Udfs - ok
16:52:39.0203 0x0d94 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:52:39.0296 0x0d94 ultra - ok
16:52:39.0343 0x0d94 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:52:39.0734 0x0d94 Update - ok
16:52:39.0750 0x0d94 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
16:52:39.0890 0x0d94 upnphost - ok
16:52:39.0906 0x0d94 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
16:52:40.0109 0x0d94 UPS - ok
16:52:40.0125 0x0d94 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:52:40.0343 0x0d94 usbccgp - ok
16:52:40.0359 0x0d94 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:52:40.0718 0x0d94 usbehci - ok
16:52:40.0734 0x0d94 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:52:40.0937 0x0d94 usbhub - ok
16:52:40.0953 0x0d94 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:52:41.0171 0x0d94 usbscan - ok
16:52:41.0187 0x0d94 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:52:41.0390 0x0d94 USBSTOR - ok
16:52:41.0406 0x0d94 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:52:41.0656 0x0d94 usbuhci - ok
16:52:41.0656 0x0d94 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:52:41.0859 0x0d94 VgaSave - ok
16:52:41.0875 0x0d94 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:52:42.0078 0x0d94 viaagp - ok
16:52:42.0093 0x0d94 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:52:42.0296 0x0d94 ViaIde - ok
16:52:42.0312 0x0d94 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:52:42.0609 0x0d94 VolSnap - ok
16:52:42.0640 0x0d94 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
16:52:42.0781 0x0d94 VSS - ok
16:52:42.0796 0x0d94 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll
16:52:43.0031 0x0d94 w32time - ok
16:52:43.0046 0x0d94 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:52:43.0250 0x0d94 Wanarp - ok
16:52:43.0296 0x0d94 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:52:43.0765 0x0d94 Wdf01000 - ok
16:52:43.0765 0x0d94 WDICA - ok
16:52:43.0796 0x0d94 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:52:44.0000 0x0d94 wdmaud - ok
16:52:44.0015 0x0d94 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
16:52:44.0234 0x0d94 WebClient - ok
16:52:44.0265 0x0d94 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:52:44.0468 0x0d94 winmgmt - ok
16:52:44.0500 0x0d94 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:52:44.0562 0x0d94 WmdmPmSN - ok
16:52:44.0578 0x0d94 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:52:44.0796 0x0d94 WmiApSrv - ok
16:52:44.0875 0x0d94 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:52:45.0140 0x0d94 WMPNetworkSvc - ok
16:52:45.0156 0x0d94 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:52:45.0375 0x0d94 WS2IFSL - ok
16:52:45.0390 0x0d94 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:52:45.0734 0x0d94 wscsvc - ok
16:52:45.0750 0x0d94 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:52:45.0968 0x0d94 wuauserv - ok
16:52:45.0984 0x0d94 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:52:46.0015 0x0d94 WudfPf - ok
16:52:46.0031 0x0d94 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:52:46.0078 0x0d94 WudfRd - ok
16:52:46.0093 0x0d94 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:52:46.0140 0x0d94 WudfSvc - ok
16:52:46.0187 0x0d94 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:52:47.0203 0x0d94 WZCSVC - ok
16:52:47.0234 0x0d94 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:52:47.0468 0x0d94 xmlprov - ok
16:52:47.0468 0x0d94 ================ Scan global ===============================
16:52:47.0484 0x0d94 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:52:47.0515 0x0d94 [ 42B5427FAC23BF6F1F31E466B7FEB084, 84B8297D82CBD0A38CDC15BC00E691BC849DECFE5A2184816FDD49C63C350059 ] C:\WINDOWS\system32\winsrv.dll
16:52:47.0593 0x0d94 [ 42B5427FAC23BF6F1F31E466B7FEB084, 84B8297D82CBD0A38CDC15BC00E691BC849DECFE5A2184816FDD49C63C350059 ] C:\WINDOWS\system32\winsrv.dll
16:52:47.0640 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:52:47.0656 0x0d94 [ Global ] - ok
16:52:47.0656 0x0d94 ================ Scan MBR ==================================
16:52:47.0671 0x0d94 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
16:52:47.0828 0x0d94 \Device\Harddisk0\DR0 - ok
16:52:47.0828 0x0d94 ================ Scan VBR ==================================
16:52:47.0828 0x0d94 [ CD2E87F8E0AD5605F3BFDDA37850CD2D ] \Device\Harddisk0\DR0\Partition1
16:52:47.0843 0x0d94 \Device\Harddisk0\DR0\Partition1 - ok
16:52:47.0843 0x0d94 ================ Scan active images ========================
16:52:47.0843 0x0d94 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] C:\WINDOWS\system32\drivers\intelppm.sys
16:52:47.0843 0x0d94 C:\WINDOWS\system32\drivers\intelppm.sys - ok
16:52:47.0859 0x0d94 [ DED98A3E466251CCAB93D579144B048C, 62F84856F9BEB7FE254E776B010A76EBD1F0F6B592A6D619366EFA972E2A33A8 ] C:\WINDOWS\system32\drivers\wdfldr.sys
16:52:47.0859 0x0d94 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
16:52:47.0859 0x0d94 [ 553CFF6CF3622DE0D7FEFDEBE72A6395, 009D92AE081A581478BA6FEC8244B04671D18AD2C0D7D6EBED689F1F88BE7202 ] C:\WINDOWS\system32\drivers\EMSC.sys
16:52:47.0859 0x0d94 C:\WINDOWS\system32\drivers\EMSC.sys - ok
16:52:47.0875 0x0d94 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] C:\WINDOWS\system32\drivers\wdf01000.sys
16:52:47.0875 0x0d94 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
16:52:47.0875 0x0d94 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
16:52:47.0875 0x0d94 C:\WINDOWS\system32\drivers\videoprt.sys - ok
16:52:47.0890 0x0d94 [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
16:52:47.0890 0x0d94 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
16:52:47.0890 0x0d94 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] C:\WINDOWS\system32\drivers\hdaudbus.sys
16:52:47.0890 0x0d94 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
16:52:47.0906 0x0d94 [ 76C465F570E90C28942D52CCB2580A10, 6C19806C00CE1178044845C1DD02562FF2FA0552AAA284115D7F151676BA52FC ] C:\WINDOWS\system32\drivers\scsiport.sys
16:52:47.0906 0x0d94 C:\WINDOWS\system32\drivers\scsiport.sys - ok
16:52:47.0921 0x0d94 [ FA4A5B32CAE6074205B26971191EFEE4, 86A097D3E27A9F7D532155FE6BE2D056B72B29C6CCEE046D6471875B08745453 ] C:\WINDOWS\system32\drivers\jmcr.sys
16:52:47.0921 0x0d94 C:\WINDOWS\system32\drivers\jmcr.sys - ok
16:52:47.0921 0x0d94 [ 9208C78BD9283F79A30252AD954C77A2, B3632642D1780109A2AE42D35CF45E52C6A4422A30673107464B3969CC6225B7 ] C:\WINDOWS\system32\drivers\BCMWL5.SYS
16:52:47.0921 0x0d94 C:\WINDOWS\system32\drivers\BCMWL5.SYS - ok
16:52:47.0937 0x0d94 [ 79B4FE884C18DD82D5449F6B6026D092, 434D2D39D20279B566B7C7E5367034DF981B2C8F5F16B0BF94360CE7B6BA0ADC ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
16:52:47.0937 0x0d94 C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
16:52:47.0937 0x0d94 [ 791912E524CC2CC6F50B5F2B52D1EB71, 2B269372E5B39B03089F781CC69AE519D1C840A80ADBE15EA3787FBCDE97F1A8 ] C:\WINDOWS\system32\drivers\usbport.sys
16:52:47.0937 0x0d94 C:\WINDOWS\system32\drivers\usbport.sys - ok
16:52:47.0953 0x0d94 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] C:\WINDOWS\system32\drivers\usbuhci.sys
16:52:47.0953 0x0d94 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
16:52:47.0953 0x0d94 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] C:\WINDOWS\system32\drivers\CmBatt.sys
16:52:47.0953 0x0d94 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
16:52:47.0968 0x0d94 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] C:\WINDOWS\system32\drivers\usbehci.sys
16:52:47.0968 0x0d94 C:\WINDOWS\system32\drivers\usbehci.sys - ok
16:52:47.0984 0x0d94 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
16:52:47.0984 0x0d94 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
16:52:47.0984 0x0d94 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
16:52:47.0984 0x0d94 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
16:52:48.0000 0x0d94 [ 64A8508B82A62BF661670884D1FD0E13, 099BCEAD9532BB592AFEC8A79E34E3B3AA0A43C20E6060792884817C2AA46482 ] C:\WINDOWS\system32\drivers\SynTP.sys
16:52:48.0000 0x0d94 C:\WINDOWS\system32\drivers\SynTP.sys - ok
16:52:48.0000 0x0d94 [ 596EB39B50D6EBD9B734DC4AE0544693, EFCA2CFFFB8467BAC63F5174F125FEEFFA1F29491285C5BF99B3A2B2A6A25934 ] C:\WINDOWS\system32\drivers\usbd.sys
16:52:48.0000 0x0d94 C:\WINDOWS\system32\drivers\usbd.sys - ok
16:52:48.0015 0x0d94 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
16:52:48.0015 0x0d94 C:\WINDOWS\system32\drivers\mouclass.sys - ok
16:52:48.0015 0x0d94 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
16:52:48.0015 0x0d94 C:\WINDOWS\system32\drivers\audstub.sys - ok
16:52:48.0031 0x0d94 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] C:\WINDOWS\system32\drivers\rasl2tp.sys
16:52:48.0031 0x0d94 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
16:52:48.0031 0x0d94 [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] C:\WINDOWS\system32\drivers\ndistapi.sys
16:52:48.0031 0x0d94 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
16:52:48.0046 0x0d94 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] C:\WINDOWS\system32\drivers\ndiswan.sys
16:52:48.0046 0x0d94 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
16:52:48.0062 0x0d94 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] C:\WINDOWS\system32\drivers\raspppoe.sys
16:52:48.0062 0x0d94 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
16:52:48.0062 0x0d94 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] C:\WINDOWS\system32\drivers\psched.sys
16:52:48.0062 0x0d94 C:\WINDOWS\system32\drivers\psched.sys - ok
16:52:48.0078 0x0d94 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] C:\WINDOWS\system32\drivers\raspptp.sys
16:52:48.0078 0x0d94 C:\WINDOWS\system32\drivers\raspptp.sys - ok
16:52:48.0078 0x0d94 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] C:\WINDOWS\system32\drivers\tdi.sys
16:52:48.0078 0x0d94 C:\WINDOWS\system32\drivers\tdi.sys - ok
16:52:48.0093 0x0d94 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] C:\WINDOWS\system32\drivers\msgpc.sys
16:52:48.0093 0x0d94 C:\WINDOWS\system32\drivers\msgpc.sys - ok
16:52:48.0093 0x0d94 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
16:52:48.0093 0x0d94 C:\WINDOWS\system32\drivers\ptilink.sys - ok
16:52:48.0109 0x0d94 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
16:52:48.0109 0x0d94 C:\WINDOWS\system32\drivers\raspti.sys - ok
16:52:48.0125 0x0d94 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
16:52:48.0125 0x0d94 C:\WINDOWS\system32\drivers\termdd.sys - ok
16:52:48.0125 0x0d94 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
16:52:48.0125 0x0d94 C:\WINDOWS\system32\drivers\ks.sys - ok
16:52:48.0140 0x0d94 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
16:52:48.0140 0x0d94 C:\WINDOWS\system32\drivers\swenum.sys - ok
16:52:48.0140 0x0d94 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
16:52:48.0140 0x0d94 C:\WINDOWS\system32\drivers\update.sys - ok
16:52:48.0156 0x0d94 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
16:52:48.0156 0x0d94 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
16:52:48.0156 0x0d94 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] C:\WINDOWS\system32\drivers\ndproxy.sys
16:52:48.0156 0x0d94 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
16:52:48.0171 0x0d94 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
16:52:48.0171 0x0d94 C:\WINDOWS\system32\drivers\usbhub.sys - ok
16:52:48.0187 0x0d94 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] C:\WINDOWS\system32\drivers\drmk.sys
16:52:48.0187 0x0d94 C:\WINDOWS\system32\drivers\drmk.sys - ok
16:52:48.0187 0x0d94 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] C:\WINDOWS\system32\drivers\portcls.sys
16:52:48.0187 0x0d94 C:\WINDOWS\system32\drivers\portcls.sys - ok
16:52:48.0203 0x0d94 [ 41BB402C2ADE27B32439BB765864AB3B, E109226D113F78D25DCD331B15B886AA6276EF8CD041E685A72C61BBA7374EB6 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:52:48.0203 0x0d94 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
16:52:48.0203 0x0d94 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
16:52:48.0203 0x0d94 C:\WINDOWS\system32\drivers\fdc.sys - ok
16:52:48.0218 0x0d94 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
16:52:48.0218 0x0d94 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
16:52:48.0234 0x0d94 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
16:52:48.0234 0x0d94 C:\WINDOWS\system32\drivers\cdrom.sys - ok
16:52:48.0234 0x0d94 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] C:\WINDOWS\system32\drivers\i2omgmt.sys
16:52:48.0234 0x0d94 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
16:52:48.0250 0x0d94 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
16:52:48.0250 0x0d94 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
16:52:48.0250 0x0d94 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] C:\WINDOWS\system32\drivers\aswsp.sys
16:52:48.0250 0x0d94 C:\WINDOWS\system32\drivers\aswsp.sys - ok
16:52:48.0265 0x0d94 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
16:52:48.0265 0x0d94 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
16:52:48.0265 0x0d94 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
16:52:48.0265 0x0d94 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
16:52:48.0281 0x0d94 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
16:52:48.0281 0x0d94 C:\WINDOWS\system32\drivers\null.sys - ok
16:52:48.0281 0x0d94 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
16:52:48.0281 0x0d94 C:\WINDOWS\system32\drivers\beep.sys - ok
16:52:48.0296 0x0d94 [ 96ECCF28FDBF1B2CC12725818A63628D, 0F25069EE8A44B6F4B18F82F384D404CC1776A2AFC5032D9ED19CE36FF2A61DC ] C:\WINDOWS\system32\drivers\hidparse.sys
16:52:48.0296 0x0d94 C:\WINDOWS\system32\drivers\hidparse.sys - ok
16:52:48.0312 0x0d94 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] C:\WINDOWS\system32\drivers\kbdhid.sys
16:52:48.0312 0x0d94 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
16:52:48.0312 0x0d94 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
16:52:48.0312 0x0d94 C:\WINDOWS\system32\drivers\vga.sys - ok
16:52:48.0328 0x0d94 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
16:52:48.0328 0x0d94 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
16:52:48.0328 0x0d94 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
16:52:48.0328 0x0d94 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
16:52:48.0343 0x0d94 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
16:52:48.0343 0x0d94 C:\WINDOWS\system32\drivers\msfs.sys - ok
16:52:48.0343 0x0d94 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
16:52:48.0343 0x0d94 C:\WINDOWS\system32\drivers\npfs.sys - ok
16:52:48.0359 0x0d94 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
16:52:48.0359 0x0d94 C:\WINDOWS\system32\drivers\rasacd.sys - ok
16:52:48.0375 0x0d94 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] C:\WINDOWS\system32\drivers\ipsec.sys
16:52:48.0375 0x0d94 C:\WINDOWS\system32\drivers\ipsec.sys - ok
16:52:48.0375 0x0d94 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] C:\WINDOWS\system32\drivers\tcpip.sys
16:52:48.0375 0x0d94 C:\WINDOWS\system32\drivers\tcpip.sys - ok
16:52:48.0390 0x0d94 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] C:\WINDOWS\system32\drivers\ipnat.sys
16:52:48.0390 0x0d94 C:\WINDOWS\system32\drivers\ipnat.sys - ok
16:52:48.0390 0x0d94 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] C:\WINDOWS\system32\drivers\aswTdi.sys
16:52:48.0390 0x0d94 C:\WINDOWS\system32\drivers\aswTdi.sys - ok
16:52:48.0406 0x0d94 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] C:\WINDOWS\system32\drivers\netbt.sys
16:52:48.0406 0x0d94 C:\WINDOWS\system32\drivers\netbt.sys - ok
16:52:48.0406 0x0d94 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] C:\WINDOWS\system32\drivers\aswRdr.sys
16:52:48.0406 0x0d94 C:\WINDOWS\system32\drivers\aswRdr.sys - ok
16:52:48.0421 0x0d94 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
16:52:48.0421 0x0d94 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
16:52:48.0437 0x0d94 [ 7E775010EF291DA96AD17CA4B17137D7, E2B746D5839715432FA073378149545D51C8BEFF8621411E0FF184DE8AA83414 ] C:\WINDOWS\system32\drivers\afd.sys
16:52:48.0437 0x0d94 C:\WINDOWS\system32\drivers\afd.sys - ok
16:52:48.0437 0x0d94 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] C:\WINDOWS\system32\drivers\netbios.sys
16:52:48.0437 0x0d94 C:\WINDOWS\system32\drivers\netbios.sys - ok
16:52:48.0453 0x0d94 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
16:52:48.0453 0x0d94 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok
16:52:48.0453 0x0d94 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:52:48.0453 0x0d94 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
16:52:48.0468 0x0d94 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
16:52:48.0468 0x0d94 C:\WINDOWS\system32\drivers\redbook.sys - ok
16:52:48.0468 0x0d94 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] C:\WINDOWS\system32\drivers\rdbss.sys
16:52:48.0468 0x0d94 C:\WINDOWS\system32\drivers\rdbss.sys - ok
16:52:48.0484 0x0d94 [ F3AEFB11ABC521122B67095044169E98, A9FF6C9256FC1F08338F179FF7434AE064B5B6828F16AC8B5C8F362872E3078B ] C:\WINDOWS\system32\drivers\mrxsmb.sys
16:52:48.0484 0x0d94 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
16:52:48.0500 0x0d94 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
16:52:48.0500 0x0d94 C:\WINDOWS\system32\drivers\imapi.sys - ok
16:52:48.0500 0x0d94 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] C:\WINDOWS\system32\drivers\fips.sys
16:52:48.0500 0x0d94 C:\WINDOWS\system32\drivers\fips.sys - ok
16:52:48.0515 0x0d94 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] C:\WINDOWS\system32\drivers\aswSnx.sys
16:52:48.0515 0x0d94 C:\WINDOWS\system32\drivers\aswSnx.sys - ok
16:52:48.0515 0x0d94 [ 911DDF2E16761643A47225F654D811E5, 09BD981EAEBCCE6AFF0F17596CEBDD19A48955C268349E25FD1AAB73838A1940 ] C:\WINDOWS\system32\ntdll.dll
16:52:48.0515 0x0d94 C:\WINDOWS\system32\ntdll.dll - ok
16:52:48.0531 0x0d94 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
16:52:48.0687 0x0d94 C:\WINDOWS\system32\smss.exe - ok
16:52:48.0687 0x0d94 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
16:52:48.0687 0x0d94 C:\WINDOWS\system32\autochk.exe - ok
16:52:48.0703 0x0d94 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
16:52:48.0703 0x0d94 C:\WINDOWS\system32\sfcfiles.dll - ok
16:52:48.0718 0x0d94 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] C:\WINDOWS\system32\drivers\atapi.sys
16:52:48.0718 0x0d94 C:\WINDOWS\system32\drivers\atapi.sys - ok
16:52:48.0718 0x0d94 [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] C:\WINDOWS\system32\drivers\wmilib.sys
16:52:48.0718 0x0d94 C:\WINDOWS\system32\drivers\wmilib.sys - ok
16:52:48.0734 0x0d94 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] C:\WINDOWS\system32\drivers\wanarp.sys
16:52:48.0734 0x0d94 C:\WINDOWS\system32\drivers\wanarp.sys - ok
16:52:48.0734 0x0d94 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
16:52:48.0734 0x0d94 C:\WINDOWS\system32\drivers\dxapi.sys - ok
16:52:48.0750 0x0d94 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
16:52:48.0750 0x0d94 C:\WINDOWS\system32\watchdog.sys - ok
16:52:48.0750 0x0d94 [ E40E572FD5DA970921A893B05FB217D9, C5E5EDA6087185BC4983BC3F57CD3143BA58B415AB729D918897653EADEB4D87 ] C:\WINDOWS\system32\win32k.sys
16:52:48.0750 0x0d94 C:\WINDOWS\system32\win32k.sys - ok
16:52:48.0765 0x0d94 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
16:52:48.0765 0x0d94 C:\WINDOWS\system32\csrss.exe - ok
16:52:48.0781 0x0d94 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:52:48.0781 0x0d94 C:\WINDOWS\system32\basesrv.dll - ok
16:52:48.0781 0x0d94 [ 51C5B2BC37AE9EC5FED75B4AEEE04B18, 97BDC15CAFC49C612A23E9E5F5794A02B0CB81E6F59DB5DD886710A456E4A8D2 ] C:\WINDOWS\system32\csrsrv.dll
16:52:48.0781 0x0d94 C:\WINDOWS\system32\csrsrv.dll - ok
16:52:48.0781 0x0d94 [ 42B5427FAC23BF6F1F31E466B7FEB084, 84B8297D82CBD0A38CDC15BC00E691BC849DECFE5A2184816FDD49C63C350059 ] C:\WINDOWS\system32\winsrv.dll
16:52:48.0781 0x0d94 C:\WINDOWS\system32\winsrv.dll - ok
16:52:48.0796 0x0d94 [ 8B1F3320AEBB536E021A5014409862DE, AF87414100C16882B5CB6852C94205EC646A42B2616C5EC8AD5010611427FAF1 ] C:\WINDOWS\system32\gdi32.dll
16:52:48.0796 0x0d94 C:\WINDOWS\system32\gdi32.dll - ok
16:52:48.0812 0x0d94 [ B921FB870C9AC0D509B2CCABBBBE95F3, D3B69A8B59E07E775F99871C4AD107A4F72F392325695E7F261F6AA6E590D4E6 ] C:\WINDOWS\system32\kernel32.dll
16:52:48.0812 0x0d94 C:\WINDOWS\system32\kernel32.dll - ok
16:52:48.0812 0x0d94 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
16:52:48.0812 0x0d94 C:\WINDOWS\system32\user32.dll - ok
16:52:48.0828 0x0d94 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
16:52:48.0828 0x0d94 C:\WINDOWS\system32\drivers\dxg.sys - ok
16:52:48.0828 0x0d94 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
16:52:48.0828 0x0d94 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
16:52:48.0843 0x0d94 [ C1A0DEB3A8E701D53C7B25A7735B9CD2, A64CE3ED71FAD0592CD4E729DF7ADC438D8FADEC7DC80CD9239D09BEEB6920BF ] C:\WINDOWS\system32\igxprd32.dll
16:52:48.0843 0x0d94 C:\WINDOWS\system32\igxprd32.dll - ok
16:52:48.0843 0x0d94 [ 74DBB7ED3ABB6C9F0D8E1A2CCADDF4FB, 7275455598BAFE0A5BCA1A24D3EACF87C74FC92C4DC1F6EB67541778FE24C164 ] C:\WINDOWS\system32\igxpgd32.dll
16:52:48.0843 0x0d94 C:\WINDOWS\system32\igxpgd32.dll - ok
16:52:48.0859 0x0d94 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
16:52:48.0859 0x0d94 C:\WINDOWS\system32\vga.dll - ok
16:52:48.0875 0x0d94 [ CBAE8185F15210BE3F9E09F5BF14E94E, 7764A28EAB6871EEA930587EF40847DA662051A6361BF128CC60BB4ABC7E00E8 ] C:\WINDOWS\system32\igxpdv32.dll
16:52:48.0875 0x0d94 C:\WINDOWS\system32\igxpdv32.dll - ok
16:52:48.0875 0x0d94 [ 8BF96C13124872CC1054D7F8CC9F5A26, C8F2202A1F1DD4923941E8E05B68818E51C214BB1A0D6E80E14E2B344AF220C8 ] C:\WINDOWS\system32\igxpdx32.dll
16:52:48.0875 0x0d94 C:\WINDOWS\system32\igxpdx32.dll - ok
16:52:48.0890 0x0d94 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
16:52:48.0890 0x0d94 C:\WINDOWS\system32\winlogon.exe - ok
16:52:48.0890 0x0d94 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
16:52:48.0890 0x0d94 C:\WINDOWS\system32\advapi32.dll - ok
16:52:48.0906 0x0d94 [ D4502F124289A31976130CCCB014C9AA, 54A54C5CAA73F4B872AE04B984EFD65F812AED1461C8B3D543413502C92C42AD ] C:\WINDOWS\system32\rpcrt4.dll
16:52:48.0906 0x0d94 C:\WINDOWS\system32\rpcrt4.dll - ok
16:52:48.0906 0x0d94 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
16:52:48.0906 0x0d94 C:\WINDOWS\system32\secur32.dll - ok
16:52:48.0921 0x0d94 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
16:52:48.0921 0x0d94 C:\WINDOWS\system32\authz.dll - ok
16:52:48.0937 0x0d94 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
16:52:48.0937 0x0d94 C:\WINDOWS\system32\msvcrt.dll - ok
16:52:48.0937 0x0d94 [ BDAAF79DD63F194434D31A74B9BB8B77, 6A4478F0344243427206AC99047675083E05673ACFE9B037B5FA471BCF4694D8 ] C:\WINDOWS\system32\crypt32.dll
16:52:48.0937 0x0d94 C:\WINDOWS\system32\crypt32.dll - ok
16:52:48.0953 0x0d94 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
16:52:48.0953 0x0d94 C:\WINDOWS\system32\msasn1.dll - ok
16:52:48.0953 0x0d94 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
16:52:48.0953 0x0d94 C:\WINDOWS\system32\nddeapi.dll - ok
16:52:48.0968 0x0d94 [ 318230E845919255EF3C5D5E1E863631, FEA487503602A6DC85EA0E07FBECEB32296776B6DCD4703E67AF90B4631073EA ] C:\WINDOWS\system32\netapi32.dll
16:52:48.0968 0x0d94 C:\WINDOWS\system32\netapi32.dll - ok
16:52:48.0968 0x0d94 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
16:52:48.0968 0x0d94 C:\WINDOWS\system32\profmap.dll - ok
16:52:48.0984 0x0d94 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
16:52:48.0984 0x0d94 C:\WINDOWS\system32\userenv.dll - ok
16:52:49.0000 0x0d94 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
16:52:49.0000 0x0d94 C:\WINDOWS\system32\psapi.dll - ok
16:52:49.0000 0x0d94 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
16:52:49.0000 0x0d94 C:\WINDOWS\system32\regapi.dll - ok
16:52:49.0015 0x0d94 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
16:52:49.0015 0x0d94 C:\WINDOWS\system32\setupapi.dll - ok
16:52:49.0015 0x0d94 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
16:52:49.0015 0x0d94 C:\WINDOWS\system32\version.dll - ok
16:52:49.0031 0x0d94 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
16:52:49.0031 0x0d94 C:\WINDOWS\system32\winsta.dll - ok
16:52:49.0031 0x0d94 [ AEADC4FE32D6D60F36D9B9ACE5C642A2, 053798FBBCFF1B0CCB1EED8FDC9847483B9140D7C1C1E39DE41D27DA74FD0C08 ] C:\WINDOWS\system32\wintrust.dll
16:52:49.0031 0x0d94 C:\WINDOWS\system32\wintrust.dll - ok
16:52:49.0046 0x0d94 [ CA648BD638245EB83F971FF71B031BEC, 57ED175F0A0B8916181B582100F44C5C7F7382E40E7043952B58C43CED2B7492 ] C:\WINDOWS\system32\imagehlp.dll
16:52:49.0046 0x0d94 C:\WINDOWS\system32\imagehlp.dll - ok
16:52:49.0046 0x0d94 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
16:52:49.0046 0x0d94 C:\WINDOWS\system32\ws2help.dll - ok
16:52:49.0062 0x0d94 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
16:52:49.0062 0x0d94 C:\WINDOWS\system32\ws2_32.dll - ok
16:52:49.0078 0x0d94 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
16:52:49.0078 0x0d94 C:\WINDOWS\system32\imm32.dll - ok
16:52:49.0078 0x0d94 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
16:52:49.0078 0x0d94 C:\WINDOWS\system32\kbdus.dll - ok
16:52:49.0093 0x0d94 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
16:52:49.0093 0x0d94 C:\WINDOWS\system32\msgina.dll - ok
16:52:49.0093 0x0d94 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
16:52:49.0093 0x0d94 C:\WINDOWS\system32\comctl32.dll - ok
16:52:49.0109 0x0d94 [ 52A5A388661FF3A889593185367B7226, 7500D72CCDBFF8724FF3A42A8970CE31DE1E23561FE70A1F49B7C863CDEC6D12 ] C:\WINDOWS\system32\odbc32.dll
16:52:49.0109 0x0d94 C:\WINDOWS\system32\odbc32.dll - ok
16:52:49.0109 0x0d94 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
16:52:49.0109 0x0d94 C:\WINDOWS\system32\comdlg32.dll - ok
16:52:49.0125 0x0d94 [ 304CFF53C9C9BEB03607ABE94A8FC781, 08DCAF75DB78995620DDDE57F6F441C5D466A5508497721594A4C921CC3B87ED ] C:\WINDOWS\system32\shell32.dll
16:52:49.0125 0x0d94 C:\WINDOWS\system32\shell32.dll - ok
16:52:49.0140 0x0d94 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
16:52:49.0140 0x0d94 C:\WINDOWS\system32\shlwapi.dll - ok
16:52:49.0140 0x0d94 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
16:52:49.0140 0x0d94 C:\WINDOWS\system32\sxs.dll - ok
16:52:49.0156 0x0d94 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
16:52:49.0156 0x0d94 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
16:52:49.0156 0x0d94 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
16:52:49.0156 0x0d94 C:\WINDOWS\system32\odbcint.dll - ok
16:52:49.0171 0x0d94 [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] C:\WINDOWS\system32\shsvcs.dll
16:52:49.0171 0x0d94 C:\WINDOWS\system32\shsvcs.dll - ok
16:52:49.0171 0x0d94 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
16:52:49.0171 0x0d94 C:\WINDOWS\system32\sfc.dll - ok
16:52:49.0187 0x0d94 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
16:52:49.0187 0x0d94 C:\WINDOWS\system32\sfc_os.dll - ok
16:52:49.0203 0x0d94 [ 7A6A7900B5E322763430BA6FD9A31224, BECF20E73A17A9BBF9A43F4B859CDE78176B839A9ACAC488D9B0955513BD8C56 ] C:\WINDOWS\system32\ole32.dll
16:52:49.0203 0x0d94 C:\WINDOWS\system32\ole32.dll - ok
16:52:49.0203 0x0d94 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
16:52:49.0203 0x0d94 C:\WINDOWS\system32\apphelp.dll - ok
16:52:49.0218 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:52:49.0218 0x0d94 C:\WINDOWS\system32\services.exe - ok
16:52:49.0218 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
16:52:49.0218 0x0d94 C:\WINDOWS\system32\lsass.exe - ok
16:52:49.0234 0x0d94 [ 6A77C91890CFE08135301574BB29559F, FA4041DC4920E45F9172DF121A03A94CC97F32B8CDF7689281CEB24B18847AE3 ] C:\WINDOWS\system32\lsasrv.dll
16:52:49.0234 0x0d94 C:\WINDOWS\system32\lsasrv.dll - ok
16:52:49.0250 0x0d94 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
16:52:49.0250 0x0d94 C:\WINDOWS\system32\msvcp60.dll - ok
16:52:49.0250 0x0d94 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
16:52:49.0250 0x0d94 C:\WINDOWS\system32\ncobjapi.dll - ok
16:52:49.0265 0x0d94 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
16:52:49.0265 0x0d94 C:\WINDOWS\system32\scesrv.dll - ok
16:52:49.0265 0x0d94 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
16:52:49.0265 0x0d94 C:\WINDOWS\system32\umpnpmgr.dll - ok
16:52:49.0281 0x0d94 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
16:52:49.0281 0x0d94 C:\WINDOWS\system32\mpr.dll - ok
16:52:49.0281 0x0d94 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
16:52:49.0281 0x0d94 C:\WINDOWS\system32\shimeng.dll - ok
16:52:49.0296 0x0d94 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\AcAdProc.dll
16:52:49.0296 0x0d94 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
16:52:49.0296 0x0d94 [ 5D3FDE8FB2801A2041D1B965372C4928, 4CCDC67160606ACDC67B50D93F760E7C689FD3F33375DD259F35C76451ACB7A8 ] C:\WINDOWS\system32\dnsapi.dll
16:52:49.0296 0x0d94 C:\WINDOWS\system32\dnsapi.dll - ok
16:52:49.0312 0x0d94 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
16:52:49.0312 0x0d94 C:\WINDOWS\system32\ntdsapi.dll - ok
16:52:49.0312 0x0d94 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
16:52:49.0328 0x0d94 C:\WINDOWS\system32\wldap32.dll - ok
16:52:49.0328 0x0d94 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
16:52:49.0328 0x0d94 C:\WINDOWS\system32\samlib.dll - ok
16:52:49.0343 0x0d94 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
16:52:49.0343 0x0d94 C:\WINDOWS\system32\samsrv.dll - ok
16:52:49.0343 0x0d94 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
16:52:49.0343 0x0d94 C:\WINDOWS\system32\cryptdll.dll - ok
16:52:49.0359 0x0d94 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\AcGenral.dll
16:52:49.0359 0x0d94 C:\WINDOWS\AppPatch\AcGenral.dll - ok
16:52:49.0359 0x0d94 [ F1300D0B4C40754A01DF16F350F0EF60, 43FD39BEE0881D30E784A38FBC57B84E58C28181A66F03F2699823EED18C6F16 ] C:\WINDOWS\system32\winmm.dll
16:52:49.0359 0x0d94 C:\WINDOWS\system32\winmm.dll - ok
16:52:49.0375 0x0d94 [ 387006CF9983000BAB76DD250D424045, 415A3AC2D5BEAB89E7151E39E639D97BFDEFF9646BD416185EC03D10847EAAA7 ] C:\WINDOWS\system32\oleaut32.dll
16:52:49.0375 0x0d94 C:\WINDOWS\system32\oleaut32.dll - ok
16:52:49.0375 0x0d94 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
16:52:49.0375 0x0d94 C:\WINDOWS\system32\msacm32.dll - ok
16:52:49.0390 0x0d94 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
16:52:49.0390 0x0d94 C:\WINDOWS\system32\uxtheme.dll - ok
16:52:49.0406 0x0d94 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
16:52:49.0406 0x0d94 C:\WINDOWS\system32\msapsspc.dll - ok
16:52:49.0406 0x0d94 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
16:52:49.0406 0x0d94 C:\WINDOWS\system32\msvcrt40.dll - ok
16:52:49.0421 0x0d94 [ 30ACE70B3C0242F0D1AC3B4FA708710F, 252CD590EE9168635C21AC78718868ABD5036731EBE9AA210C2055CA6F7C7BE7 ] C:\WINDOWS\system32\schannel.dll
16:52:49.0421 0x0d94 C:\WINDOWS\system32\schannel.dll - ok
16:52:49.0421 0x0d94 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
16:52:49.0421 0x0d94 C:\WINDOWS\system32\digest.dll - ok
16:52:49.0437 0x0d94 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ]
MWB Killer
Third part of TDSS
C:\WINDOWS\system32\msnsspc.dll
16:52:49.0437 0x0d94 C:\WINDOWS\system32\msnsspc.dll - ok
16:52:49.0453 0x0d94 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\MSCTFIME.IME
16:52:49.0453 0x0d94 C:\WINDOWS\system32\MSCTFIME.IME - ok
16:52:49.0453 0x0d94 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
16:52:49.0453 0x0d94 C:\WINDOWS\system32\msprivs.dll - ok
16:52:49.0468 0x0d94 [ 99EA6AC9B3FEE42E0438A3A24720EE3F, EF29E2CD4B24521ED103CFE68E5414CE411ACD0E1139D316225EE52E80C40E5C ] C:\WINDOWS\system32\kerberos.dll
16:52:49.0468 0x0d94 C:\WINDOWS\system32\kerberos.dll - ok
16:52:49.0468 0x0d94 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
16:52:49.0468 0x0d94 C:\WINDOWS\system32\msv1_0.dll - ok
16:52:49.0484 0x0d94 [ 9BB5690B2CA8C4435484E23362115FEA, 960C54CCDCB614154B6C5E62BA0D2A06377A4AD47AB6DA543743B4579A1A8632 ] C:\WINDOWS\system32\atmfd.dll
16:52:49.0484 0x0d94 C:\WINDOWS\system32\atmfd.dll - ok
16:52:49.0484 0x0d94 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
16:52:49.0484 0x0d94 C:\WINDOWS\system32\iphlpapi.dll - ok
16:52:49.0500 0x0d94 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
16:52:49.0500 0x0d94 C:\WINDOWS\system32\netlogon.dll - ok
16:52:49.0515 0x0d94 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
16:52:49.0515 0x0d94 C:\WINDOWS\system32\w32time.dll - ok
16:52:49.0515 0x0d94 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
16:52:49.0515 0x0d94 C:\WINDOWS\system32\wdigest.dll - ok
16:52:49.0531 0x0d94 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
16:52:49.0531 0x0d94 C:\WINDOWS\system32\rsaenh.dll - ok
16:52:49.0546 0x0d94 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
16:52:49.0546 0x0d94 C:\WINDOWS\system32\winscard.dll - ok
16:52:49.0546 0x0d94 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
16:52:49.0546 0x0d94 C:\WINDOWS\system32\wtsapi32.dll - ok
16:52:49.0562 0x0d94 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
16:52:49.0562 0x0d94 C:\WINDOWS\system32\scecli.dll - ok
16:52:49.0562 0x0d94 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:52:49.0562 0x0d94 C:\WINDOWS\system32\drivers\aswMonFlt.sys - ok
16:52:49.0578 0x0d94 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
16:52:49.0578 0x0d94 C:\WINDOWS\system32\svchost.exe - ok
16:52:49.0593 0x0d94 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
16:52:49.0593 0x0d94 C:\WINDOWS\system32\ntmarta.dll - ok
16:52:49.0593 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
16:52:49.0593 0x0d94 C:\WINDOWS\system32\rpcss.dll - ok
16:52:49.0609 0x0d94 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
16:52:49.0609 0x0d94 C:\WINDOWS\system32\xpsp2res.dll - ok
16:52:49.0625 0x0d94 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
16:52:49.0625 0x0d94 C:\WINDOWS\system32\eventlog.dll - ok
16:52:49.0625 0x0d94 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
16:52:49.0625 0x0d94 C:\WINDOWS\system32\logonui.exe - ok
16:52:49.0640 0x0d94 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
16:52:49.0640 0x0d94 C:\WINDOWS\system32\duser.dll - ok
16:52:49.0656 0x0d94 [ 832E4DD8964AB7ACC880B2837CB1ED20, 9774411C6B66C3199348A7FDF448971CEBFFC18D45C11354DBC615AA8FEBF6F0 ] C:\WINDOWS\system32\mswsock.dll
16:52:49.0656 0x0d94 C:\WINDOWS\system32\mswsock.dll - ok
16:52:49.0656 0x0d94 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
16:52:49.0656 0x0d94 C:\WINDOWS\system32\hnetcfg.dll - ok
16:52:49.0671 0x0d94 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
16:52:49.0671 0x0d94 C:\WINDOWS\system32\msimg32.dll - ok
16:52:49.0671 0x0d94 [ 5F2DBE3CB563741C8084657BF956CE64, 53BBC2375CCBCF918EF8552FDF56F5572F0DF7DC0D72FF90E090F04314C3A6D4 ] C:\WINDOWS\system32\oleacc.dll
16:52:49.0671 0x0d94 C:\WINDOWS\system32\oleacc.dll - ok
16:52:49.0687 0x0d94 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
16:52:49.0687 0x0d94 C:\WINDOWS\system32\wshtcpip.dll - ok
16:52:49.0687 0x0d94 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
16:52:49.0687 0x0d94 C:\WINDOWS\system32\winrnr.dll - ok
16:52:49.0703 0x0d94 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
16:52:49.0703 0x0d94 C:\WINDOWS\system32\rasadhlp.dll - ok
16:52:49.0718 0x0d94 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
16:52:49.0718 0x0d94 C:\WINDOWS\system32\clbcatq.dll - ok
16:52:49.0718 0x0d94 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
16:52:49.0718 0x0d94 C:\WINDOWS\system32\comres.dll - ok
16:52:49.0734 0x0d94 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] C:\WINDOWS\system32\drivers\ndisuio.sys
16:52:49.0734 0x0d94 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
16:52:49.0734 0x0d94 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
16:52:49.0734 0x0d94 C:\WINDOWS\system32\cscdll.dll - ok
16:52:49.0750 0x0d94 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
16:52:49.0750 0x0d94 C:\WINDOWS\system32\dhcpcsvc.dll - ok
16:52:49.0750 0x0d94 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
16:52:49.0750 0x0d94 C:\WINDOWS\system32\dimsntfy.dll - ok
16:52:49.0765 0x0d94 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
16:52:49.0765 0x0d94 C:\WINDOWS\system32\shgina.dll - ok
16:52:49.0781 0x0d94 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
16:52:49.0781 0x0d94 C:\WINDOWS\system32\wlnotify.dll - ok
16:52:49.0781 0x0d94 [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] C:\WINDOWS\system32\dnsrslvr.dll
16:52:49.0781 0x0d94 C:\WINDOWS\system32\dnsrslvr.dll - ok
16:52:49.0781 0x0d94 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
16:52:49.0781 0x0d94 C:\WINDOWS\system32\winspool.drv - ok
16:52:49.0796 0x0d94 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] C:\WINDOWS\system32\lmhsvc.dll
16:52:49.0796 0x0d94 C:\WINDOWS\system32\lmhsvc.dll - ok
16:52:49.0812 0x0d94 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] C:\WINDOWS\system32\wzcsvc.dll
16:52:49.0812 0x0d94 C:\WINDOWS\system32\wzcsvc.dll - ok
16:52:49.0812 0x0d94 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
16:52:49.0812 0x0d94 C:\WINDOWS\system32\rtutils.dll - ok
16:52:49.0828 0x0d94 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
16:52:49.0828 0x0d94 C:\WINDOWS\system32\wmi.dll - ok
16:52:49.0828 0x0d94 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
16:52:49.0828 0x0d94 C:\WINDOWS\system32\atl.dll - ok
16:52:49.0843 0x0d94 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] C:\WINDOWS\system32\eapolqec.dll
16:52:49.0843 0x0d94 C:\WINDOWS\system32\eapolqec.dll - ok
16:52:49.0843 0x0d94 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] C:\WINDOWS\system32\qutil.dll
16:52:49.0843 0x0d94 C:\WINDOWS\system32\qutil.dll - ok
16:52:49.0859 0x0d94 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
16:52:49.0859 0x0d94 C:\WINDOWS\system32\dot3api.dll - ok
16:52:49.0875 0x0d94 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
16:52:49.0875 0x0d94 C:\WINDOWS\system32\esent.dll - ok
16:52:49.0875 0x0d94 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
16:52:49.0875 0x0d94 C:\WINDOWS\system32\cscui.dll - ok
16:52:49.0890 0x0d94 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
16:52:49.0890 0x0d94 C:\WINDOWS\system32\powrprof.dll - ok
16:52:49.0890 0x0d94 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] C:\WINDOWS\system32\rastls.dll
16:52:49.0890 0x0d94 C:\WINDOWS\system32\rastls.dll - ok
16:52:49.0906 0x0d94 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] C:\WINDOWS\system32\dpcdll.dll
16:52:49.0906 0x0d94 C:\WINDOWS\system32\dpcdll.dll - ok
16:52:49.0906 0x0d94 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
16:52:49.0906 0x0d94 C:\WINDOWS\system32\cryptui.dll - ok
16:52:49.0921 0x0d94 [ 306A2B05EA9846278113964DC6E2C940, E16F303BE39C67172588DA38D8762E8A65C419791A59B9EBDBBAD0AD569AA67F ] C:\WINDOWS\system32\wininet.dll
16:52:49.0921 0x0d94 C:\WINDOWS\system32\wininet.dll - ok
16:52:49.0937 0x0d94 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
16:52:49.0937 0x0d94 C:\WINDOWS\system32\normaliz.dll - ok
16:52:49.0937 0x0d94 [ 30EE694430B9BD030858CCA88AF1875F, 31B407203FE59CB39520BFB6F532C590B3979CCF214FE9AA1BC7D9C679C85859 ] C:\WINDOWS\system32\urlmon.dll
16:52:49.0937 0x0d94 C:\WINDOWS\system32\urlmon.dll - ok
16:52:49.0953 0x0d94 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
16:52:49.0953 0x0d94 C:\WINDOWS\system32\userinit.exe - ok
16:52:49.0953 0x0d94 [ B8A72ABACA96B56FBE83AC2801586E50, EF5072F109D845DCB78CDBA5B6928B64833C1653687B5E6B0C6814B2225A9B67 ] C:\WINDOWS\system32\iertutil.dll
16:52:49.0953 0x0d94 C:\WINDOWS\system32\iertutil.dll - ok
16:52:49.0968 0x0d94 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] C:\WINDOWS\system32\activeds.dll
16:52:49.0968 0x0d94 C:\WINDOWS\system32\activeds.dll - ok
16:52:49.0968 0x0d94 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] C:\WINDOWS\system32\mprapi.dll
16:52:49.0968 0x0d94 C:\WINDOWS\system32\mprapi.dll - ok
16:52:49.0984 0x0d94 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] C:\WINDOWS\system32\adsldpc.dll
16:52:49.0984 0x0d94 C:\WINDOWS\system32\adsldpc.dll - ok
16:52:50.0000 0x0d94 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
16:52:50.0000 0x0d94 C:\WINDOWS\explorer.exe - ok
16:52:50.0000 0x0d94 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
16:52:50.0000 0x0d94 C:\WINDOWS\system32\rasapi32.dll - ok
16:52:50.0015 0x0d94 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
16:52:50.0015 0x0d94 C:\WINDOWS\system32\rasman.dll - ok
16:52:50.0015 0x0d94 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
16:52:50.0015 0x0d94 C:\WINDOWS\system32\tapi32.dll - ok
16:52:50.0031 0x0d94 [ E392E172687BE172F8600C5F41AB03D9, 5E928035FA9DB71FDCEB74D6D4859E43169A0B202A87653A2CE5F88865D13D2E ] C:\WINDOWS\system32\browseui.dll
16:52:50.0031 0x0d94 C:\WINDOWS\system32\browseui.dll - ok
16:52:50.0031 0x0d94 [ 0A1D88669C38B3DCD2E8AD9CC3756361, 37C1548516ACAE0F5987198FA18643A7550F4A518A051DC77D7248E2452CDF97 ] C:\WINDOWS\system32\shdocvw.dll
16:52:50.0031 0x0d94 C:\WINDOWS\system32\shdocvw.dll - ok
16:52:50.0046 0x0d94 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
16:52:50.0046 0x0d94 C:\WINDOWS\system32\riched20.dll - ok
16:52:50.0046 0x0d94 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] C:\WINDOWS\system32\raschap.dll
16:52:50.0046 0x0d94 C:\WINDOWS\system32\raschap.dll - ok
16:52:50.0062 0x0d94 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] C:\WINDOWS\system32\netman.dll
16:52:50.0062 0x0d94 C:\WINDOWS\system32\netman.dll - ok
16:52:50.0078 0x0d94 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
16:52:50.0078 0x0d94 C:\WINDOWS\system32\netshell.dll - ok
16:52:50.0078 0x0d94 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:52:50.0078 0x0d94 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
16:52:50.0093 0x0d94 [ 38FC1D28B0E1EA74F98BB3F743DB101A, 3E719E0053A0EBBD57ABDFEF92DC1F26854966B8411D46A3836E62A103FD052C ] C:\Program Files\AVAST Software\Avast\ashbase.dll
16:52:50.0093 0x0d94 C:\Program Files\AVAST Software\Avast\ashbase.dll - ok
16:52:50.0093 0x0d94 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
16:52:50.0093 0x0d94 C:\WINDOWS\system32\credui.dll - ok
16:52:50.0109 0x0d94 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
16:52:50.0109 0x0d94 C:\WINDOWS\system32\dot3dlg.dll - ok
16:52:50.0109 0x0d94 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
16:52:50.0109 0x0d94 C:\WINDOWS\system32\onex.dll - ok
16:52:50.0125 0x0d94 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
16:52:50.0125 0x0d94 C:\WINDOWS\system32\wsock32.dll - ok
16:52:50.0140 0x0d94 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
16:52:50.0140 0x0d94 C:\WINDOWS\system32\eappcfg.dll - ok
16:52:50.0140 0x0d94 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ]
C:\WINDOWS\system32\eappprxy.dll
16:52:50.0140 0x0d94 C:\WINDOWS\system32\eappprxy.dll - ok
16:52:50.0156 0x0d94 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] C:\WINDOWS\system32\wzcsapi.dll
16:52:50.0156 0x0d94 C:\WINDOWS\system32\wzcsapi.dll - ok
16:52:50.0156 0x0d94 [ 1BA6666ED0C7B576088A36E911199033, AA36977AB3C3E06BDCED4A3E3D3A466F793F9858AFECE06B8B3818A363CF6DE8 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
16:52:50.0156 0x0d94 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
16:52:50.0171 0x0d94 [ B57FD7DD0FAF85F737DC3D483A9D63BB, 6A34D5C7F63BF2B60F77A5BD52EC9704DBB58778F7403429C2D286FCFED3B2A0 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
16:52:50.0171 0x0d94 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
16:52:50.0171 0x0d94 [ 4BA25D2CBE1587A841DCFB8C8C4A6EA6, B30160E759115E24425B9BCDF606EF6EBCE4657487525EDE7F1AC40B90FF7E49 ] C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcr110.dll
16:52:50.0171 0x0d94 C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcr110.dll - ok
16:52:50.0187 0x0d94 [ 3CED666BC61431DCD928E03ED4ABCAEA, C92FC8270B210566D4909032FFCA6D4D7332145120DEF8372C23B491BE128858 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
16:52:50.0187 0x0d94 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
16:52:50.0203 0x0d94 [ 0AA25A2F866FE94747B3EDE7FE9FAA77, D1C71E6CC8DBCD1D8770FEDD0DD281D0042978AE9A61A807CB44AB3A6A8DE8C8 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
16:52:50.0203 0x0d94 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
16:52:50.0203 0x0d94 [ 3E29914113EC4B968BA5EB1F6D194A0A, C8D5572CA8D7624871188F0ACABC3AE60D4C5A4F6782D952B9038DE3BC28B39A ] C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcp110.dll
16:52:50.0203 0x0d94 C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcp110.dll - ok
16:52:50.0218 0x0d94 [ 7486BA75019D8C3A13EBA7867FAABE7D, 084A8973A9F7325241E156BD4D1218F732543C5707098F12273212B4E7A6BFE0 ] C:\Program Files\AVAST Software\Avast\avastIP.dll
16:52:50.0218 0x0d94 C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
16:52:50.0218 0x0d94 [ 8D113C7490621FF50F9BA46C7D8C423E, 2DD3B7BBD1F849C1EE93AA3511D5D3673E5B554E06240A07EC5963BB7D7A33B6 ] C:\Program Files\AVAST Software\Avast\aswcommchannel.dll
16:52:50.0218 0x0d94 C:\Program Files\AVAST Software\Avast\aswcommchannel.dll - ok
16:52:50.0234 0x0d94 [ 9EA93673394601DB13CF5519CF7F5DE7, 65727A233405EA4A8D8E48004B3A3025734B53BCA622503B747DDF8385A31E3C ] C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dll
16:52:50.0234 0x0d94 C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dll - ok
16:52:50.0250 0x0d94 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
16:52:50.0250 0x0d94 C:\WINDOWS\system32\msi.dll - ok
16:52:50.0250 0x0d94 [ 8C77ECF3C7DCBB926312B7ECED6ECA75, 38FD523438129F11C0CF3441620BACE713D84A8C111231EFB077FFBC5CE2E810 ] C:\WINDOWS\system32\winhttp.dll
16:52:50.0250 0x0d94 C:\WINDOWS\system32\winhttp.dll - ok
16:52:50.0265 0x0d94 [ 77F8C2F976899F7656C5E34D145B13F2, C1D95B0BBE111420CE7A163E8AB90DA107BC5ADC44212EEF4CFE9D4722CC6FBC ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
16:52:50.0265 0x0d94 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
16:52:50.0281 0x0d94 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
16:52:50.0281 0x0d94 C:\WINDOWS\system32\desk.cpl - ok
16:52:50.0281 0x0d94 [ E7FFA9306A4C10B22CA1F48B1BB72E05, 60A955ED7FEEC418C54FAF2E0C0F54216BC295074FA899114BCFF566D1D76C80 ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
16:52:50.0281 0x0d94 C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
16:52:50.0296 0x0d94 [ A314EEA2A503A8E04085201E436384A5, F377590227E3BFC356996524AE2FF99B3ECEFFBC163F6AD9503B8AAD24AECDB3 ] C:\WINDOWS\system32\themeui.dll
16:52:50.0296 0x0d94 C:\WINDOWS\system32\themeui.dll - ok
16:52:50.0296 0x0d94 [ 5C5E3AFD499E5146FEF1DA5EF8A23205, 9A26FFAFFB26FA6549C6DA75F76238A903CA723F9DAD356FBA8D91067FE312FD ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
16:52:50.0296 0x0d94 C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
16:52:50.0312 0x0d94 [ 10505F2B5A89B60971192505824A5EF3, D05CED486A0AEF2D36336AC0CC50F95D756DDD3A4BE741F88AEC8D43606186F4 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
16:52:50.0312 0x0d94 C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
16:52:50.0328 0x0d94 [ 5B4FB12CAD6DAF3761A6E20E86402770, 8D4964774DD3D43AD9B50CD6F2E47C980AD2AE53E635F0D067F805EC2E1D520D ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
16:52:50.0328 0x0d94 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
16:52:50.0328 0x0d94 [ 62CC8C657AFFEA3D06FE2CA98883B5D8, BC7595D626C9D3F0769F90DC3DFF208FB807D8A20230B28EB3B9376D0D38952D ] C:\Program Files\AVAST Software\Avast\libeay32.dll
16:52:50.0328 0x0d94 C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
16:52:50.0343 0x0d94 [ 2D44EBD52EC34E25DDA0EEE07032C418, FC2FFEF053CDAED588675E69A49AAA4202B2911C4462183AD70A8976C194FD05 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
16:52:50.0343 0x0d94 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
16:52:50.0343 0x0d94 [ BE37D90FA0349B08B036BD33E85141C9, D3BD67325C322CCE81B5C5130E46BCBACE516637F74E13EE6244190815DD4C0B ] C:\Program Files\AVAST Software\Avast\ashServ.dll
16:52:50.0343 0x0d94 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
16:52:50.0359 0x0d94 [ 29FE98D9412388243E41869143D1805B, 71CB5EE45086BF76597295C1677F9C84212ABBD1BA4BB37375A64EBB89FBEC46 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
16:52:50.0359 0x0d94 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
16:52:50.0359 0x0d94 [ E4B7E7985CB75DE4E48E96D35A0DBF97, 07A2A8D51945B9C461738EC897269CE8746AC2980F7206FBA266D86BA4AB4E67 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
16:52:50.0359 0x0d94 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
16:52:50.0375 0x0d94 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
16:52:50.0375 0x0d94 C:\WINDOWS\system32\mlang.dll - ok
16:52:50.0390 0x0d94 [ 3211E20DA6C5EBE28CF7E4C3A55278E4, 304B5D66836B7797E6544A9996D635835A0CCBF061EB8C5537798A3B2D4C1CFF ] C:\Program Files\AVAST Software\Avast\aswAux.dll
16:52:50.0390 0x0d94 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
16:52:50.0390 0x0d94 [ 566382CA5F2C41FEAEEEFAC908F1EB92, FF25ACB5CC757F6D7FE8724EDAC16A36332406AF39745C45858AB24CAF24AC48 ] C:\WINDOWS\system32\xmlprovi.dll
16:52:50.0390 0x0d94 C:\WINDOWS\system32\xmlprovi.dll - ok
16:52:50.0406 0x0d94 [ 39D931C0CE95706E3951F0A097039301, AAB029921F0702A504FDF59A8FDEE2E83390759177569368008DCA15658B78E0 ] C:\Program Files\AVAST Software\Avast\aavm4h.dll
16:52:50.0406 0x0d94 C:\Program Files\AVAST Software\Avast\aavm4h.dll - ok
16:52:50.0406 0x0d94 [ 44574EAFCDDA003A22E4DF3EA73840AF, DF7E7CEF8FB7A20C7BCDF3DBF841535EB596E1D015A6972CCD186A117E1BB033 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
16:52:50.0406 0x0d94 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
16:52:50.0421 0x0d94 [ C30BEB2365677974EFA19B791E1AAD85, 17FCE54869DF45EDDA9989A9C0FBA4C94AF6F579EF78E6548E05ED20F8C0E849 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
16:52:50.0421 0x0d94 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
16:52:50.0421 0x0d94 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] C:\WINDOWS\system32\cmd.exe
16:52:50.0421 0x0d94 C:\WINDOWS\system32\cmd.exe - ok
16:52:50.0437 0x0d94 [ 2EF237A6B7232F45A7DF000C54974BF1, D5344F07BE9B0268897FB15A3FC66BE27333E9AA960920ABE0496339B260FF94 ] C:\WINDOWS\system32\ieframe.dll
16:52:50.0437 0x0d94 C:\WINDOWS\system32\ieframe.dll - ok
16:52:50.0453 0x0d94 [ 95884E0E8EAE21F7DF7A8916A7E058CF, D9A76E7685408ADBBA755FB3DC39948799CEB330A8C774262733F09C27972F8B ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
16:52:50.0453 0x0d94 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
16:52:50.0453 0x0d94 [ 5A9BD26D965F1E4DAC668C8F0C738FB7, 5359C2C8989C25195B3BE5B9F2FE5107F4860220AC16626F64AF2CCC606BC7CB ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
16:52:50.0453 0x0d94 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
16:52:50.0468 0x0d94 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] C:\WINDOWS\system32\spoolsv.exe
16:52:50.0468 0x0d94 C:\WINDOWS\system32\spoolsv.exe - ok
16:52:50.0468 0x0d94 [ 695B8C85231A4E8503B7DAB8D6A2E239, 6BC638027A7130245FB40874FB6FF486ABA2E4F96E1019A7BE272B931047FCF2 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswEngin.dll
16:52:50.0468 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswEngin.dll - ok
16:52:50.0484 0x0d94 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] C:\WINDOWS\system32\audiosrv.dll
16:52:50.0484 0x0d94 C:\WINDOWS\system32\audiosrv.dll - ok
16:52:50.0484 0x0d94 [ F5E6783580DE7936E13A00D14EE3C8BD, 85B6310BE1C0E22A9B872925D473E5F41E639EB665033D70A4A0D511E7306BEF ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnIS.dll
16:52:50.0500 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnIS.dll - ok
16:52:50.0500 0x0d94 [ E6C933F822C174A0B3CD97792E2EF60C, 638169F1B1A783E7D024039C3794BB321227A72E161072496C944D329B6647C0 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnOS.dll
16:52:50.0500 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnOS.dll - ok
16:52:50.0515 0x0d94 [ 5DED20A7A730412550D68F82FB527858, 1EABCB5DF162B915C5EF527AB5EE66C1D8C29176131B148AFB1771ED4B2A01E1 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnBS.dll
16:52:50.0515 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnBS.dll - ok
16:52:50.0515 0x0d94 [ 941D817B210C8737865E5970EF5A813B, C056FDC0890E96F5D596DD197C1B710CEFF915551C3A746C6CF5C3D6F43F3537 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswScan.dll
16:52:50.0515 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswScan.dll - ok
16:52:50.0531 0x0d94 [ D92A9BAC7A3B8477BB80D3A55D0FCF90, 6DE8B61A3C6AEA4E4A6615BE6FFE2398C4E30F2ADC2E9FB3C06E3EFB94CEFBC3 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswRep.dll
16:52:50.0531 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswRep.dll - ok
16:52:50.0531 0x0d94 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] C:\WINDOWS\system32\wkssvc.dll
16:52:50.0531 0x0d94 C:\WINDOWS\system32\wkssvc.dll - ok
16:52:50.0546 0x0d94 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] C:\WINDOWS\system32\drivers\mrxdav.sys
16:52:50.0546 0x0d94 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
16:52:50.0546 0x0d94 [ 5E32E7C5542D95E04E8ABE8B3F676D11, E1B5958ABE040C581A3B580F26372C7AC58A610877BB0C1D33A03D7C754AF172 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswFiDb.dll
16:52:50.0546 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswFiDb.dll - ok
16:52:50.0562 0x0d94 [ FA7A909CCDBFE5C1C5FF0F0CD80AE5CE, FF7AA268F53B7DDBF556715E29F20CC7A8D9EAA865DFD8893AA4CC84C821DA39 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCleanerDLL.dll
16:52:50.0562 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCleanerDLL.dll - ok
16:52:50.0578 0x0d94 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] C:\WINDOWS\system32\webclnt.dll
16:52:50.0578 0x0d94 C:\WINDOWS\system32\webclnt.dll - ok
16:52:50.0578 0x0d94 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] C:\WINDOWS\system32\wdmaud.drv
16:52:50.0578 0x0d94 C:\WINDOWS\system32\wdmaud.drv - ok
16:52:50.0593 0x0d94 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] C:\WINDOWS\system32\drivers\wdmaud.sys
16:52:50.0593 0x0d94 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
16:52:50.0593 0x0d94 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] C:\WINDOWS\system32\drivers\sysaudio.sys
16:52:50.0593 0x0d94 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
16:52:50.0609 0x0d94 [ 8BC5BAC18EF953B91DF19519630DCEAF, CA458793AF0B5630FEC7AF392917DE7816212AF625268DEDE49F531EC5AC01B1 ] C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
16:52:50.0609 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll - ok
16:52:50.0609 0x0d94 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] C:\WINDOWS\system32\drivers\serial.sys
16:52:50.0609 0x0d94 C:\WINDOWS\system32\drivers\serial.sys - ok
16:52:50.0625 0x0d94 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] C:\Program Files\SUPERAntiSpyware\SASCore.exe
16:52:50.0625 0x0d94 C:\Program Files\SUPERAntiSpyware\SASCore.exe - ok
16:52:50.0640 0x0d94 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] C:\WINDOWS\system32\drivers\splitter.sys
16:52:50.0640 0x0d94 C:\WINDOWS\system32\drivers\splitter.sys - ok
16:52:50.0640 0x0d94 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] C:\WINDOWS\system32\drivers\aec.sys
16:52:50.0640 0x0d94 C:\WINDOWS\system32\drivers\aec.sys - ok
16:52:50.0656 0x0d94 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] C:\WINDOWS\system32\drivers\swmidi.sys
16:52:50.0656 0x0d94 C:\WINDOWS\system32\drivers\swmidi.sys - ok
16:52:50.0656 0x0d94 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] C:\WINDOWS\system32\drivers\DMusic.sys
16:52:50.0656 0x0d94 C:\WINDOWS\system32\drivers\DMusic.sys - ok
16:52:50.0671 0x0d94 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] C:\WINDOWS\system32\drivers\kmixer.sys
16:52:50.0671 0x0d94 C:\WINDOWS\system32\drivers\kmixer.sys - ok
16:52:50.0687 0x0d94 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] C:\WINDOWS\system32\drivers\aswHwid.sys
16:52:50.0687 0x0d94 C:\WINDOWS\system32\drivers\aswHwid.sys - ok
16:52:50.0703 0x0d94 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] C:\WINDOWS\system32\drivers\drmkaud.sys
16:52:50.0703 0x0d94 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
16:52:50.0703 0x0d94 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
16:52:50.0703 0x0d94 C:\WINDOWS\system32\cryptsvc.dll - ok
16:52:50.0718 0x0d94 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
16:52:50.0718 0x0d94 C:\WINDOWS\system32\certcli.dll - ok
16:52:50.0718 0x0d94 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] C:\WINDOWS\system32\ipsecsvc.dll
16:52:50.0718 0x0d94 C:\WINDOWS\system32\ipsecsvc.dll - ok
16:52:50.0734 0x0d94 [ C5FF8682EADA5B3B27A865F1C3EF9270, 7D316AA7CFD6416C172F7A6A55476110F507BD3017DB37EC1624AFB11B3F3C3E ] C:\WINDOWS\system32\oakley.dll
16:52:50.0734 0x0d94 C:\WINDOWS\system32\oakley.dll - ok
16:52:50.0734 0x0d94 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
16:52:50.0734 0x0d94 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
16:52:50.0750 0x0d94 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ]
Third part of TDSS
C:\WINDOWS\system32\msnsspc.dll
16:52:49.0437 0x0d94 C:\WINDOWS\system32\msnsspc.dll - ok
16:52:49.0453 0x0d94 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\MSCTFIME.IME
16:52:49.0453 0x0d94 C:\WINDOWS\system32\MSCTFIME.IME - ok
16:52:49.0453 0x0d94 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
16:52:49.0453 0x0d94 C:\WINDOWS\system32\msprivs.dll - ok
16:52:49.0468 0x0d94 [ 99EA6AC9B3FEE42E0438A3A24720EE3F, EF29E2CD4B24521ED103CFE68E5414CE411ACD0E1139D316225EE52E80C40E5C ] C:\WINDOWS\system32\kerberos.dll
16:52:49.0468 0x0d94 C:\WINDOWS\system32\kerberos.dll - ok
16:52:49.0468 0x0d94 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
16:52:49.0468 0x0d94 C:\WINDOWS\system32\msv1_0.dll - ok
16:52:49.0484 0x0d94 [ 9BB5690B2CA8C4435484E23362115FEA, 960C54CCDCB614154B6C5E62BA0D2A06377A4AD47AB6DA543743B4579A1A8632 ] C:\WINDOWS\system32\atmfd.dll
16:52:49.0484 0x0d94 C:\WINDOWS\system32\atmfd.dll - ok
16:52:49.0484 0x0d94 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
16:52:49.0484 0x0d94 C:\WINDOWS\system32\iphlpapi.dll - ok
16:52:49.0500 0x0d94 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
16:52:49.0500 0x0d94 C:\WINDOWS\system32\netlogon.dll - ok
16:52:49.0515 0x0d94 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
16:52:49.0515 0x0d94 C:\WINDOWS\system32\w32time.dll - ok
16:52:49.0515 0x0d94 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
16:52:49.0515 0x0d94 C:\WINDOWS\system32\wdigest.dll - ok
16:52:49.0531 0x0d94 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
16:52:49.0531 0x0d94 C:\WINDOWS\system32\rsaenh.dll - ok
16:52:49.0546 0x0d94 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
16:52:49.0546 0x0d94 C:\WINDOWS\system32\winscard.dll - ok
16:52:49.0546 0x0d94 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
16:52:49.0546 0x0d94 C:\WINDOWS\system32\wtsapi32.dll - ok
16:52:49.0562 0x0d94 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
16:52:49.0562 0x0d94 C:\WINDOWS\system32\scecli.dll - ok
16:52:49.0562 0x0d94 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] C:\WINDOWS\system32\drivers\aswMonFlt.sys
16:52:49.0562 0x0d94 C:\WINDOWS\system32\drivers\aswMonFlt.sys - ok
16:52:49.0578 0x0d94 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
16:52:49.0578 0x0d94 C:\WINDOWS\system32\svchost.exe - ok
16:52:49.0593 0x0d94 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
16:52:49.0593 0x0d94 C:\WINDOWS\system32\ntmarta.dll - ok
16:52:49.0593 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
16:52:49.0593 0x0d94 C:\WINDOWS\system32\rpcss.dll - ok
16:52:49.0609 0x0d94 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
16:52:49.0609 0x0d94 C:\WINDOWS\system32\xpsp2res.dll - ok
16:52:49.0625 0x0d94 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
16:52:49.0625 0x0d94 C:\WINDOWS\system32\eventlog.dll - ok
16:52:49.0625 0x0d94 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
16:52:49.0625 0x0d94 C:\WINDOWS\system32\logonui.exe - ok
16:52:49.0640 0x0d94 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
16:52:49.0640 0x0d94 C:\WINDOWS\system32\duser.dll - ok
16:52:49.0656 0x0d94 [ 832E4DD8964AB7ACC880B2837CB1ED20, 9774411C6B66C3199348A7FDF448971CEBFFC18D45C11354DBC615AA8FEBF6F0 ] C:\WINDOWS\system32\mswsock.dll
16:52:49.0656 0x0d94 C:\WINDOWS\system32\mswsock.dll - ok
16:52:49.0656 0x0d94 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
16:52:49.0656 0x0d94 C:\WINDOWS\system32\hnetcfg.dll - ok
16:52:49.0671 0x0d94 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
16:52:49.0671 0x0d94 C:\WINDOWS\system32\msimg32.dll - ok
16:52:49.0671 0x0d94 [ 5F2DBE3CB563741C8084657BF956CE64, 53BBC2375CCBCF918EF8552FDF56F5572F0DF7DC0D72FF90E090F04314C3A6D4 ] C:\WINDOWS\system32\oleacc.dll
16:52:49.0671 0x0d94 C:\WINDOWS\system32\oleacc.dll - ok
16:52:49.0687 0x0d94 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
16:52:49.0687 0x0d94 C:\WINDOWS\system32\wshtcpip.dll - ok
16:52:49.0687 0x0d94 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
16:52:49.0687 0x0d94 C:\WINDOWS\system32\winrnr.dll - ok
16:52:49.0703 0x0d94 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
16:52:49.0703 0x0d94 C:\WINDOWS\system32\rasadhlp.dll - ok
16:52:49.0718 0x0d94 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
16:52:49.0718 0x0d94 C:\WINDOWS\system32\clbcatq.dll - ok
16:52:49.0718 0x0d94 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
16:52:49.0718 0x0d94 C:\WINDOWS\system32\comres.dll - ok
16:52:49.0734 0x0d94 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] C:\WINDOWS\system32\drivers\ndisuio.sys
16:52:49.0734 0x0d94 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
16:52:49.0734 0x0d94 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
16:52:49.0734 0x0d94 C:\WINDOWS\system32\cscdll.dll - ok
16:52:49.0750 0x0d94 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
16:52:49.0750 0x0d94 C:\WINDOWS\system32\dhcpcsvc.dll - ok
16:52:49.0750 0x0d94 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
16:52:49.0750 0x0d94 C:\WINDOWS\system32\dimsntfy.dll - ok
16:52:49.0765 0x0d94 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
16:52:49.0765 0x0d94 C:\WINDOWS\system32\shgina.dll - ok
16:52:49.0781 0x0d94 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
16:52:49.0781 0x0d94 C:\WINDOWS\system32\wlnotify.dll - ok
16:52:49.0781 0x0d94 [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] C:\WINDOWS\system32\dnsrslvr.dll
16:52:49.0781 0x0d94 C:\WINDOWS\system32\dnsrslvr.dll - ok
16:52:49.0781 0x0d94 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
16:52:49.0781 0x0d94 C:\WINDOWS\system32\winspool.drv - ok
16:52:49.0796 0x0d94 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] C:\WINDOWS\system32\lmhsvc.dll
16:52:49.0796 0x0d94 C:\WINDOWS\system32\lmhsvc.dll - ok
16:52:49.0812 0x0d94 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] C:\WINDOWS\system32\wzcsvc.dll
16:52:49.0812 0x0d94 C:\WINDOWS\system32\wzcsvc.dll - ok
16:52:49.0812 0x0d94 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
16:52:49.0812 0x0d94 C:\WINDOWS\system32\rtutils.dll - ok
16:52:49.0828 0x0d94 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
16:52:49.0828 0x0d94 C:\WINDOWS\system32\wmi.dll - ok
16:52:49.0828 0x0d94 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
16:52:49.0828 0x0d94 C:\WINDOWS\system32\atl.dll - ok
16:52:49.0843 0x0d94 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] C:\WINDOWS\system32\eapolqec.dll
16:52:49.0843 0x0d94 C:\WINDOWS\system32\eapolqec.dll - ok
16:52:49.0843 0x0d94 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] C:\WINDOWS\system32\qutil.dll
16:52:49.0843 0x0d94 C:\WINDOWS\system32\qutil.dll - ok
16:52:49.0859 0x0d94 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
16:52:49.0859 0x0d94 C:\WINDOWS\system32\dot3api.dll - ok
16:52:49.0875 0x0d94 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
16:52:49.0875 0x0d94 C:\WINDOWS\system32\esent.dll - ok
16:52:49.0875 0x0d94 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
16:52:49.0875 0x0d94 C:\WINDOWS\system32\cscui.dll - ok
16:52:49.0890 0x0d94 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
16:52:49.0890 0x0d94 C:\WINDOWS\system32\powrprof.dll - ok
16:52:49.0890 0x0d94 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] C:\WINDOWS\system32\rastls.dll
16:52:49.0890 0x0d94 C:\WINDOWS\system32\rastls.dll - ok
16:52:49.0906 0x0d94 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] C:\WINDOWS\system32\dpcdll.dll
16:52:49.0906 0x0d94 C:\WINDOWS\system32\dpcdll.dll - ok
16:52:49.0906 0x0d94 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
16:52:49.0906 0x0d94 C:\WINDOWS\system32\cryptui.dll - ok
16:52:49.0921 0x0d94 [ 306A2B05EA9846278113964DC6E2C940, E16F303BE39C67172588DA38D8762E8A65C419791A59B9EBDBBAD0AD569AA67F ] C:\WINDOWS\system32\wininet.dll
16:52:49.0921 0x0d94 C:\WINDOWS\system32\wininet.dll - ok
16:52:49.0937 0x0d94 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
16:52:49.0937 0x0d94 C:\WINDOWS\system32\normaliz.dll - ok
16:52:49.0937 0x0d94 [ 30EE694430B9BD030858CCA88AF1875F, 31B407203FE59CB39520BFB6F532C590B3979CCF214FE9AA1BC7D9C679C85859 ] C:\WINDOWS\system32\urlmon.dll
16:52:49.0937 0x0d94 C:\WINDOWS\system32\urlmon.dll - ok
16:52:49.0953 0x0d94 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
16:52:49.0953 0x0d94 C:\WINDOWS\system32\userinit.exe - ok
16:52:49.0953 0x0d94 [ B8A72ABACA96B56FBE83AC2801586E50, EF5072F109D845DCB78CDBA5B6928B64833C1653687B5E6B0C6814B2225A9B67 ] C:\WINDOWS\system32\iertutil.dll
16:52:49.0953 0x0d94 C:\WINDOWS\system32\iertutil.dll - ok
16:52:49.0968 0x0d94 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] C:\WINDOWS\system32\activeds.dll
16:52:49.0968 0x0d94 C:\WINDOWS\system32\activeds.dll - ok
16:52:49.0968 0x0d94 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] C:\WINDOWS\system32\mprapi.dll
16:52:49.0968 0x0d94 C:\WINDOWS\system32\mprapi.dll - ok
16:52:49.0984 0x0d94 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] C:\WINDOWS\system32\adsldpc.dll
16:52:49.0984 0x0d94 C:\WINDOWS\system32\adsldpc.dll - ok
16:52:50.0000 0x0d94 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
16:52:50.0000 0x0d94 C:\WINDOWS\explorer.exe - ok
16:52:50.0000 0x0d94 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
16:52:50.0000 0x0d94 C:\WINDOWS\system32\rasapi32.dll - ok
16:52:50.0015 0x0d94 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
16:52:50.0015 0x0d94 C:\WINDOWS\system32\rasman.dll - ok
16:52:50.0015 0x0d94 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
16:52:50.0015 0x0d94 C:\WINDOWS\system32\tapi32.dll - ok
16:52:50.0031 0x0d94 [ E392E172687BE172F8600C5F41AB03D9, 5E928035FA9DB71FDCEB74D6D4859E43169A0B202A87653A2CE5F88865D13D2E ] C:\WINDOWS\system32\browseui.dll
16:52:50.0031 0x0d94 C:\WINDOWS\system32\browseui.dll - ok
16:52:50.0031 0x0d94 [ 0A1D88669C38B3DCD2E8AD9CC3756361, 37C1548516ACAE0F5987198FA18643A7550F4A518A051DC77D7248E2452CDF97 ] C:\WINDOWS\system32\shdocvw.dll
16:52:50.0031 0x0d94 C:\WINDOWS\system32\shdocvw.dll - ok
16:52:50.0046 0x0d94 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
16:52:50.0046 0x0d94 C:\WINDOWS\system32\riched20.dll - ok
16:52:50.0046 0x0d94 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] C:\WINDOWS\system32\raschap.dll
16:52:50.0046 0x0d94 C:\WINDOWS\system32\raschap.dll - ok
16:52:50.0062 0x0d94 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] C:\WINDOWS\system32\netman.dll
16:52:50.0062 0x0d94 C:\WINDOWS\system32\netman.dll - ok
16:52:50.0078 0x0d94 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
16:52:50.0078 0x0d94 C:\WINDOWS\system32\netshell.dll - ok
16:52:50.0078 0x0d94 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:52:50.0078 0x0d94 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
16:52:50.0093 0x0d94 [ 38FC1D28B0E1EA74F98BB3F743DB101A, 3E719E0053A0EBBD57ABDFEF92DC1F26854966B8411D46A3836E62A103FD052C ] C:\Program Files\AVAST Software\Avast\ashbase.dll
16:52:50.0093 0x0d94 C:\Program Files\AVAST Software\Avast\ashbase.dll - ok
16:52:50.0093 0x0d94 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
16:52:50.0093 0x0d94 C:\WINDOWS\system32\credui.dll - ok
16:52:50.0109 0x0d94 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
16:52:50.0109 0x0d94 C:\WINDOWS\system32\dot3dlg.dll - ok
16:52:50.0109 0x0d94 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
16:52:50.0109 0x0d94 C:\WINDOWS\system32\onex.dll - ok
16:52:50.0125 0x0d94 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
16:52:50.0125 0x0d94 C:\WINDOWS\system32\wsock32.dll - ok
16:52:50.0140 0x0d94 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
16:52:50.0140 0x0d94 C:\WINDOWS\system32\eappcfg.dll - ok
16:52:50.0140 0x0d94 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ]
C:\WINDOWS\system32\eappprxy.dll
16:52:50.0140 0x0d94 C:\WINDOWS\system32\eappprxy.dll - ok
16:52:50.0156 0x0d94 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] C:\WINDOWS\system32\wzcsapi.dll
16:52:50.0156 0x0d94 C:\WINDOWS\system32\wzcsapi.dll - ok
16:52:50.0156 0x0d94 [ 1BA6666ED0C7B576088A36E911199033, AA36977AB3C3E06BDCED4A3E3D3A466F793F9858AFECE06B8B3818A363CF6DE8 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
16:52:50.0156 0x0d94 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
16:52:50.0171 0x0d94 [ B57FD7DD0FAF85F737DC3D483A9D63BB, 6A34D5C7F63BF2B60F77A5BD52EC9704DBB58778F7403429C2D286FCFED3B2A0 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
16:52:50.0171 0x0d94 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
16:52:50.0171 0x0d94 [ 4BA25D2CBE1587A841DCFB8C8C4A6EA6, B30160E759115E24425B9BCDF606EF6EBCE4657487525EDE7F1AC40B90FF7E49 ] C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcr110.dll
16:52:50.0171 0x0d94 C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcr110.dll - ok
16:52:50.0187 0x0d94 [ 3CED666BC61431DCD928E03ED4ABCAEA, C92FC8270B210566D4909032FFCA6D4D7332145120DEF8372C23B491BE128858 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
16:52:50.0187 0x0d94 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
16:52:50.0203 0x0d94 [ 0AA25A2F866FE94747B3EDE7FE9FAA77, D1C71E6CC8DBCD1D8770FEDD0DD281D0042978AE9A61A807CB44AB3A6A8DE8C8 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
16:52:50.0203 0x0d94 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
16:52:50.0203 0x0d94 [ 3E29914113EC4B968BA5EB1F6D194A0A, C8D5572CA8D7624871188F0ACABC3AE60D4C5A4F6782D952B9038DE3BC28B39A ] C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcp110.dll
16:52:50.0203 0x0d94 C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\msvcp110.dll - ok
16:52:50.0218 0x0d94 [ 7486BA75019D8C3A13EBA7867FAABE7D, 084A8973A9F7325241E156BD4D1218F732543C5707098F12273212B4E7A6BFE0 ] C:\Program Files\AVAST Software\Avast\avastIP.dll
16:52:50.0218 0x0d94 C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
16:52:50.0218 0x0d94 [ 8D113C7490621FF50F9BA46C7D8C423E, 2DD3B7BBD1F849C1EE93AA3511D5D3673E5B554E06240A07EC5963BB7D7A33B6 ] C:\Program Files\AVAST Software\Avast\aswcommchannel.dll
16:52:50.0218 0x0d94 C:\Program Files\AVAST Software\Avast\aswcommchannel.dll - ok
16:52:50.0234 0x0d94 [ 9EA93673394601DB13CF5519CF7F5DE7, 65727A233405EA4A8D8E48004B3A3025734B53BCA622503B747DDF8385A31E3C ] C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dll
16:52:50.0234 0x0d94 C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dll - ok
16:52:50.0250 0x0d94 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
16:52:50.0250 0x0d94 C:\WINDOWS\system32\msi.dll - ok
16:52:50.0250 0x0d94 [ 8C77ECF3C7DCBB926312B7ECED6ECA75, 38FD523438129F11C0CF3441620BACE713D84A8C111231EFB077FFBC5CE2E810 ] C:\WINDOWS\system32\winhttp.dll
16:52:50.0250 0x0d94 C:\WINDOWS\system32\winhttp.dll - ok
16:52:50.0265 0x0d94 [ 77F8C2F976899F7656C5E34D145B13F2, C1D95B0BBE111420CE7A163E8AB90DA107BC5ADC44212EEF4CFE9D4722CC6FBC ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
16:52:50.0265 0x0d94 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
16:52:50.0281 0x0d94 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
16:52:50.0281 0x0d94 C:\WINDOWS\system32\desk.cpl - ok
16:52:50.0281 0x0d94 [ E7FFA9306A4C10B22CA1F48B1BB72E05, 60A955ED7FEEC418C54FAF2E0C0F54216BC295074FA899114BCFF566D1D76C80 ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
16:52:50.0281 0x0d94 C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
16:52:50.0296 0x0d94 [ A314EEA2A503A8E04085201E436384A5, F377590227E3BFC356996524AE2FF99B3ECEFFBC163F6AD9503B8AAD24AECDB3 ] C:\WINDOWS\system32\themeui.dll
16:52:50.0296 0x0d94 C:\WINDOWS\system32\themeui.dll - ok
16:52:50.0296 0x0d94 [ 5C5E3AFD499E5146FEF1DA5EF8A23205, 9A26FFAFFB26FA6549C6DA75F76238A903CA723F9DAD356FBA8D91067FE312FD ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
16:52:50.0296 0x0d94 C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
16:52:50.0312 0x0d94 [ 10505F2B5A89B60971192505824A5EF3, D05CED486A0AEF2D36336AC0CC50F95D756DDD3A4BE741F88AEC8D43606186F4 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
16:52:50.0312 0x0d94 C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
16:52:50.0328 0x0d94 [ 5B4FB12CAD6DAF3761A6E20E86402770, 8D4964774DD3D43AD9B50CD6F2E47C980AD2AE53E635F0D067F805EC2E1D520D ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
16:52:50.0328 0x0d94 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
16:52:50.0328 0x0d94 [ 62CC8C657AFFEA3D06FE2CA98883B5D8, BC7595D626C9D3F0769F90DC3DFF208FB807D8A20230B28EB3B9376D0D38952D ] C:\Program Files\AVAST Software\Avast\libeay32.dll
16:52:50.0328 0x0d94 C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
16:52:50.0343 0x0d94 [ 2D44EBD52EC34E25DDA0EEE07032C418, FC2FFEF053CDAED588675E69A49AAA4202B2911C4462183AD70A8976C194FD05 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
16:52:50.0343 0x0d94 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
16:52:50.0343 0x0d94 [ BE37D90FA0349B08B036BD33E85141C9, D3BD67325C322CCE81B5C5130E46BCBACE516637F74E13EE6244190815DD4C0B ] C:\Program Files\AVAST Software\Avast\ashServ.dll
16:52:50.0343 0x0d94 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
16:52:50.0359 0x0d94 [ 29FE98D9412388243E41869143D1805B, 71CB5EE45086BF76597295C1677F9C84212ABBD1BA4BB37375A64EBB89FBEC46 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
16:52:50.0359 0x0d94 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
16:52:50.0359 0x0d94 [ E4B7E7985CB75DE4E48E96D35A0DBF97, 07A2A8D51945B9C461738EC897269CE8746AC2980F7206FBA266D86BA4AB4E67 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
16:52:50.0359 0x0d94 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
16:52:50.0375 0x0d94 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
16:52:50.0375 0x0d94 C:\WINDOWS\system32\mlang.dll - ok
16:52:50.0390 0x0d94 [ 3211E20DA6C5EBE28CF7E4C3A55278E4, 304B5D66836B7797E6544A9996D635835A0CCBF061EB8C5537798A3B2D4C1CFF ] C:\Program Files\AVAST Software\Avast\aswAux.dll
16:52:50.0390 0x0d94 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
16:52:50.0390 0x0d94 [ 566382CA5F2C41FEAEEEFAC908F1EB92, FF25ACB5CC757F6D7FE8724EDAC16A36332406AF39745C45858AB24CAF24AC48 ] C:\WINDOWS\system32\xmlprovi.dll
16:52:50.0390 0x0d94 C:\WINDOWS\system32\xmlprovi.dll - ok
16:52:50.0406 0x0d94 [ 39D931C0CE95706E3951F0A097039301, AAB029921F0702A504FDF59A8FDEE2E83390759177569368008DCA15658B78E0 ] C:\Program Files\AVAST Software\Avast\aavm4h.dll
16:52:50.0406 0x0d94 C:\Program Files\AVAST Software\Avast\aavm4h.dll - ok
16:52:50.0406 0x0d94 [ 44574EAFCDDA003A22E4DF3EA73840AF, DF7E7CEF8FB7A20C7BCDF3DBF841535EB596E1D015A6972CCD186A117E1BB033 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
16:52:50.0406 0x0d94 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
16:52:50.0421 0x0d94 [ C30BEB2365677974EFA19B791E1AAD85, 17FCE54869DF45EDDA9989A9C0FBA4C94AF6F579EF78E6548E05ED20F8C0E849 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
16:52:50.0421 0x0d94 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
16:52:50.0421 0x0d94 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] C:\WINDOWS\system32\cmd.exe
16:52:50.0421 0x0d94 C:\WINDOWS\system32\cmd.exe - ok
16:52:50.0437 0x0d94 [ 2EF237A6B7232F45A7DF000C54974BF1, D5344F07BE9B0268897FB15A3FC66BE27333E9AA960920ABE0496339B260FF94 ] C:\WINDOWS\system32\ieframe.dll
16:52:50.0437 0x0d94 C:\WINDOWS\system32\ieframe.dll - ok
16:52:50.0453 0x0d94 [ 95884E0E8EAE21F7DF7A8916A7E058CF, D9A76E7685408ADBBA755FB3DC39948799CEB330A8C774262733F09C27972F8B ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
16:52:50.0453 0x0d94 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
16:52:50.0453 0x0d94 [ 5A9BD26D965F1E4DAC668C8F0C738FB7, 5359C2C8989C25195B3BE5B9F2FE5107F4860220AC16626F64AF2CCC606BC7CB ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
16:52:50.0453 0x0d94 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
16:52:50.0468 0x0d94 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] C:\WINDOWS\system32\spoolsv.exe
16:52:50.0468 0x0d94 C:\WINDOWS\system32\spoolsv.exe - ok
16:52:50.0468 0x0d94 [ 695B8C85231A4E8503B7DAB8D6A2E239, 6BC638027A7130245FB40874FB6FF486ABA2E4F96E1019A7BE272B931047FCF2 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswEngin.dll
16:52:50.0468 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswEngin.dll - ok
16:52:50.0484 0x0d94 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] C:\WINDOWS\system32\audiosrv.dll
16:52:50.0484 0x0d94 C:\WINDOWS\system32\audiosrv.dll - ok
16:52:50.0484 0x0d94 [ F5E6783580DE7936E13A00D14EE3C8BD, 85B6310BE1C0E22A9B872925D473E5F41E639EB665033D70A4A0D511E7306BEF ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnIS.dll
16:52:50.0500 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnIS.dll - ok
16:52:50.0500 0x0d94 [ E6C933F822C174A0B3CD97792E2EF60C, 638169F1B1A783E7D024039C3794BB321227A72E161072496C944D329B6647C0 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnOS.dll
16:52:50.0500 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnOS.dll - ok
16:52:50.0515 0x0d94 [ 5DED20A7A730412550D68F82FB527858, 1EABCB5DF162B915C5EF527AB5EE66C1D8C29176131B148AFB1771ED4B2A01E1 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnBS.dll
16:52:50.0515 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCmnBS.dll - ok
16:52:50.0515 0x0d94 [ 941D817B210C8737865E5970EF5A813B, C056FDC0890E96F5D596DD197C1B710CEFF915551C3A746C6CF5C3D6F43F3537 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswScan.dll
16:52:50.0515 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswScan.dll - ok
16:52:50.0531 0x0d94 [ D92A9BAC7A3B8477BB80D3A55D0FCF90, 6DE8B61A3C6AEA4E4A6615BE6FFE2398C4E30F2ADC2E9FB3C06E3EFB94CEFBC3 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswRep.dll
16:52:50.0531 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswRep.dll - ok
16:52:50.0531 0x0d94 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] C:\WINDOWS\system32\wkssvc.dll
16:52:50.0531 0x0d94 C:\WINDOWS\system32\wkssvc.dll - ok
16:52:50.0546 0x0d94 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] C:\WINDOWS\system32\drivers\mrxdav.sys
16:52:50.0546 0x0d94 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
16:52:50.0546 0x0d94 [ 5E32E7C5542D95E04E8ABE8B3F676D11, E1B5958ABE040C581A3B580F26372C7AC58A610877BB0C1D33A03D7C754AF172 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswFiDb.dll
16:52:50.0546 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswFiDb.dll - ok
16:52:50.0562 0x0d94 [ FA7A909CCDBFE5C1C5FF0F0CD80AE5CE, FF7AA268F53B7DDBF556715E29F20CC7A8D9EAA865DFD8893AA4CC84C821DA39 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswCleanerDLL.dll
16:52:50.0562 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswCleanerDLL.dll - ok
16:52:50.0578 0x0d94 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] C:\WINDOWS\system32\webclnt.dll
16:52:50.0578 0x0d94 C:\WINDOWS\system32\webclnt.dll - ok
16:52:50.0578 0x0d94 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] C:\WINDOWS\system32\wdmaud.drv
16:52:50.0578 0x0d94 C:\WINDOWS\system32\wdmaud.drv - ok
16:52:50.0593 0x0d94 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] C:\WINDOWS\system32\drivers\wdmaud.sys
16:52:50.0593 0x0d94 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
16:52:50.0593 0x0d94 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] C:\WINDOWS\system32\drivers\sysaudio.sys
16:52:50.0593 0x0d94 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
16:52:50.0609 0x0d94 [ 8BC5BAC18EF953B91DF19519630DCEAF, CA458793AF0B5630FEC7AF392917DE7816212AF625268DEDE49F531EC5AC01B1 ] C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
16:52:50.0609 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll - ok
16:52:50.0609 0x0d94 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] C:\WINDOWS\system32\drivers\serial.sys
16:52:50.0609 0x0d94 C:\WINDOWS\system32\drivers\serial.sys - ok
16:52:50.0625 0x0d94 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] C:\Program Files\SUPERAntiSpyware\SASCore.exe
16:52:50.0625 0x0d94 C:\Program Files\SUPERAntiSpyware\SASCore.exe - ok
16:52:50.0640 0x0d94 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] C:\WINDOWS\system32\drivers\splitter.sys
16:52:50.0640 0x0d94 C:\WINDOWS\system32\drivers\splitter.sys - ok
16:52:50.0640 0x0d94 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] C:\WINDOWS\system32\drivers\aec.sys
16:52:50.0640 0x0d94 C:\WINDOWS\system32\drivers\aec.sys - ok
16:52:50.0656 0x0d94 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] C:\WINDOWS\system32\drivers\swmidi.sys
16:52:50.0656 0x0d94 C:\WINDOWS\system32\drivers\swmidi.sys - ok
16:52:50.0656 0x0d94 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] C:\WINDOWS\system32\drivers\DMusic.sys
16:52:50.0656 0x0d94 C:\WINDOWS\system32\drivers\DMusic.sys - ok
16:52:50.0671 0x0d94 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] C:\WINDOWS\system32\drivers\kmixer.sys
16:52:50.0671 0x0d94 C:\WINDOWS\system32\drivers\kmixer.sys - ok
16:52:50.0687 0x0d94 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] C:\WINDOWS\system32\drivers\aswHwid.sys
16:52:50.0687 0x0d94 C:\WINDOWS\system32\drivers\aswHwid.sys - ok
16:52:50.0703 0x0d94 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] C:\WINDOWS\system32\drivers\drmkaud.sys
16:52:50.0703 0x0d94 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
16:52:50.0703 0x0d94 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
16:52:50.0703 0x0d94 C:\WINDOWS\system32\cryptsvc.dll - ok
16:52:50.0718 0x0d94 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
16:52:50.0718 0x0d94 C:\WINDOWS\system32\certcli.dll - ok
16:52:50.0718 0x0d94 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] C:\WINDOWS\system32\ipsecsvc.dll
16:52:50.0718 0x0d94 C:\WINDOWS\system32\ipsecsvc.dll - ok
16:52:50.0734 0x0d94 [ C5FF8682EADA5B3B27A865F1C3EF9270, 7D316AA7CFD6416C172F7A6A55476110F507BD3017DB37EC1624AFB11B3F3C3E ] C:\WINDOWS\system32\oakley.dll
16:52:50.0734 0x0d94 C:\WINDOWS\system32\oakley.dll - ok
16:52:50.0734 0x0d94 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
16:52:50.0734 0x0d94 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
16:52:50.0750 0x0d94 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ]
MWB Killer
Fourth part of TDSS
C:\WINDOWS\system32\pstorsvc.dll
16:52:50.0750 0x0d94 C:\WINDOWS\system32\pstorsvc.dll - ok
16:52:50.0765 0x0d94 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] C:\WINDOWS\system32\winipsec.dll
16:52:50.0765 0x0d94 C:\WINDOWS\system32\winipsec.dll - ok
16:52:50.0765 0x0d94 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] C:\WINDOWS\system32\psbase.dll
16:52:50.0765 0x0d94 C:\WINDOWS\system32\psbase.dll - ok
16:52:50.0781 0x0d94 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] C:\WINDOWS\system32\srvsvc.dll
16:52:50.0781 0x0d94 C:\WINDOWS\system32\srvsvc.dll - ok
16:52:50.0781 0x0d94 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] C:\WINDOWS\system32\hidserv.dll
16:52:50.0781 0x0d94 C:\WINDOWS\system32\hidserv.dll - ok
16:52:50.0796 0x0d94 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] C:\WINDOWS\system32\hid.dll
16:52:50.0796 0x0d94 C:\WINDOWS\system32\hid.dll - ok
16:52:50.0796 0x0d94 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
16:52:50.0796 0x0d94 C:\WINDOWS\system32\netmsg.dll - ok
16:52:50.0812 0x0d94 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] C:\WINDOWS\system32\msacm32.drv
16:52:50.0812 0x0d94 C:\WINDOWS\system32\msacm32.drv - ok
16:52:50.0812 0x0d94 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] C:\WINDOWS\system32\dssenh.dll
16:52:50.0812 0x0d94 C:\WINDOWS\system32\dssenh.dll - ok
16:52:50.0828 0x0d94 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] C:\WINDOWS\system32\midimap.dll
16:52:50.0828 0x0d94 C:\WINDOWS\system32\midimap.dll - ok
16:52:50.0828 0x0d94 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] C:\WINDOWS\system32\ersvc.dll
16:52:50.0828 0x0d94 C:\WINDOWS\system32\ersvc.dll - ok
16:52:50.0843 0x0d94 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
16:52:50.0843 0x0d94 C:\WINDOWS\system32\es.dll - ok
16:52:50.0859 0x0d94 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] C:\WINDOWS\system32\wiaservc.dll
16:52:50.0859 0x0d94 C:\WINDOWS\system32\wiaservc.dll - ok
16:52:50.0859 0x0d94 [ 0F6AEFAD3641A657E18081F52D0C15AF, 00513F28BB5D85BCC3B124BD157EAE32C6010541B6A7B69572993BCEC8E720DA ] C:\WINDOWS\system32\drivers\srv.sys
16:52:50.0859 0x0d94 C:\WINDOWS\system32\drivers\srv.sys - ok
16:52:50.0875 0x0d94 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] C:\WINDOWS\system32\seclogon.dll
16:52:50.0875 0x0d94 C:\WINDOWS\system32\seclogon.dll - ok
16:52:50.0875 0x0d94 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] C:\WINDOWS\system32\cfgmgr32.dll
16:52:50.0875 0x0d94 C:\WINDOWS\system32\cfgmgr32.dll - ok
16:52:50.0890 0x0d94 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
16:52:50.0890 0x0d94 C:\WINDOWS\system32\srsvc.dll - ok
16:52:50.0890 0x0d94 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1, 502B9D43EB6305508E8CDF034528C3F1DDF4525727C1B7663EA835BE2307FF20 ] C:\WINDOWS\system32\mscms.dll
16:52:50.0890 0x0d94 C:\WINDOWS\system32\mscms.dll - ok
16:52:50.0906 0x0d94 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
16:52:50.0906 0x0d94 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
16:52:50.0921 0x0d94 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
16:52:50.0921 0x0d94 C:\WINDOWS\system32\vssapi.dll - ok
16:52:50.0921 0x0d94 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] C:\WINDOWS\system32\wuauserv.dll
16:52:50.0921 0x0d94 C:\WINDOWS\system32\wuauserv.dll - ok
16:52:50.0937 0x0d94 [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] C:\WINDOWS\system32\wuaueng.dll
16:52:50.0937 0x0d94 C:\WINDOWS\system32\wuaueng.dll - ok
16:52:50.0937 0x0d94 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] C:\WINDOWS\system32\cabinet.dll
16:52:50.0937 0x0d94 C:\WINDOWS\system32\cabinet.dll - ok
16:52:50.0953 0x0d94 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] C:\WINDOWS\system32\mspatcha.dll
16:52:50.0953 0x0d94 C:\WINDOWS\system32\mspatcha.dll - ok
16:52:50.0953 0x0d94 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
16:52:50.0953 0x0d94 C:\WINDOWS\system32\actxprxy.dll - ok
16:52:50.0968 0x0d94 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] C:\WINDOWS\system32\sens.dll
16:52:50.0968 0x0d94 C:\WINDOWS\system32\sens.dll - ok
16:52:50.0984 0x0d94 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] C:\WINDOWS\system32\wscsvc.dll
16:52:50.0984 0x0d94 C:\WINDOWS\system32\wscsvc.dll - ok
16:52:50.0984 0x0d94 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] C:\WINDOWS\system32\ipnathlp.dll
16:52:50.0984 0x0d94 C:\WINDOWS\system32\ipnathlp.dll - ok
16:52:51.0000 0x0d94 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
16:52:51.0000 0x0d94 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
16:52:51.0000 0x0d94 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
16:52:51.0000 0x0d94 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
16:52:51.0015 0x0d94 [ D40E7B5FBB8E0EAA7C5C294389AF95AB, 8EFD521DF1F335AF416DEC15D5C0C6538903803AA1A8ED93AA704B384A29876B ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{8E8A4C6B-A201-4452-B3EB-652521646FEB}.exe
16:52:51.0015 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{8E8A4C6B-A201-4452-B3EB-652521646FEB}.exe - ok
16:52:51.0015 0x0d94 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
16:52:51.0015 0x0d94 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
16:52:51.0031 0x0d94 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
16:52:51.0031 0x0d94 C:\WINDOWS\system32\wbem\esscli.dll - ok
16:52:51.0031 0x0d94 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
16:52:51.0031 0x0d94 C:\WINDOWS\system32\wbem\fastprox.dll - ok
16:52:51.0046 0x0d94 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] C:\WINDOWS\system32\comsvcs.dll
16:52:51.0046 0x0d94 C:\WINDOWS\system32\comsvcs.dll - ok
16:52:51.0046 0x0d94 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] C:\WINDOWS\system32\colbact.dll
16:52:51.0062 0x0d94 C:\WINDOWS\system32\colbact.dll - ok
16:52:51.0062 0x0d94 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] C:\WINDOWS\system32\mtxclu.dll
16:52:51.0062 0x0d94 C:\WINDOWS\system32\mtxclu.dll - ok
16:52:51.0078 0x0d94 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] C:\WINDOWS\system32\clusapi.dll
16:52:51.0078 0x0d94 C:\WINDOWS\system32\clusapi.dll - ok
16:52:51.0078 0x0d94 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] C:\WINDOWS\system32\resutils.dll
16:52:51.0078 0x0d94 C:\WINDOWS\system32\resutils.dll - ok
16:52:51.0093 0x0d94 [ 1D326842006C4BE77ECD848CF89F01AB, D79EBBA1184DDF1C0BE3781AB8490FAF3BACA26D2A062A4C9A6DEBC348F9B827 ] C:\WINDOWS\system32\wups.dll
16:52:51.0093 0x0d94 C:\WINDOWS\system32\wups.dll - ok
16:52:51.0093 0x0d94 [ 5BD1234E11B39C63BBA87022AF6D43C2, 4306B6F88BB42CDACB6BF691B94DD4E621EE856D4A5D3A95499BCC951686D626 ] C:\WINDOWS\system32\wups2.dll
16:52:51.0093 0x0d94 C:\WINDOWS\system32\wups2.dll - ok
16:52:51.0109 0x0d94 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
16:52:51.0109 0x0d94 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
16:52:51.0125 0x0d94 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
16:52:51.0125 0x0d94 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
16:52:51.0125 0x0d94 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
16:52:51.0125 0x0d94 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
16:52:51.0140 0x0d94 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
16:52:51.0140 0x0d94 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
16:52:51.0140 0x0d94 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
16:52:51.0140 0x0d94 C:\WINDOWS\system32\wbem\wbemess.dll - ok
16:52:51.0156 0x0d94 [ 62BB79160F86CD962F312C68C6239BFD, 2FA2506B5C8B4469D2B36C803CCEAC15E831C3F8A4AF065ACA72DA8F385F24C0 ] C:\WINDOWS\system32\wuauclt.exe
16:52:51.0156 0x0d94 C:\WINDOWS\system32\wuauclt.exe - ok
16:52:51.0156 0x0d94 [ 009758CC06B7F55B4A4D16A66E243C24, B3993D09584736B0FA80839450B1A4F46C6C8FE393CE25ECB0B51EE9545B5E55 ] C:\WINDOWS\system32\wuapi.dll
16:52:51.0156 0x0d94 C:\WINDOWS\system32\wuapi.dll - ok
16:52:51.0171 0x0d94 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
16:52:51.0171 0x0d94 C:\WINDOWS\system32\wbem\ncprov.dll - ok
16:52:51.0187 0x0d94 [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] C:\WINDOWS\system32\upnp.dll
16:52:51.0187 0x0d94 C:\WINDOWS\system32\upnp.dll - ok
16:52:51.0187 0x0d94 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\avastui.exe
16:52:51.0187 0x0d94 C:\Program Files\AVAST Software\Avast\avastui.exe - ok
16:52:51.0203 0x0d94 [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] C:\WINDOWS\system32\ssdpapi.dll
16:52:51.0203 0x0d94 C:\WINDOWS\system32\ssdpapi.dll - ok
16:52:51.0203 0x0d94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:52:51.0203 0x0d94 C:\WINDOWS\system32\ctfmon.exe - ok
16:52:51.0218 0x0d94 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] C:\WINDOWS\system32\MSCTF.dll
16:52:51.0218 0x0d94 C:\WINDOWS\system32\MSCTF.dll - ok
16:52:51.0234 0x0d94 [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] C:\Program Files\CCleaner\CCleaner.exe
16:52:51.0234 0x0d94 C:\Program Files\CCleaner\CCleaner.exe - ok
16:52:51.0234 0x0d94 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] C:\WINDOWS\system32\netcfgx.dll
16:52:51.0234 0x0d94 C:\WINDOWS\system32\netcfgx.dll - ok
16:52:51.0250 0x0d94 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] C:\WINDOWS\system32\msutb.dll
16:52:51.0250 0x0d94 C:\WINDOWS\system32\msutb.dll - ok
16:52:51.0250 0x0d94 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] C:\WINDOWS\system32\rasmans.dll
16:52:51.0250 0x0d94 C:\WINDOWS\system32\rasmans.dll - ok
16:52:51.0265 0x0d94 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] C:\WINDOWS\ime\SPTIP.dll
16:52:51.0265 0x0d94 C:\WINDOWS\ime\SPTIP.dll - ok
16:52:51.0281 0x0d94 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] C:\WINDOWS\system32\spoolss.dll
16:52:51.0281 0x0d94 C:\WINDOWS\system32\spoolss.dll - ok
16:52:51.0281 0x0d94 [ 0E3DBAB333B4DAB6E423B21DF63EE963, 9796607B93972F57D800C1751B8692357D9CC85AE92F00E32E92AFD197CCD5D9 ] C:\Program Files\AVAST Software\Avast\libcef.dll
16:52:51.0281 0x0d94 C:\Program Files\AVAST Software\Avast\libcef.dll - ok
16:52:51.0281 0x0d94 [ 4721AB485E0C29CD1617A5F296B9CC47, 4137C542351577584E2EB5A3F1B089751D549B88D59670C6E5F5141CC2D2B4F5 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
16:52:51.0296 0x0d94 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - ok
16:52:51.0296 0x0d94 [ AA897735D5AB916297A6823A9B2D61B1, 552C3FD67E4FA037E6408D23BAC02331A0B0EBE64F681C3564498E943986407D ] C:\WINDOWS\system32\localspl.dll
16:52:51.0296 0x0d94 C:\WINDOWS\system32\localspl.dll - ok
16:52:51.0312 0x0d94 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] C:\WINDOWS\system32\cnbjmon.dll
16:52:51.0312 0x0d94 C:\WINDOWS\system32\cnbjmon.dll - ok
16:52:51.0312 0x0d94 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] C:\WINDOWS\system32\pjlmon.dll
16:52:51.0312 0x0d94 C:\WINDOWS\system32\pjlmon.dll - ok
16:52:51.0328 0x0d94 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] C:\WINDOWS\system32\tcpmon.dll
16:52:51.0328 0x0d94 C:\WINDOWS\system32\tcpmon.dll - ok
16:52:51.0328 0x0d94 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] C:\WINDOWS\system32\usbmon.dll
16:52:51.0328 0x0d94 C:\WINDOWS\system32\usbmon.dll - ok
16:52:51.0343 0x0d94 [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] C:\WINDOWS\system32\webcheck.dll
16:52:51.0343 0x0d94 C:\WINDOWS\system32\webcheck.dll - ok
16:52:51.0359 0x0d94 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
16:52:51.0359 0x0d94 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
16:52:51.0359 0x0d94 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] C:\WINDOWS\system32\stobject.dll
16:52:51.0359 0x0d94 C:\WINDOWS\system32\stobject.dll - ok
16:52:51.0375 0x0d94 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] C:\WINDOWS\system32\batmeter.dll
16:52:51.0375 0x0d94 C:\WINDOWS\system32\batmeter.dll - ok
16:52:51.0375 0x0d94 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C, 7123FC923BA4C3DD3EDFE9F8936442C4CCE7757D370AB799B0B5668223B965EE ] C:\WINDOWS\system32\win32spl.dll
16:52:51.0375 0x0d94 C:\WINDOWS\system32\win32spl.dll - ok
16:52:51.0390 0x0d94 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
16:52:51.0390 0x0d94 C:\WINDOWS\system32\netrap.dll - ok
16:52:51.0390 0x0d94 [ 045E228F71C31901084B64BE59093499, BA463D9EC2C2D266A34DBAC542CFA0403BFB03DDF3037FBD043BB691A8E493FA ] C:\WINDOWS\system32\WPDShServiceObj.dll
16:52:51.0390 0x0d94 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
16:52:51.0406 0x0d94 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] C:\WINDOWS\system32\inetpp.dll
16:52:51.0406 0x0d94 C:\WINDOWS\system32\inetpp.dll - ok
16:52:51.0421 0x0d94 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
16:52:51.0421 0x0d94 C:\WINDOWS\system32\sensapi.dll - ok
16:52:51.0421 0x0d94 [ 538A270F35A713C360B7ED4168BB7521, 47D8784C811FCADD1E78A907AF56D3D0FA5ABE9AC7DA7CB41AF60D304CAA06BA ] C:\WINDOWS\system32\mydocs.dll
16:52:51.0421 0x0d94 C:\WINDOWS\system32\mydocs.dll - ok
16:52:51.0437 0x0d94 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] C:\WINDOWS\system32\drivers\http.sys
16:52:51.0437 0x0d94 C:\WINDOWS\system32\drivers\http.sys - ok
16:52:51.0437 0x0d94 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] C:\WINDOWS\system32\ssdpsrv.dll
16:52:51.0437 0x0d94 C:\WINDOWS\system32\ssdpsrv.dll - ok
16:52:51.0453 0x0d94 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
16:52:51.0453 0x0d94 C:\WINDOWS\system32\ntshrui.dll - ok
16:52:51.0453 0x0d94 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] C:\WINDOWS\system32\tapisrv.dll
16:52:51.0453 0x0d94 C:\WINDOWS\system32\tapisrv.dll - ok
16:52:51.0468 0x0d94 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
16:52:51.0468 0x0d94 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
16:52:51.0484 0x0d94 [ 9E03DC5AB51CFD0190541CE2038D819D, 55DA924168C44F33FEA38E84DF66ED285C7F2C226E6D70CAAA3A305D6014173C ] C:\WINDOWS\system32\usp10.dll
16:52:51.0484 0x0d94 C:\WINDOWS\system32\usp10.dll - ok
16:52:51.0484 0x0d94 [ B6E6F3F5B63053D5DC1F4EE32992492F, 089F9C92B677A138BABA4817624E8CA49B7E507B7D6FA0B1A3B4302B354B5C7E ] C:\WINDOWS\system32\dbghelp.dll
16:52:51.0484 0x0d94 C:\WINDOWS\system32\dbghelp.dll - ok
16:52:51.0500 0x0d94 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] C:\WINDOWS\system32\alg.exe
16:52:51.0500 0x0d94 C:\WINDOWS\system32\alg.exe - ok
16:52:51.0500 0x0d94 [ 22358578CB321F3325496A3723029409, 44535E0EFC20714CEF8FFAE51294CFC6AC53F12E464E048ECD92CDC2CA54A312 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
16:52:51.0500 0x0d94 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
16:52:51.0515 0x0d94 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] C:\WINDOWS\system32\rastapi.dll
16:52:51.0515 0x0d94 C:\WINDOWS\system32\rastapi.dll - ok
16:52:51.0515 0x0d94 [ 9D45B2201D0ECF9F42136C7B99DEB8B2, 0251BE4C23EAACE2A9725243936C5E5AC4C0BCEE10EDE85017D91936FEE8CB31 ] C:\WINDOWS\system32\PortableDeviceApi.dll
16:52:51.0531 0x0d94 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
16:52:51.0531 0x0d94 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] C:\WINDOWS\system32\unimdm.tsp
16:52:51.0531 0x0d94 C:\WINDOWS\system32\unimdm.tsp - ok
16:52:51.0546 0x0d94 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DEBB54AE-6836-45A3-B127-31F2244AE045}.tmp
16:52:51.0546 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DEBB54AE-6836-45A3-B127-31F2244AE045}.tmp - ok
16:52:51.0546 0x0d94 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] C:\WINDOWS\system32\uniplat.dll
16:52:51.0546 0x0d94 C:\WINDOWS\system32\uniplat.dll - ok
16:52:51.0562 0x0d94 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{77684610-FF4C-4FE4-924C-1A69462DFFD3}.tmp
16:52:51.0562 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{77684610-FF4C-4FE4-924C-1A69462DFFD3}.tmp - ok
16:52:51.0562 0x0d94 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{43B539E3-8169-478C-AB9A-4DBC1DBC4390}.tmp
16:52:51.0562 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{43B539E3-8169-478C-AB9A-4DBC1DBC4390}.tmp - ok
16:52:51.0578 0x0d94 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] C:\WINDOWS\system32\kmddsp.tsp
16:52:51.0578 0x0d94 C:\WINDOWS\system32\kmddsp.tsp - ok
16:52:51.0593 0x0d94 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] C:\WINDOWS\system32\ndptsp.tsp
16:52:51.0593 0x0d94 C:\WINDOWS\system32\ndptsp.tsp - ok
16:52:51.0593 0x0d94 [ B60FF0CC532B9D3E28610F614CDEDB64, C3FCDB73C3F4C3FD823D803CB8AE829458EBD8FAA84FC8BB3739BC4DFAF15C0F ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
16:52:51.0593 0x0d94 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
16:52:51.0609 0x0d94 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DF882D72-45BD-4683-9E34-AE9C61A00204}.tmp
16:52:51.0609 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DF882D72-45BD-4683-9E34-AE9C61A00204}.tmp - ok
16:52:51.0609 0x0d94 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] C:\WINDOWS\system32\ipconf.tsp
16:52:51.0609 0x0d94 C:\WINDOWS\system32\ipconf.tsp - ok
16:52:51.0625 0x0d94 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] C:\WINDOWS\system32\h323.tsp
16:52:51.0625 0x0d94 C:\WINDOWS\system32\h323.tsp - ok
16:52:51.0625 0x0d94 [ B8DE851298E99A005BFD34AA906B3FE8, 33F631C0B561199B5FEB9020FAA99E50EFA9F421D7484FFA640C5561494726DA ] C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\mfc110u.dll
16:52:51.0625 0x0d94 C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\mfc110u.dll - ok
16:52:51.0640 0x0d94 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] C:\WINDOWS\system32\hidphone.tsp
16:52:51.0640 0x0d94 C:\WINDOWS\system32\hidphone.tsp - ok
16:52:51.0656 0x0d94 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] C:\WINDOWS\system32\rasppp.dll
16:52:51.0656 0x0d94 C:\WINDOWS\system32\rasppp.dll - ok
16:52:51.0656 0x0d94 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{427912F4-50E4-44B7-9AB1-99B9116150A4}.tmp
16:52:51.0656 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{427912F4-50E4-44B7-9AB1-99B9116150A4}.tmp - ok
16:52:51.0671 0x0d94 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] C:\WINDOWS\system32\ntlsapi.dll
16:52:51.0671 0x0d94 C:\WINDOWS\system32\ntlsapi.dll - ok
16:52:51.0671 0x0d94 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] C:\WINDOWS\system32\rasqec.dll
16:52:51.0671 0x0d94 C:\WINDOWS\system32\rasqec.dll - ok
16:52:51.0687 0x0d94 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{A803C67D-1766-436D-A371-241162672522}.tmp
16:52:51.0687 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{A803C67D-1766-436D-A371-241162672522}.tmp - ok
16:52:51.0703 0x0d94 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] C:\WINDOWS\system32\rasdlg.dll
16:52:51.0703 0x0d94 C:\WINDOWS\system32\rasdlg.dll - ok
16:52:51.0718 0x0d94 [ C7000F2DB2A5515C64C257478769A481, F35E73827FB597A453E99246D79094AD0A1F83AF491277F6170C7D7603D3B72C ] C:\WINDOWS\system32\wbem\unsecapp.exe
16:52:51.0718 0x0d94 C:\WINDOWS\system32\wbem\unsecapp.exe - ok
16:52:51.0718 0x0d94 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{4D04207E-C436-4041-B6C6-7042FDD9DB7B}.tmp
16:52:51.0718 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{4D04207E-C436-4041-B6C6-7042FDD9DB7B}.tmp - ok
16:52:51.0734 0x0d94 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{0967DABE-3ED3-4E6F-88AE-427E39837569}.tmp
16:52:51.0734 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{0967DABE-3ED3-4E6F-88AE-427E39837569}.tmp - ok
16:52:51.0734 0x0d94 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
16:52:51.0734 0x0d94 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
16:52:51.0750 0x0d94 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{957FC589-D66D-4264-97AC-489C43BD785C}.tmp
16:52:51.0750 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{957FC589-D66D-4264-97AC-489C43BD785C}.tmp - ok
16:52:51.0750 0x0d94 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
16:52:51.0750 0x0d94 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
16:52:51.0765 0x0d94 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{EE29B217-29C1-4BB1-9C3A-24E44D1F79D7}.tmp
16:52:51.0765 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{EE29B217-29C1-4BB1-9C3A-24E44D1F79D7}.tmp - ok
16:52:51.0781 0x0d94 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
16:52:51.0781 0x0d94 C:\WINDOWS\system32\wbem\framedyn.dll - ok
16:52:51.0781 0x0d94 [ A9FF57EC69F8C593AA3712B3C8F02002, 880E429951D21FE28E2A644B40C267CDF590321EE5EEAC3B3EB56547746BF65F ] C:\Program Files\AVAST Software\Avast\HTMLayout.dll
16:52:51.0781 0x0d94 C:\Program Files\AVAST Software\Avast\HTMLayout.dll - ok
16:52:51.0796 0x0d94 [ 5D43C9A33F18C707BA169AFDA88BDF30, 6796891360B4731B4F165300BD9FAC9A2A4C54E8CFF86DEC8036D3765AE4D9A3 ] C:\WINDOWS\system32\fltlib.dll
16:52:51.0796 0x0d94 C:\WINDOWS\system32\fltlib.dll - ok
16:52:51.0796 0x0d94 [ E693A3AC10F2FC6AA0DB865A04108022, D1286A49D82796831FE985E90CE35DCAB8A1DBCFFEF460CC9E5676730C693892 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
16:52:51.0796 0x0d94 C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
16:52:51.0812 0x0d94 [ 33EDF6CCC9DEB9E6EFD8D7FC423D6123, 272C775A6026CDD6A1E4FE7E6712E5BD39240C34929074AE0817FD9CD428A33E ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
16:52:51.0812 0x0d94 C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
16:52:51.0812 0x0d94 [ 0ACFC95EE2AF5C5E568621D097CC4FA2, 99B94A7AAA24CFC276C518910FE69380A306AE435D7FE97BDF41D0B25E7F0A71 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
16:52:51.0812 0x0d94 C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
16:52:51.0828 0x0d94 [ 2122FEEF03BCB6CFE5C67483666B2A62, D4D8DA36518BD6BF338E5FB39EBB6F3851AC48CE6578B447BB1641637161526E ] C:\Program Files\AVAST Software\Avast\AhResWS2.dll
16:52:51.0828 0x0d94 C:\Program Files\AVAST Software\Avast\AhResWS2.dll - ok
16:52:51.0828 0x0d94 [ 9EEFE69139FDBB4A3C327630F8EB993A, 8B397F6721E7BC8AA93E9B68099084D49AC4776BACC1383089C59A52D8244B49 ] C:\WINDOWS\system32\wlanapi.dll
16:52:51.0828 0x0d94 C:\WINDOWS\system32\wlanapi.dll - ok
16:52:51.0843 0x0d94 [ 12B437CAD5FC07B3B33CE1C1355BBCC6, 5801749490920DD8CA14C0FC39E8738E5C4024304B639B30983F0B67B317A62E ] C:\Program Files\AVAST Software\Avast\aswAra.dll
16:52:51.0843 0x0d94 C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
16:52:51.0859 0x0d94 [ 8074FB74D7E599BAFEA3691DC1381E2F, 1690407E840CE567F7EA76B9826C7881486653847D5CC79701B1257414BCEEBE ] C:\Program Files\AVAST Software\Avast\ashmaisv.dll
16:52:51.0859 0x0d94 C:\Program Files\AVAST Software\Avast\ashmaisv.dll - ok
16:52:51.0859 0x0d94 [ 90EB173A54E28CA09B89D4AFDEBC2F1A, 3657D6E7BB40DAB75C2F06AA13C1EFB87EC1B9777792D821987162F30A1AA6AB ] C:\Program Files\AVAST Software\Avast\defs\14101506\exts.dll
16:52:51.0859 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\exts.dll - ok
16:52:51.0875 0x0d94 [ E67F6199A9AE98AB4A53150A6EB6DAC3, 1AD07FFF6249E381DB42C034509ECC3437A299239FBFFE7B235F0EE66B8978E6 ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
16:52:51.0875 0x0d94 C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
16:52:51.0875 0x0d94 [ 7EBD87A09658779205891D08F37AB234, 7A65E37BCA021422851110E0C06E8A60F94F4E954FDF86E6DC19E53FBCC0FD8A ] C:\Program Files\AVAST Software\Avast\aswData.dll
16:52:51.0875 0x0d94 C:\Program Files\AVAST Software\Avast\aswData.dll - ok
16:52:51.0890 0x0d94 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] C:\WINDOWS\system32\security.dll
16:52:51.0890 0x0d94 C:\WINDOWS\system32\security.dll - ok
16:52:51.0890 0x0d94 [ C5164F0E10AAA9F38E90036FE9F3E99F, 7CCDF70DE476A6177F08F5A02B6CC3A100C6CDF6C146BEF9DAE77D3C3ACCD876 ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
16:52:51.0906 0x0d94 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
16:52:51.0906 0x0d94 [ 62EF42A999F202B75BD6CCE2A410C1B4, D3F82E7A8CC2D66C49F06E33EA1C3DACD77780BB779DE4991596FD6DBE1EBB12 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswAR.dll
16:52:51.0906 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswAR.dll - ok
16:52:51.0921 0x0d94 [ 847854C4C4332DC00665380DABC06C41, DE8226C8189CEDECE6B0659B2D1ADAD56627E0BF94E51A93B3F5978CB2DEE05F ] C:\Program Files\AVAST Software\Avast\aswjsscan.dll
16:52:51.0921 0x0d94 C:\Program Files\AVAST Software\Avast\aswjsscan.dll - ok
16:52:51.0921 0x0d94 [ 0AD792A78419867BF5D750853D80FA11, 4CF8BDAB613FB591F54F7F7BF0B40292D108D82077279B72BC17449471B93C1E ] C:\WINDOWS\system32\msxml3.dll
16:52:51.0921 0x0d94 C:\WINDOWS\system32\msxml3.dll - ok
16:52:51.0937 0x0d94 [ 2080DCEBE27D92F29AAB5FCFF77613A2, EBBBB3E92B01F1F1FF6330AFFA7D8C281AB5BB9AEE1C900F5CF1AAF1E6813E42 ] C:\Program Files\AVAST Software\Avast\setup\instup.exe
16:52:51.0937 0x0d94 C:\Program Files\AVAST Software\Avast\setup\instup.exe - ok
16:52:51.0937 0x0d94 [ 8E8D82756F3DDC86D53651E3FB432B9D, A99A1A7334BAE818D40E8323DBBC01BC66860D7005CDFFCF0BE84025FFBF0AEC ] C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
16:52:51.0937 0x0d94 C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll - ok
16:52:51.0953 0x0d94 [ 863144CF4095F9FD99B884644F84645B, C2A731F2DAD56235ACB7A66493FFFC8D0CC64092B3FAAA38276227B893877EBE ] C:\Program Files\AVAST Software\Avast\setup\instup.dll
16:52:51.0953 0x0d94 C:\Program Files\AVAST Software\Avast\setup\instup.dll - ok
16:52:51.0968 0x0d94 [ 81D5C2D6232FCDBC7916AF659B12C8B7, F70F355E75AE0F1674BC31F743BD6D6B11DF90D37B5F6E19032ADCAD88FF6AE5 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswRawFS.dll
16:52:51.0968 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswRawFS.dll - ok
16:52:51.0968 0x0d94 [ 4D0715D4F196E262B4E0BA01D5EB41C0, 24EACA55A28D19F5B7F6AB33DBA7B1FC7769411F5FE95BC88D60EDC3E731A77A ] C:\Program Files\AVAST Software\Avast\defs\14101506\swhealthex.dll
16:52:51.0968 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\swhealthex.dll - ok
16:52:51.0984 0x0d94 [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
16:52:51.0984 0x0d94 C:\WINDOWS\system32\oledlg.dll - ok
16:52:51.0984 0x0d94 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
16:52:51.0984 0x0d94 C:\WINDOWS\system32\cryptnet.dll - ok
16:52:52.0000 0x0d94 [ 1AD8512A5C40AD1A0558498D8E0AC2AA, 7DCA8A7C130243FF41B1E04F50D0BA3EBB48E6A37C275FD0FF0AA8509FD2A555 ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
16:52:52.0000 0x0d94 C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
16:52:52.0015 0x0d94 [ 38C2DFFAF625F42EAD1B79F6B3C80EA8, 41C29D59EC1E83F973A6A6F9B7114C739A3BAE86745766A68B7FB560EE5B560B ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
16:52:52.0015 0x0d94 C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
16:52:52.0015 0x0d94 [ 59FD0296E32362CD7A3E66A028B56B9A, 1D1BFCCDAFCAC4EF522067B098A4EF336BD4E7785B43FBCCAC8B74C9B262B72D ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
16:52:52.0015 0x0d94 C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
16:52:52.0031 0x0d94 [ 4044E880593FE1AC9942190FCE414BE7, 1EBD42F10592D57A2C8562C641461DE5288D9E900FE91A4A1800C9AB9034F2CD ] C:\WINDOWS\system32\mstask.dll
16:52:52.0031 0x0d94 C:\WINDOWS\system32\mstask.dll - ok
16:52:52.0031 0x0d94 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] C:\WINDOWS\system32\qmgr.dll
16:52:52.0031 0x0d94 C:\WINDOWS\system32\qmgr.dll - ok
16:52:52.0046 0x0d94 [ 1C9279122415243F236D337A09BF5360, AF7948C239B28F38491907CEE5CDE17D1CE66CB1D62F8CF7377A1C33C02016CF ] C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
16:52:52.0046 0x0d94 C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll - ok
16:52:52.0046 0x0d94 [ C14AA05881A35B6D6BB8D55B117EE22D, F30873FA983CE21734BE1A357CDF855EF33511990C14B454EBAA3D6059CD823D ] C:\WINDOWS\system32\shfolder.dll
16:52:52.0046 0x0d94 C:\WINDOWS\system32\shfolder.dll - ok
16:52:52.0062 0x0d94 [ 6C636F85AE27B1B2C789599BB1136F9D, ECF094DEA718A6FDA4AA35F4030AD705B6FDF560FAD2249B48A93BE5A394E259 ] C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
16:52:52.0062 0x0d94 C:\Program Files\AVAST Software\Avast\aswResourceLib.dll - ok
16:52:52.0062 0x0d94 [ F1DAC7969C1337AF790BD1D981AA780C, C544785173AD8F2F28B414938D8D81C679157F7CE60EE7688DCB0A8FF9CE4D69 ] C:\WINDOWS\system32\qmgrprxy.dll
16:52:52.0062 0x0d94 C:\WINDOWS\system32\qmgrprxy.dll - ok
16:52:52.0078 0x0d94 [ 5BE1CD443E2D6495E22CBB40D532E1F0, 4C7CE9A5C2FC18EE5A58F88EBEA209138DFBB9721BE91611FB5C613AA64CABAE ] C:\Program Files\AVAST Software\Avast\icudt.dll
16:52:52.0078 0x0d94 C:\Program Files\AVAST Software\Avast\icudt.dll - ok
16:52:52.0093 0x0d94 [ 465B48A225A741F723DF9773914E5613, BDEC778E29C1C3ECD8CEBA65AB988C43B4703B8EF9C7A7FFB07DB718317F32E1 ] C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe
16:52:52.0093 0x0d94 C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe - ok
16:52:52.0093 0x0d94 [ 3630722DCAA17C8B40C226C202D8D682, F51429F170E4292985CA11C7CA8E02BFD0E3BCA21666634FBB516A5542C79C20 ] C:\Program Files\AVAST Software\Avast\setup\gcapi_14134062492956.dll
16:52:52.0093 0x0d94 C:\Program Files\AVAST Software\Avast\setup\gcapi_14134062492956.dll - ok
16:52:52.0109 0x0d94 [ 8AFC17155ED5AB60B7C52D7F553D579C, A7F7CD44461E11D1B8BE467BD4E4A22AE05B6DF29260CC0B9D43A6314FE2A375 ] C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
16:52:52.0109 0x0d94 C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx - ok
16:52:52.0109 0x0d94 [ 43739358874169D3653635F0DE9BBA66, 92510EEEECFFE49DA174E1D66B1CFC238A47D5D305A63CB3E9C8EA36F3F7DF00 ] C:\Program Files\AVAST Software\Avast\defs\14101506\uiext.dll
16:52:52.0109 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\uiext.dll - ok
16:52:52.0125 0x0d94 [ A7F361875622AA5829AA39BA248F68E9, BCAC4FD9D7FD02EB010DCB5301CF3459A0F0BBAA62162D510E962FF33FFC7ED4 ] C:\WINDOWS\system32\adsldp.dll
16:52:52.0125 0x0d94 C:\WINDOWS\system32\adsldp.dll - ok
16:52:52.0140 0x0d94 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] C:\WINDOWS\system32\wbem\wmipcima.dll
16:52:52.0140 0x0d94 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
16:52:52.0140 0x0d94 [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] C:\WINDOWS\system32\drprov.dll
16:52:52.0140 0x0d94 C:\WINDOWS\system32\drprov.dll - ok
16:52:52.0156 0x0d94 [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] C:\WINDOWS\system32\ntlanman.dll
16:52:52.0156 0x0d94 C:\WINDOWS\system32\ntlanman.dll - ok
16:52:52.0156 0x0d94 [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] C:\WINDOWS\system32\netui0.dll
16:52:52.0156 0x0d94 C:\WINDOWS\system32\netui0.dll - ok
16:52:52.0171 0x0d94 [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] C:\WINDOWS\system32\netui1.dll
16:52:52.0171 0x0d94 C:\WINDOWS\system32\netui1.dll - ok
16:52:52.0171 0x0d94 [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] C:\WINDOWS\system32\davclnt.dll
16:52:52.0171 0x0d94 C:\WINDOWS\system32\davclnt.dll - ok
16:52:52.0187 0x0d94 ================ Scan generic autorun ======================
16:52:52.0500 0x0d94 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:52:53.0625 0x0d94 AvastUI.exe - ok
16:52:53.0640 0x0d94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:52:53.0859 0x0d94 ctfmon.exe - ok
16:52:54.0234 0x0d94 [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] C:\Program Files\CCleaner\CCleaner.exe
16:52:56.0640 0x0d94 CCleaner Monitoring - ok
16:52:57.0156 0x0d94 [ EEE55F88D83E97DD51B8E3231AC1004F, 3EB7C2BB2F5EC23B80AC4814FDC79595CE24895E0E2648674E34DA89B9C688CC ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
16:52:59.0046 0x0d94 SUPERAntiSpyware - ok
16:52:59.0453 0x0d94 [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] C:\Program Files\CCleaner\CCleaner.exe
16:53:01.0796 0x0d94 CCleaner Monitoring - ok
16:53:01.0828 0x0d94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:53:02.0031 0x0d94 ctfmon.exe - ok
16:53:02.0062 0x0d94 [ F11E16E16682A5D08CBB7A943AFAF368, 3C0B64D3075DE681EBF9B77ADB3671819CB187C1236AD798E5BDA3AFE44AE208 ] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
16:53:02.0109 0x0d94 FlashPlayerUpdate - ok
16:53:02.0109 0x0d94 Waiting for KSN requests completion. In queue: 7
16:53:03.0109 0x0d94 Waiting for KSN requests completion. In queue: 7
16:53:04.0109 0x0d94 Waiting for KSN requests completion. In queue: 7
16:53:05.0109 0x0d94 Waiting for KSN requests completion. In queue: 1
16:53:06.0109 0x0d94 Waiting for KSN requests completion. In queue: 1
16:53:07.0250 0x0d94 AV detected via SS1: avast! Antivirus, 5.0.150996965, enabled, updated
16:53:07.0265 0x0d94 Win FW state via NFM: disabled
16:53:09.0843 0x0d94 ============================================================
16:53:09.0843 0x0d94 Scan finished
16:53:09.0843 0x0d94 ============================================================
16:53:09.0859 0x0d8c Detected object count: 0
16:53:09.0859 0x0d8c Actual detected object count: 0
16:53:37.0062 0x042c Deinitialize success
Fourth part of TDSS
C:\WINDOWS\system32\pstorsvc.dll
16:52:50.0750 0x0d94 C:\WINDOWS\system32\pstorsvc.dll - ok
16:52:50.0765 0x0d94 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] C:\WINDOWS\system32\winipsec.dll
16:52:50.0765 0x0d94 C:\WINDOWS\system32\winipsec.dll - ok
16:52:50.0765 0x0d94 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] C:\WINDOWS\system32\psbase.dll
16:52:50.0765 0x0d94 C:\WINDOWS\system32\psbase.dll - ok
16:52:50.0781 0x0d94 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] C:\WINDOWS\system32\srvsvc.dll
16:52:50.0781 0x0d94 C:\WINDOWS\system32\srvsvc.dll - ok
16:52:50.0781 0x0d94 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] C:\WINDOWS\system32\hidserv.dll
16:52:50.0781 0x0d94 C:\WINDOWS\system32\hidserv.dll - ok
16:52:50.0796 0x0d94 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] C:\WINDOWS\system32\hid.dll
16:52:50.0796 0x0d94 C:\WINDOWS\system32\hid.dll - ok
16:52:50.0796 0x0d94 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
16:52:50.0796 0x0d94 C:\WINDOWS\system32\netmsg.dll - ok
16:52:50.0812 0x0d94 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] C:\WINDOWS\system32\msacm32.drv
16:52:50.0812 0x0d94 C:\WINDOWS\system32\msacm32.drv - ok
16:52:50.0812 0x0d94 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] C:\WINDOWS\system32\dssenh.dll
16:52:50.0812 0x0d94 C:\WINDOWS\system32\dssenh.dll - ok
16:52:50.0828 0x0d94 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] C:\WINDOWS\system32\midimap.dll
16:52:50.0828 0x0d94 C:\WINDOWS\system32\midimap.dll - ok
16:52:50.0828 0x0d94 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] C:\WINDOWS\system32\ersvc.dll
16:52:50.0828 0x0d94 C:\WINDOWS\system32\ersvc.dll - ok
16:52:50.0843 0x0d94 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
16:52:50.0843 0x0d94 C:\WINDOWS\system32\es.dll - ok
16:52:50.0859 0x0d94 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] C:\WINDOWS\system32\wiaservc.dll
16:52:50.0859 0x0d94 C:\WINDOWS\system32\wiaservc.dll - ok
16:52:50.0859 0x0d94 [ 0F6AEFAD3641A657E18081F52D0C15AF, 00513F28BB5D85BCC3B124BD157EAE32C6010541B6A7B69572993BCEC8E720DA ] C:\WINDOWS\system32\drivers\srv.sys
16:52:50.0859 0x0d94 C:\WINDOWS\system32\drivers\srv.sys - ok
16:52:50.0875 0x0d94 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] C:\WINDOWS\system32\seclogon.dll
16:52:50.0875 0x0d94 C:\WINDOWS\system32\seclogon.dll - ok
16:52:50.0875 0x0d94 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] C:\WINDOWS\system32\cfgmgr32.dll
16:52:50.0875 0x0d94 C:\WINDOWS\system32\cfgmgr32.dll - ok
16:52:50.0890 0x0d94 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
16:52:50.0890 0x0d94 C:\WINDOWS\system32\srsvc.dll - ok
16:52:50.0890 0x0d94 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1, 502B9D43EB6305508E8CDF034528C3F1DDF4525727C1B7663EA835BE2307FF20 ] C:\WINDOWS\system32\mscms.dll
16:52:50.0890 0x0d94 C:\WINDOWS\system32\mscms.dll - ok
16:52:50.0906 0x0d94 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
16:52:50.0906 0x0d94 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
16:52:50.0921 0x0d94 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
16:52:50.0921 0x0d94 C:\WINDOWS\system32\vssapi.dll - ok
16:52:50.0921 0x0d94 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] C:\WINDOWS\system32\wuauserv.dll
16:52:50.0921 0x0d94 C:\WINDOWS\system32\wuauserv.dll - ok
16:52:50.0937 0x0d94 [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] C:\WINDOWS\system32\wuaueng.dll
16:52:50.0937 0x0d94 C:\WINDOWS\system32\wuaueng.dll - ok
16:52:50.0937 0x0d94 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] C:\WINDOWS\system32\cabinet.dll
16:52:50.0937 0x0d94 C:\WINDOWS\system32\cabinet.dll - ok
16:52:50.0953 0x0d94 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] C:\WINDOWS\system32\mspatcha.dll
16:52:50.0953 0x0d94 C:\WINDOWS\system32\mspatcha.dll - ok
16:52:50.0953 0x0d94 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
16:52:50.0953 0x0d94 C:\WINDOWS\system32\actxprxy.dll - ok
16:52:50.0968 0x0d94 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] C:\WINDOWS\system32\sens.dll
16:52:50.0968 0x0d94 C:\WINDOWS\system32\sens.dll - ok
16:52:50.0984 0x0d94 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] C:\WINDOWS\system32\wscsvc.dll
16:52:50.0984 0x0d94 C:\WINDOWS\system32\wscsvc.dll - ok
16:52:50.0984 0x0d94 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] C:\WINDOWS\system32\ipnathlp.dll
16:52:50.0984 0x0d94 C:\WINDOWS\system32\ipnathlp.dll - ok
16:52:51.0000 0x0d94 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
16:52:51.0000 0x0d94 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
16:52:51.0000 0x0d94 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
16:52:51.0000 0x0d94 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
16:52:51.0015 0x0d94 [ D40E7B5FBB8E0EAA7C5C294389AF95AB, 8EFD521DF1F335AF416DEC15D5C0C6538903803AA1A8ED93AA704B384A29876B ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{8E8A4C6B-A201-4452-B3EB-652521646FEB}.exe
16:52:51.0015 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{8E8A4C6B-A201-4452-B3EB-652521646FEB}.exe - ok
16:52:51.0015 0x0d94 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
16:52:51.0015 0x0d94 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
16:52:51.0031 0x0d94 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
16:52:51.0031 0x0d94 C:\WINDOWS\system32\wbem\esscli.dll - ok
16:52:51.0031 0x0d94 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
16:52:51.0031 0x0d94 C:\WINDOWS\system32\wbem\fastprox.dll - ok
16:52:51.0046 0x0d94 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] C:\WINDOWS\system32\comsvcs.dll
16:52:51.0046 0x0d94 C:\WINDOWS\system32\comsvcs.dll - ok
16:52:51.0046 0x0d94 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] C:\WINDOWS\system32\colbact.dll
16:52:51.0062 0x0d94 C:\WINDOWS\system32\colbact.dll - ok
16:52:51.0062 0x0d94 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] C:\WINDOWS\system32\mtxclu.dll
16:52:51.0062 0x0d94 C:\WINDOWS\system32\mtxclu.dll - ok
16:52:51.0078 0x0d94 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] C:\WINDOWS\system32\clusapi.dll
16:52:51.0078 0x0d94 C:\WINDOWS\system32\clusapi.dll - ok
16:52:51.0078 0x0d94 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] C:\WINDOWS\system32\resutils.dll
16:52:51.0078 0x0d94 C:\WINDOWS\system32\resutils.dll - ok
16:52:51.0093 0x0d94 [ 1D326842006C4BE77ECD848CF89F01AB, D79EBBA1184DDF1C0BE3781AB8490FAF3BACA26D2A062A4C9A6DEBC348F9B827 ] C:\WINDOWS\system32\wups.dll
16:52:51.0093 0x0d94 C:\WINDOWS\system32\wups.dll - ok
16:52:51.0093 0x0d94 [ 5BD1234E11B39C63BBA87022AF6D43C2, 4306B6F88BB42CDACB6BF691B94DD4E621EE856D4A5D3A95499BCC951686D626 ] C:\WINDOWS\system32\wups2.dll
16:52:51.0093 0x0d94 C:\WINDOWS\system32\wups2.dll - ok
16:52:51.0109 0x0d94 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
16:52:51.0109 0x0d94 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
16:52:51.0125 0x0d94 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
16:52:51.0125 0x0d94 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
16:52:51.0125 0x0d94 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
16:52:51.0125 0x0d94 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
16:52:51.0140 0x0d94 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
16:52:51.0140 0x0d94 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
16:52:51.0140 0x0d94 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
16:52:51.0140 0x0d94 C:\WINDOWS\system32\wbem\wbemess.dll - ok
16:52:51.0156 0x0d94 [ 62BB79160F86CD962F312C68C6239BFD, 2FA2506B5C8B4469D2B36C803CCEAC15E831C3F8A4AF065ACA72DA8F385F24C0 ] C:\WINDOWS\system32\wuauclt.exe
16:52:51.0156 0x0d94 C:\WINDOWS\system32\wuauclt.exe - ok
16:52:51.0156 0x0d94 [ 009758CC06B7F55B4A4D16A66E243C24, B3993D09584736B0FA80839450B1A4F46C6C8FE393CE25ECB0B51EE9545B5E55 ] C:\WINDOWS\system32\wuapi.dll
16:52:51.0156 0x0d94 C:\WINDOWS\system32\wuapi.dll - ok
16:52:51.0171 0x0d94 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
16:52:51.0171 0x0d94 C:\WINDOWS\system32\wbem\ncprov.dll - ok
16:52:51.0187 0x0d94 [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] C:\WINDOWS\system32\upnp.dll
16:52:51.0187 0x0d94 C:\WINDOWS\system32\upnp.dll - ok
16:52:51.0187 0x0d94 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\avastui.exe
16:52:51.0187 0x0d94 C:\Program Files\AVAST Software\Avast\avastui.exe - ok
16:52:51.0203 0x0d94 [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] C:\WINDOWS\system32\ssdpapi.dll
16:52:51.0203 0x0d94 C:\WINDOWS\system32\ssdpapi.dll - ok
16:52:51.0203 0x0d94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:52:51.0203 0x0d94 C:\WINDOWS\system32\ctfmon.exe - ok
16:52:51.0218 0x0d94 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] C:\WINDOWS\system32\MSCTF.dll
16:52:51.0218 0x0d94 C:\WINDOWS\system32\MSCTF.dll - ok
16:52:51.0234 0x0d94 [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] C:\Program Files\CCleaner\CCleaner.exe
16:52:51.0234 0x0d94 C:\Program Files\CCleaner\CCleaner.exe - ok
16:52:51.0234 0x0d94 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] C:\WINDOWS\system32\netcfgx.dll
16:52:51.0234 0x0d94 C:\WINDOWS\system32\netcfgx.dll - ok
16:52:51.0250 0x0d94 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] C:\WINDOWS\system32\msutb.dll
16:52:51.0250 0x0d94 C:\WINDOWS\system32\msutb.dll - ok
16:52:51.0250 0x0d94 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] C:\WINDOWS\system32\rasmans.dll
16:52:51.0250 0x0d94 C:\WINDOWS\system32\rasmans.dll - ok
16:52:51.0265 0x0d94 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] C:\WINDOWS\ime\SPTIP.dll
16:52:51.0265 0x0d94 C:\WINDOWS\ime\SPTIP.dll - ok
16:52:51.0281 0x0d94 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] C:\WINDOWS\system32\spoolss.dll
16:52:51.0281 0x0d94 C:\WINDOWS\system32\spoolss.dll - ok
16:52:51.0281 0x0d94 [ 0E3DBAB333B4DAB6E423B21DF63EE963, 9796607B93972F57D800C1751B8692357D9CC85AE92F00E32E92AFD197CCD5D9 ] C:\Program Files\AVAST Software\Avast\libcef.dll
16:52:51.0281 0x0d94 C:\Program Files\AVAST Software\Avast\libcef.dll - ok
16:52:51.0281 0x0d94 [ 4721AB485E0C29CD1617A5F296B9CC47, 4137C542351577584E2EB5A3F1B089751D549B88D59670C6E5F5141CC2D2B4F5 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
16:52:51.0296 0x0d94 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - ok
16:52:51.0296 0x0d94 [ AA897735D5AB916297A6823A9B2D61B1, 552C3FD67E4FA037E6408D23BAC02331A0B0EBE64F681C3564498E943986407D ] C:\WINDOWS\system32\localspl.dll
16:52:51.0296 0x0d94 C:\WINDOWS\system32\localspl.dll - ok
16:52:51.0312 0x0d94 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] C:\WINDOWS\system32\cnbjmon.dll
16:52:51.0312 0x0d94 C:\WINDOWS\system32\cnbjmon.dll - ok
16:52:51.0312 0x0d94 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] C:\WINDOWS\system32\pjlmon.dll
16:52:51.0312 0x0d94 C:\WINDOWS\system32\pjlmon.dll - ok
16:52:51.0328 0x0d94 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] C:\WINDOWS\system32\tcpmon.dll
16:52:51.0328 0x0d94 C:\WINDOWS\system32\tcpmon.dll - ok
16:52:51.0328 0x0d94 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] C:\WINDOWS\system32\usbmon.dll
16:52:51.0328 0x0d94 C:\WINDOWS\system32\usbmon.dll - ok
16:52:51.0343 0x0d94 [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] C:\WINDOWS\system32\webcheck.dll
16:52:51.0343 0x0d94 C:\WINDOWS\system32\webcheck.dll - ok
16:52:51.0359 0x0d94 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
16:52:51.0359 0x0d94 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
16:52:51.0359 0x0d94 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] C:\WINDOWS\system32\stobject.dll
16:52:51.0359 0x0d94 C:\WINDOWS\system32\stobject.dll - ok
16:52:51.0375 0x0d94 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] C:\WINDOWS\system32\batmeter.dll
16:52:51.0375 0x0d94 C:\WINDOWS\system32\batmeter.dll - ok
16:52:51.0375 0x0d94 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C, 7123FC923BA4C3DD3EDFE9F8936442C4CCE7757D370AB799B0B5668223B965EE ] C:\WINDOWS\system32\win32spl.dll
16:52:51.0375 0x0d94 C:\WINDOWS\system32\win32spl.dll - ok
16:52:51.0390 0x0d94 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
16:52:51.0390 0x0d94 C:\WINDOWS\system32\netrap.dll - ok
16:52:51.0390 0x0d94 [ 045E228F71C31901084B64BE59093499, BA463D9EC2C2D266A34DBAC542CFA0403BFB03DDF3037FBD043BB691A8E493FA ] C:\WINDOWS\system32\WPDShServiceObj.dll
16:52:51.0390 0x0d94 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
16:52:51.0406 0x0d94 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] C:\WINDOWS\system32\inetpp.dll
16:52:51.0406 0x0d94 C:\WINDOWS\system32\inetpp.dll - ok
16:52:51.0421 0x0d94 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
16:52:51.0421 0x0d94 C:\WINDOWS\system32\sensapi.dll - ok
16:52:51.0421 0x0d94 [ 538A270F35A713C360B7ED4168BB7521, 47D8784C811FCADD1E78A907AF56D3D0FA5ABE9AC7DA7CB41AF60D304CAA06BA ] C:\WINDOWS\system32\mydocs.dll
16:52:51.0421 0x0d94 C:\WINDOWS\system32\mydocs.dll - ok
16:52:51.0437 0x0d94 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] C:\WINDOWS\system32\drivers\http.sys
16:52:51.0437 0x0d94 C:\WINDOWS\system32\drivers\http.sys - ok
16:52:51.0437 0x0d94 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] C:\WINDOWS\system32\ssdpsrv.dll
16:52:51.0437 0x0d94 C:\WINDOWS\system32\ssdpsrv.dll - ok
16:52:51.0453 0x0d94 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
16:52:51.0453 0x0d94 C:\WINDOWS\system32\ntshrui.dll - ok
16:52:51.0453 0x0d94 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] C:\WINDOWS\system32\tapisrv.dll
16:52:51.0453 0x0d94 C:\WINDOWS\system32\tapisrv.dll - ok
16:52:51.0468 0x0d94 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
16:52:51.0468 0x0d94 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
16:52:51.0484 0x0d94 [ 9E03DC5AB51CFD0190541CE2038D819D, 55DA924168C44F33FEA38E84DF66ED285C7F2C226E6D70CAAA3A305D6014173C ] C:\WINDOWS\system32\usp10.dll
16:52:51.0484 0x0d94 C:\WINDOWS\system32\usp10.dll - ok
16:52:51.0484 0x0d94 [ B6E6F3F5B63053D5DC1F4EE32992492F, 089F9C92B677A138BABA4817624E8CA49B7E507B7D6FA0B1A3B4302B354B5C7E ] C:\WINDOWS\system32\dbghelp.dll
16:52:51.0484 0x0d94 C:\WINDOWS\system32\dbghelp.dll - ok
16:52:51.0500 0x0d94 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] C:\WINDOWS\system32\alg.exe
16:52:51.0500 0x0d94 C:\WINDOWS\system32\alg.exe - ok
16:52:51.0500 0x0d94 [ 22358578CB321F3325496A3723029409, 44535E0EFC20714CEF8FFAE51294CFC6AC53F12E464E048ECD92CDC2CA54A312 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
16:52:51.0500 0x0d94 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
16:52:51.0515 0x0d94 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] C:\WINDOWS\system32\rastapi.dll
16:52:51.0515 0x0d94 C:\WINDOWS\system32\rastapi.dll - ok
16:52:51.0515 0x0d94 [ 9D45B2201D0ECF9F42136C7B99DEB8B2, 0251BE4C23EAACE2A9725243936C5E5AC4C0BCEE10EDE85017D91936FEE8CB31 ] C:\WINDOWS\system32\PortableDeviceApi.dll
16:52:51.0531 0x0d94 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
16:52:51.0531 0x0d94 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] C:\WINDOWS\system32\unimdm.tsp
16:52:51.0531 0x0d94 C:\WINDOWS\system32\unimdm.tsp - ok
16:52:51.0546 0x0d94 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DEBB54AE-6836-45A3-B127-31F2244AE045}.tmp
16:52:51.0546 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DEBB54AE-6836-45A3-B127-31F2244AE045}.tmp - ok
16:52:51.0546 0x0d94 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] C:\WINDOWS\system32\uniplat.dll
16:52:51.0546 0x0d94 C:\WINDOWS\system32\uniplat.dll - ok
16:52:51.0562 0x0d94 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{77684610-FF4C-4FE4-924C-1A69462DFFD3}.tmp
16:52:51.0562 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{77684610-FF4C-4FE4-924C-1A69462DFFD3}.tmp - ok
16:52:51.0562 0x0d94 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{43B539E3-8169-478C-AB9A-4DBC1DBC4390}.tmp
16:52:51.0562 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{43B539E3-8169-478C-AB9A-4DBC1DBC4390}.tmp - ok
16:52:51.0578 0x0d94 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] C:\WINDOWS\system32\kmddsp.tsp
16:52:51.0578 0x0d94 C:\WINDOWS\system32\kmddsp.tsp - ok
16:52:51.0593 0x0d94 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] C:\WINDOWS\system32\ndptsp.tsp
16:52:51.0593 0x0d94 C:\WINDOWS\system32\ndptsp.tsp - ok
16:52:51.0593 0x0d94 [ B60FF0CC532B9D3E28610F614CDEDB64, C3FCDB73C3F4C3FD823D803CB8AE829458EBD8FAA84FC8BB3739BC4DFAF15C0F ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
16:52:51.0593 0x0d94 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
16:52:51.0609 0x0d94 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DF882D72-45BD-4683-9E34-AE9C61A00204}.tmp
16:52:51.0609 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{DF882D72-45BD-4683-9E34-AE9C61A00204}.tmp - ok
16:52:51.0609 0x0d94 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] C:\WINDOWS\system32\ipconf.tsp
16:52:51.0609 0x0d94 C:\WINDOWS\system32\ipconf.tsp - ok
16:52:51.0625 0x0d94 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] C:\WINDOWS\system32\h323.tsp
16:52:51.0625 0x0d94 C:\WINDOWS\system32\h323.tsp - ok
16:52:51.0625 0x0d94 [ B8DE851298E99A005BFD34AA906B3FE8, 33F631C0B561199B5FEB9020FAA99E50EFA9F421D7484FFA640C5561494726DA ] C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\mfc110u.dll
16:52:51.0625 0x0d94 C:\WINDOWS\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_x-ww_e6822ee2\mfc110u.dll - ok
16:52:51.0640 0x0d94 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] C:\WINDOWS\system32\hidphone.tsp
16:52:51.0640 0x0d94 C:\WINDOWS\system32\hidphone.tsp - ok
16:52:51.0656 0x0d94 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] C:\WINDOWS\system32\rasppp.dll
16:52:51.0656 0x0d94 C:\WINDOWS\system32\rasppp.dll - ok
16:52:51.0656 0x0d94 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{427912F4-50E4-44B7-9AB1-99B9116150A4}.tmp
16:52:51.0656 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{427912F4-50E4-44B7-9AB1-99B9116150A4}.tmp - ok
16:52:51.0671 0x0d94 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] C:\WINDOWS\system32\ntlsapi.dll
16:52:51.0671 0x0d94 C:\WINDOWS\system32\ntlsapi.dll - ok
16:52:51.0671 0x0d94 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] C:\WINDOWS\system32\rasqec.dll
16:52:51.0671 0x0d94 C:\WINDOWS\system32\rasqec.dll - ok
16:52:51.0687 0x0d94 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{A803C67D-1766-436D-A371-241162672522}.tmp
16:52:51.0687 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{A803C67D-1766-436D-A371-241162672522}.tmp - ok
16:52:51.0703 0x0d94 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] C:\WINDOWS\system32\rasdlg.dll
16:52:51.0703 0x0d94 C:\WINDOWS\system32\rasdlg.dll - ok
16:52:51.0718 0x0d94 [ C7000F2DB2A5515C64C257478769A481, F35E73827FB597A453E99246D79094AD0A1F83AF491277F6170C7D7603D3B72C ] C:\WINDOWS\system32\wbem\unsecapp.exe
16:52:51.0718 0x0d94 C:\WINDOWS\system32\wbem\unsecapp.exe - ok
16:52:51.0718 0x0d94 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{4D04207E-C436-4041-B6C6-7042FDD9DB7B}.tmp
16:52:51.0718 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{4D04207E-C436-4041-B6C6-7042FDD9DB7B}.tmp - ok
16:52:51.0734 0x0d94 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{0967DABE-3ED3-4E6F-88AE-427E39837569}.tmp
16:52:51.0734 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{0967DABE-3ED3-4E6F-88AE-427E39837569}.tmp - ok
16:52:51.0734 0x0d94 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
16:52:51.0734 0x0d94 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
16:52:51.0750 0x0d94 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{957FC589-D66D-4264-97AC-489C43BD785C}.tmp
16:52:51.0750 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{957FC589-D66D-4264-97AC-489C43BD785C}.tmp - ok
16:52:51.0750 0x0d94 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
16:52:51.0750 0x0d94 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
16:52:51.0765 0x0d94 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{EE29B217-29C1-4BB1-9C3A-24E44D1F79D7}.tmp
16:52:51.0765 0x0d94 C:\DOCUME~1\MISTY&~1\LOCALS~1\temp\{2CD788AC-59FB-47AA-B477-32A214C95598}\{EE29B217-29C1-4BB1-9C3A-24E44D1F79D7}.tmp - ok
16:52:51.0781 0x0d94 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
16:52:51.0781 0x0d94 C:\WINDOWS\system32\wbem\framedyn.dll - ok
16:52:51.0781 0x0d94 [ A9FF57EC69F8C593AA3712B3C8F02002, 880E429951D21FE28E2A644B40C267CDF590321EE5EEAC3B3EB56547746BF65F ] C:\Program Files\AVAST Software\Avast\HTMLayout.dll
16:52:51.0781 0x0d94 C:\Program Files\AVAST Software\Avast\HTMLayout.dll - ok
16:52:51.0796 0x0d94 [ 5D43C9A33F18C707BA169AFDA88BDF30, 6796891360B4731B4F165300BD9FAC9A2A4C54E8CFF86DEC8036D3765AE4D9A3 ] C:\WINDOWS\system32\fltlib.dll
16:52:51.0796 0x0d94 C:\WINDOWS\system32\fltlib.dll - ok
16:52:51.0796 0x0d94 [ E693A3AC10F2FC6AA0DB865A04108022, D1286A49D82796831FE985E90CE35DCAB8A1DBCFFEF460CC9E5676730C693892 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
16:52:51.0796 0x0d94 C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
16:52:51.0812 0x0d94 [ 33EDF6CCC9DEB9E6EFD8D7FC423D6123, 272C775A6026CDD6A1E4FE7E6712E5BD39240C34929074AE0817FD9CD428A33E ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
16:52:51.0812 0x0d94 C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
16:52:51.0812 0x0d94 [ 0ACFC95EE2AF5C5E568621D097CC4FA2, 99B94A7AAA24CFC276C518910FE69380A306AE435D7FE97BDF41D0B25E7F0A71 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
16:52:51.0812 0x0d94 C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
16:52:51.0828 0x0d94 [ 2122FEEF03BCB6CFE5C67483666B2A62, D4D8DA36518BD6BF338E5FB39EBB6F3851AC48CE6578B447BB1641637161526E ] C:\Program Files\AVAST Software\Avast\AhResWS2.dll
16:52:51.0828 0x0d94 C:\Program Files\AVAST Software\Avast\AhResWS2.dll - ok
16:52:51.0828 0x0d94 [ 9EEFE69139FDBB4A3C327630F8EB993A, 8B397F6721E7BC8AA93E9B68099084D49AC4776BACC1383089C59A52D8244B49 ] C:\WINDOWS\system32\wlanapi.dll
16:52:51.0828 0x0d94 C:\WINDOWS\system32\wlanapi.dll - ok
16:52:51.0843 0x0d94 [ 12B437CAD5FC07B3B33CE1C1355BBCC6, 5801749490920DD8CA14C0FC39E8738E5C4024304B639B30983F0B67B317A62E ] C:\Program Files\AVAST Software\Avast\aswAra.dll
16:52:51.0843 0x0d94 C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
16:52:51.0859 0x0d94 [ 8074FB74D7E599BAFEA3691DC1381E2F, 1690407E840CE567F7EA76B9826C7881486653847D5CC79701B1257414BCEEBE ] C:\Program Files\AVAST Software\Avast\ashmaisv.dll
16:52:51.0859 0x0d94 C:\Program Files\AVAST Software\Avast\ashmaisv.dll - ok
16:52:51.0859 0x0d94 [ 90EB173A54E28CA09B89D4AFDEBC2F1A, 3657D6E7BB40DAB75C2F06AA13C1EFB87EC1B9777792D821987162F30A1AA6AB ] C:\Program Files\AVAST Software\Avast\defs\14101506\exts.dll
16:52:51.0859 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\exts.dll - ok
16:52:51.0875 0x0d94 [ E67F6199A9AE98AB4A53150A6EB6DAC3, 1AD07FFF6249E381DB42C034509ECC3437A299239FBFFE7B235F0EE66B8978E6 ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
16:52:51.0875 0x0d94 C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
16:52:51.0875 0x0d94 [ 7EBD87A09658779205891D08F37AB234, 7A65E37BCA021422851110E0C06E8A60F94F4E954FDF86E6DC19E53FBCC0FD8A ] C:\Program Files\AVAST Software\Avast\aswData.dll
16:52:51.0875 0x0d94 C:\Program Files\AVAST Software\Avast\aswData.dll - ok
16:52:51.0890 0x0d94 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] C:\WINDOWS\system32\security.dll
16:52:51.0890 0x0d94 C:\WINDOWS\system32\security.dll - ok
16:52:51.0890 0x0d94 [ C5164F0E10AAA9F38E90036FE9F3E99F, 7CCDF70DE476A6177F08F5A02B6CC3A100C6CDF6C146BEF9DAE77D3C3ACCD876 ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
16:52:51.0906 0x0d94 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
16:52:51.0906 0x0d94 [ 62EF42A999F202B75BD6CCE2A410C1B4, D3F82E7A8CC2D66C49F06E33EA1C3DACD77780BB779DE4991596FD6DBE1EBB12 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswAR.dll
16:52:51.0906 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswAR.dll - ok
16:52:51.0921 0x0d94 [ 847854C4C4332DC00665380DABC06C41, DE8226C8189CEDECE6B0659B2D1ADAD56627E0BF94E51A93B3F5978CB2DEE05F ] C:\Program Files\AVAST Software\Avast\aswjsscan.dll
16:52:51.0921 0x0d94 C:\Program Files\AVAST Software\Avast\aswjsscan.dll - ok
16:52:51.0921 0x0d94 [ 0AD792A78419867BF5D750853D80FA11, 4CF8BDAB613FB591F54F7F7BF0B40292D108D82077279B72BC17449471B93C1E ] C:\WINDOWS\system32\msxml3.dll
16:52:51.0921 0x0d94 C:\WINDOWS\system32\msxml3.dll - ok
16:52:51.0937 0x0d94 [ 2080DCEBE27D92F29AAB5FCFF77613A2, EBBBB3E92B01F1F1FF6330AFFA7D8C281AB5BB9AEE1C900F5CF1AAF1E6813E42 ] C:\Program Files\AVAST Software\Avast\setup\instup.exe
16:52:51.0937 0x0d94 C:\Program Files\AVAST Software\Avast\setup\instup.exe - ok
16:52:51.0937 0x0d94 [ 8E8D82756F3DDC86D53651E3FB432B9D, A99A1A7334BAE818D40E8323DBBC01BC66860D7005CDFFCF0BE84025FFBF0AEC ] C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
16:52:51.0937 0x0d94 C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll - ok
16:52:51.0953 0x0d94 [ 863144CF4095F9FD99B884644F84645B, C2A731F2DAD56235ACB7A66493FFFC8D0CC64092B3FAAA38276227B893877EBE ] C:\Program Files\AVAST Software\Avast\setup\instup.dll
16:52:51.0953 0x0d94 C:\Program Files\AVAST Software\Avast\setup\instup.dll - ok
16:52:51.0968 0x0d94 [ 81D5C2D6232FCDBC7916AF659B12C8B7, F70F355E75AE0F1674BC31F743BD6D6B11DF90D37B5F6E19032ADCAD88FF6AE5 ] C:\Program Files\AVAST Software\Avast\defs\14101506\aswRawFS.dll
16:52:51.0968 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\aswRawFS.dll - ok
16:52:51.0968 0x0d94 [ 4D0715D4F196E262B4E0BA01D5EB41C0, 24EACA55A28D19F5B7F6AB33DBA7B1FC7769411F5FE95BC88D60EDC3E731A77A ] C:\Program Files\AVAST Software\Avast\defs\14101506\swhealthex.dll
16:52:51.0968 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\swhealthex.dll - ok
16:52:51.0984 0x0d94 [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
16:52:51.0984 0x0d94 C:\WINDOWS\system32\oledlg.dll - ok
16:52:51.0984 0x0d94 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
16:52:51.0984 0x0d94 C:\WINDOWS\system32\cryptnet.dll - ok
16:52:52.0000 0x0d94 [ 1AD8512A5C40AD1A0558498D8E0AC2AA, 7DCA8A7C130243FF41B1E04F50D0BA3EBB48E6A37C275FD0FF0AA8509FD2A555 ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
16:52:52.0000 0x0d94 C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
16:52:52.0015 0x0d94 [ 38C2DFFAF625F42EAD1B79F6B3C80EA8, 41C29D59EC1E83F973A6A6F9B7114C739A3BAE86745766A68B7FB560EE5B560B ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
16:52:52.0015 0x0d94 C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
16:52:52.0015 0x0d94 [ 59FD0296E32362CD7A3E66A028B56B9A, 1D1BFCCDAFCAC4EF522067B098A4EF336BD4E7785B43FBCCAC8B74C9B262B72D ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
16:52:52.0015 0x0d94 C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
16:52:52.0031 0x0d94 [ 4044E880593FE1AC9942190FCE414BE7, 1EBD42F10592D57A2C8562C641461DE5288D9E900FE91A4A1800C9AB9034F2CD ] C:\WINDOWS\system32\mstask.dll
16:52:52.0031 0x0d94 C:\WINDOWS\system32\mstask.dll - ok
16:52:52.0031 0x0d94 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] C:\WINDOWS\system32\qmgr.dll
16:52:52.0031 0x0d94 C:\WINDOWS\system32\qmgr.dll - ok
16:52:52.0046 0x0d94 [ 1C9279122415243F236D337A09BF5360, AF7948C239B28F38491907CEE5CDE17D1CE66CB1D62F8CF7377A1C33C02016CF ] C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
16:52:52.0046 0x0d94 C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll - ok
16:52:52.0046 0x0d94 [ C14AA05881A35B6D6BB8D55B117EE22D, F30873FA983CE21734BE1A357CDF855EF33511990C14B454EBAA3D6059CD823D ] C:\WINDOWS\system32\shfolder.dll
16:52:52.0046 0x0d94 C:\WINDOWS\system32\shfolder.dll - ok
16:52:52.0062 0x0d94 [ 6C636F85AE27B1B2C789599BB1136F9D, ECF094DEA718A6FDA4AA35F4030AD705B6FDF560FAD2249B48A93BE5A394E259 ] C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
16:52:52.0062 0x0d94 C:\Program Files\AVAST Software\Avast\aswResourceLib.dll - ok
16:52:52.0062 0x0d94 [ F1DAC7969C1337AF790BD1D981AA780C, C544785173AD8F2F28B414938D8D81C679157F7CE60EE7688DCB0A8FF9CE4D69 ] C:\WINDOWS\system32\qmgrprxy.dll
16:52:52.0062 0x0d94 C:\WINDOWS\system32\qmgrprxy.dll - ok
16:52:52.0078 0x0d94 [ 5BE1CD443E2D6495E22CBB40D532E1F0, 4C7CE9A5C2FC18EE5A58F88EBEA209138DFBB9721BE91611FB5C613AA64CABAE ] C:\Program Files\AVAST Software\Avast\icudt.dll
16:52:52.0078 0x0d94 C:\Program Files\AVAST Software\Avast\icudt.dll - ok
16:52:52.0093 0x0d94 [ 465B48A225A741F723DF9773914E5613, BDEC778E29C1C3ECD8CEBA65AB988C43B4703B8EF9C7A7FFB07DB718317F32E1 ] C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe
16:52:52.0093 0x0d94 C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe - ok
16:52:52.0093 0x0d94 [ 3630722DCAA17C8B40C226C202D8D682, F51429F170E4292985CA11C7CA8E02BFD0E3BCA21666634FBB516A5542C79C20 ] C:\Program Files\AVAST Software\Avast\setup\gcapi_14134062492956.dll
16:52:52.0093 0x0d94 C:\Program Files\AVAST Software\Avast\setup\gcapi_14134062492956.dll - ok
16:52:52.0109 0x0d94 [ 8AFC17155ED5AB60B7C52D7F553D579C, A7F7CD44461E11D1B8BE467BD4E4A22AE05B6DF29260CC0B9D43A6314FE2A375 ] C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
16:52:52.0109 0x0d94 C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx - ok
16:52:52.0109 0x0d94 [ 43739358874169D3653635F0DE9BBA66, 92510EEEECFFE49DA174E1D66B1CFC238A47D5D305A63CB3E9C8EA36F3F7DF00 ] C:\Program Files\AVAST Software\Avast\defs\14101506\uiext.dll
16:52:52.0109 0x0d94 C:\Program Files\AVAST Software\Avast\defs\14101506\uiext.dll - ok
16:52:52.0125 0x0d94 [ A7F361875622AA5829AA39BA248F68E9, BCAC4FD9D7FD02EB010DCB5301CF3459A0F0BBAA62162D510E962FF33FFC7ED4 ] C:\WINDOWS\system32\adsldp.dll
16:52:52.0125 0x0d94 C:\WINDOWS\system32\adsldp.dll - ok
16:52:52.0140 0x0d94 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] C:\WINDOWS\system32\wbem\wmipcima.dll
16:52:52.0140 0x0d94 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
16:52:52.0140 0x0d94 [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] C:\WINDOWS\system32\drprov.dll
16:52:52.0140 0x0d94 C:\WINDOWS\system32\drprov.dll - ok
16:52:52.0156 0x0d94 [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] C:\WINDOWS\system32\ntlanman.dll
16:52:52.0156 0x0d94 C:\WINDOWS\system32\ntlanman.dll - ok
16:52:52.0156 0x0d94 [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] C:\WINDOWS\system32\netui0.dll
16:52:52.0156 0x0d94 C:\WINDOWS\system32\netui0.dll - ok
16:52:52.0171 0x0d94 [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] C:\WINDOWS\system32\netui1.dll
16:52:52.0171 0x0d94 C:\WINDOWS\system32\netui1.dll - ok
16:52:52.0171 0x0d94 [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] C:\WINDOWS\system32\davclnt.dll
16:52:52.0171 0x0d94 C:\WINDOWS\system32\davclnt.dll - ok
16:52:52.0187 0x0d94 ================ Scan generic autorun ======================
16:52:52.0500 0x0d94 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:52:53.0625 0x0d94 AvastUI.exe - ok
16:52:53.0640 0x0d94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:52:53.0859 0x0d94 ctfmon.exe - ok
16:52:54.0234 0x0d94 [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] C:\Program Files\CCleaner\CCleaner.exe
16:52:56.0640 0x0d94 CCleaner Monitoring - ok
16:52:57.0156 0x0d94 [ EEE55F88D83E97DD51B8E3231AC1004F, 3EB7C2BB2F5EC23B80AC4814FDC79595CE24895E0E2648674E34DA89B9C688CC ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
16:52:59.0046 0x0d94 SUPERAntiSpyware - ok
16:52:59.0453 0x0d94 [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] C:\Program Files\CCleaner\CCleaner.exe
16:53:01.0796 0x0d94 CCleaner Monitoring - ok
16:53:01.0828 0x0d94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:53:02.0031 0x0d94 ctfmon.exe - ok
16:53:02.0062 0x0d94 [ F11E16E16682A5D08CBB7A943AFAF368, 3C0B64D3075DE681EBF9B77ADB3671819CB187C1236AD798E5BDA3AFE44AE208 ] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
16:53:02.0109 0x0d94 FlashPlayerUpdate - ok
16:53:02.0109 0x0d94 Waiting for KSN requests completion. In queue: 7
16:53:03.0109 0x0d94 Waiting for KSN requests completion. In queue: 7
16:53:04.0109 0x0d94 Waiting for KSN requests completion. In queue: 7
16:53:05.0109 0x0d94 Waiting for KSN requests completion. In queue: 1
16:53:06.0109 0x0d94 Waiting for KSN requests completion. In queue: 1
16:53:07.0250 0x0d94 AV detected via SS1: avast! Antivirus, 5.0.150996965, enabled, updated
16:53:07.0265 0x0d94 Win FW state via NFM: disabled
16:53:09.0843 0x0d94 ============================================================
16:53:09.0843 0x0d94 Scan finished
16:53:09.0843 0x0d94 ============================================================
16:53:09.0859 0x0d8c Detected object count: 0
16:53:09.0859 0x0d8c Actual detected object count: 0
16:53:37.0062 0x042c Deinitialize success
MWB Killer
The OTL log
OTL logfile created on: 10/15/2014 5:11:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Misty&Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.36 Mb Total Physical Memory | 585.82 Mb Available Physical Memory | 57.75% Memory free
1.09 Gb Paging File | 0.75 Gb Available in Paging File | 69.13% Paging File free
Paging file location(s): C:\pagefile.sys 200 200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.12 Gb Total Space | 1.00 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
Computer Name: FERRARO | User Name: Misty&Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ==========
PRC - [2014/10/15 16:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Misty&Steve\Desktop\OTL.exe
PRC - [2014/10/15 00:17:34 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/10/15 00:15:10 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/26 10:04:06 | 004,811,032 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/07/22 19:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/10/15 16:43:47 | 002,874,368 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
MOD - [2014/10/15 00:15:33 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/15 00:15:16 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/15 00:15:10 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/10/11 08:53:23 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/22 19:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014/10/15 00:17:23 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/10/15 00:15:39 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/10/15 00:15:39 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/10/15 00:15:39 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/10/15 00:15:39 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/10/15 00:15:39 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/10/15 00:15:39 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/10/15 00:15:39 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/10/14 19:09:13 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PROCEXP113.SYS -- (PROCEXP113)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/29 11:59:14 | 000,142,592 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/10/14 23:48:38 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/13 20:02:52 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/07/13 19:59:14 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/04/19 17:21:14 | 000,009,856 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EMSC.sys -- (EMSC)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081218
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {1736202B-CE4D-4127-9834-9B1D584DE8AA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{1736202B-CE4D-4127-9834-9B1D584DE8AA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{C2331929-C11D-4488-810A-D66E476C113C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! (Avast)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/?fr=hp-avast&type=odc179"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {5421D7BB-E6E2-419F-8B8C-004A6EB48182}:1.9.1
FF - prefs.js..extensions.enabledItems: {2C543D8D-4420-4F16-B9A2-A3D172339860}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..keyword.URL: "https://search.yahoo.com/yhs/search"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/06 16:46:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 08:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5421D7BB-E6E2-419F-8B8C-004A6EB48182}: C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\{5421D7BB-E6E2-419F-8B8C-004A6EB48182}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2C543D8D-4420-4F16-B9A2-A3D172339860}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2C543D8D-4420-4F16-B9A2-A3D172339860}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/15 00:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/10/14 17:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/10/14 17:46:04 | 000,000,000 | ---D | M]
[2009/08/03 11:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Extensions
[2009/08/03 11:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2014/10/14 09:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\extensions
[2009/08/03 12:34:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/15 15:44:26 | 000,004,212 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\searchplugins\aim-search.xml
[2014/10/15 08:46:26 | 000,009,405 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\searchplugins\yahoo-avast.xml
[2014/10/14 17:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/10/14 17:48:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/31 18:05:36 | 000,119,312 | ---- | M] (none) -- C:\Program Files\mozilla firefox\components\eeabdccc.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2014/10/14 18:54:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1D0525C-72D3-441D-B5FC-209F02D58F43}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 360 Days ==========
[2014/10/15 16:48:44 | 000,212,064 | ---- | C] (Kaspersky Lab, Yury Parshin) -- C:\WINDOWS\System32\drivers\12823763.sys
[2014/10/15 16:45:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Misty&Steve\Desktop\OTL.exe
[2014/10/15 10:06:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Misty&Steve\Recent
[2014/10/15 08:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\Temp
[2014/10/15 00:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Misty&Steve\Application Data\AVAST Software
[2014/10/15 00:18:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/10/15 00:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/10/15 00:16:13 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/10/15 00:16:10 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/10/15 00:16:08 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/10/15 00:16:06 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/10/15 00:16:04 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/10/15 00:15:49 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/10/15 00:15:34 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/10/15 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/10/15 00:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/10/14 21:27:06 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/10/14 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/14 21:25:48 | 000,054,360 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/10/14 21:25:48 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/10/14 21:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/14 21:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/10/14 20:33:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/10/14 19:09:13 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2014/10/14 19:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/10/14 18:09:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/10/14 18:02:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/10/14 18:02:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/10/14 18:02:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/10/14 18:02:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/10/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/10/14 18:00:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Misty&Steve\My Documents\My Videos
[2014/10/14 18:00:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Misty&Steve\Start Menu\Programs\Administrative Tools
[2014/10/14 17:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/10/14 17:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/10/14 17:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/10/14 10:21:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/10/14 09:58:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/14 09:35:51 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/10/14 09:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Misty&Steve\Application Data\SUPERAntiSpyware.com
[2014/10/13 11:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/10/13 11:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/10/13 11:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 360 Days ==========
[2014/10/15 16:59:57 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/10/15 16:59:57 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/10/15 16:56:06 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/10/15 16:55:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/10/15 16:55:20 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/15 16:48:44 | 000,212,064 | ---- | M] (Kaspersky Lab, Yury Parshin) -- C:\WINDOWS\System32\drivers\12823763.sys
[2014/10/15 16:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Misty&Steve\Desktop\OTL.exe
[2014/10/15 08:51:33 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/10/15 08:46:27 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Desktop\Mozilla Firefox.lnk
[2014/10/15 00:18:26 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/10/15 00:17:23 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/10/15 00:15:39 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/10/15 00:15:39 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/10/15 00:15:39 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/10/15 00:15:39 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/10/15 00:15:39 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/10/15 00:15:39 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/10/15 00:15:39 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/10/15 00:15:34 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/10/15 00:15:34 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/10/14 21:26:24 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/14 19:09:13 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2014/10/14 18:54:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/10/14 18:09:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/10/14 17:48:46 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/10/14 11:56:38 | 000,013,691 | ---- | M] () -- C:\WINDOWS\Ghufulazexizu.dat
[2014/10/13 12:01:54 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/10/13 11:57:52 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/10/13 11:36:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/10/01 11:20:26 | 000,054,360 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/10/01 11:20:20 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/10/15 00:18:26 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/10/15 00:17:09 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/10/15 00:16:11 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/10/15 00:16:07 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/10/15 00:16:05 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/10/14 22:23:52 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Misty&Steve\Desktop\Mozilla Firefox.lnk
[2014/10/14 21:26:24 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/14 18:09:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/10/14 18:09:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/10/14 18:02:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/10/14 18:02:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/10/14 18:02:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/10/14 18:02:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/10/14 18:02:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/10/14 17:48:43 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/10/14 09:24:07 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2014/10/13 12:01:54 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/10/13 11:57:52 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/18 05:57:42 | 000,017,442 | -HS- | C] () -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\192948760
[2010/04/17 17:07:20 | 000,017,514 | -HS- | C] () -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\58G3tyIDc
[2010/04/17 17:07:20 | 000,017,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2009/03/06 11:03:15 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 10:14:25 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Misty&Steve\Application Data\wklnhst.dat
========== ZeroAccess Check ==========
[2008/04/25 21:50:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:05:06 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
The OTL log
OTL logfile created on: 10/15/2014 5:11:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Misty&Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.36 Mb Total Physical Memory | 585.82 Mb Available Physical Memory | 57.75% Memory free
1.09 Gb Paging File | 0.75 Gb Available in Paging File | 69.13% Paging File free
Paging file location(s): C:\pagefile.sys 200 200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.12 Gb Total Space | 1.00 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
Computer Name: FERRARO | User Name: Misty&Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ==========
PRC - [2014/10/15 16:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Misty&Steve\Desktop\OTL.exe
PRC - [2014/10/15 00:17:34 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/10/15 00:15:10 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/26 10:04:06 | 004,811,032 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/07/22 19:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/10/15 16:43:47 | 002,874,368 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
MOD - [2014/10/15 00:15:33 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/15 00:15:16 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/15 00:15:10 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/10/11 08:53:23 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/22 19:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014/10/15 00:17:23 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/10/15 00:15:39 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/10/15 00:15:39 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/10/15 00:15:39 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/10/15 00:15:39 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/10/15 00:15:39 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/10/15 00:15:39 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/10/15 00:15:39 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/10/14 19:09:13 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PROCEXP113.SYS -- (PROCEXP113)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/29 11:59:14 | 000,142,592 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/10/14 23:48:38 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/07/13 20:02:52 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/07/13 19:59:14 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/04/19 17:21:14 | 000,009,856 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EMSC.sys -- (EMSC)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081218
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {1736202B-CE4D-4127-9834-9B1D584DE8AA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{1736202B-CE4D-4127-9834-9B1D584DE8AA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{C2331929-C11D-4488-810A-D66E476C113C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! (Avast)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/?fr=hp-avast&type=odc179"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {5421D7BB-E6E2-419F-8B8C-004A6EB48182}:1.9.1
FF - prefs.js..extensions.enabledItems: {2C543D8D-4420-4F16-B9A2-A3D172339860}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..keyword.URL: "https://search.yahoo.com/yhs/search"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/06 16:46:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/03 08:32:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5421D7BB-E6E2-419F-8B8C-004A6EB48182}: C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\{5421D7BB-E6E2-419F-8B8C-004A6EB48182}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2C543D8D-4420-4F16-B9A2-A3D172339860}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{2C543D8D-4420-4F16-B9A2-A3D172339860}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/15 00:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/10/14 17:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/10/14 17:46:04 | 000,000,000 | ---D | M]
[2009/08/03 11:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Extensions
[2009/08/03 11:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2014/10/14 09:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\extensions
[2009/08/03 12:34:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/15 15:44:26 | 000,004,212 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\searchplugins\aim-search.xml
[2014/10/15 08:46:26 | 000,009,405 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Application Data\Mozilla\Firefox\Profiles\giipvenf.default\searchplugins\yahoo-avast.xml
[2014/10/14 17:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/10/14 17:48:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/31 18:05:36 | 000,119,312 | ---- | M] (none) -- C:\Program Files\mozilla firefox\components\eeabdccc.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O1 HOSTS File: ([2014/10/14 18:54:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1D0525C-72D3-441D-B5FC-209F02D58F43}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 360 Days ==========
[2014/10/15 16:48:44 | 000,212,064 | ---- | C] (Kaspersky Lab, Yury Parshin) -- C:\WINDOWS\System32\drivers\12823763.sys
[2014/10/15 16:45:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Misty&Steve\Desktop\OTL.exe
[2014/10/15 10:06:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Misty&Steve\Recent
[2014/10/15 08:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\Temp
[2014/10/15 00:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Misty&Steve\Application Data\AVAST Software
[2014/10/15 00:18:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/10/15 00:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/10/15 00:16:13 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/10/15 00:16:10 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/10/15 00:16:08 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/10/15 00:16:06 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/10/15 00:16:04 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/10/15 00:15:49 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/10/15 00:15:34 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/10/15 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/10/15 00:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/10/14 21:27:06 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/10/14 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/14 21:25:48 | 000,054,360 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/10/14 21:25:48 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/10/14 21:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/14 21:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/10/14 20:33:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/10/14 19:09:13 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2014/10/14 19:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/10/14 18:09:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/10/14 18:02:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/10/14 18:02:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/10/14 18:02:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/10/14 18:02:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/10/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/10/14 18:00:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Misty&Steve\My Documents\My Videos
[2014/10/14 18:00:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Misty&Steve\Start Menu\Programs\Administrative Tools
[2014/10/14 17:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/10/14 17:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/10/14 17:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/10/14 10:21:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/10/14 09:58:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/14 09:35:51 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/10/14 09:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Misty&Steve\Application Data\SUPERAntiSpyware.com
[2014/10/13 11:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/10/13 11:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/10/13 11:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 360 Days ==========
[2014/10/15 16:59:57 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/10/15 16:59:57 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/10/15 16:56:06 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/10/15 16:55:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/10/15 16:55:20 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/15 16:48:44 | 000,212,064 | ---- | M] (Kaspersky Lab, Yury Parshin) -- C:\WINDOWS\System32\drivers\12823763.sys
[2014/10/15 16:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Misty&Steve\Desktop\OTL.exe
[2014/10/15 08:51:33 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/10/15 08:46:27 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Desktop\Mozilla Firefox.lnk
[2014/10/15 00:18:26 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/10/15 00:17:23 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/10/15 00:15:39 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/10/15 00:15:39 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/10/15 00:15:39 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/10/15 00:15:39 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/10/15 00:15:39 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/10/15 00:15:39 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/10/15 00:15:39 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/10/15 00:15:34 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/10/15 00:15:34 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/10/14 21:26:24 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/14 19:09:13 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2014/10/14 18:54:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/10/14 18:09:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/10/14 17:48:46 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Misty&Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/10/14 11:56:38 | 000,013,691 | ---- | M] () -- C:\WINDOWS\Ghufulazexizu.dat
[2014/10/13 12:01:54 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/10/13 11:57:52 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/10/13 11:36:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/10/01 11:20:26 | 000,054,360 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/10/01 11:20:20 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/10/15 00:18:26 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/10/15 00:17:09 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/10/15 00:16:11 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/10/15 00:16:07 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/10/15 00:16:05 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/10/14 22:23:52 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Misty&Steve\Desktop\Mozilla Firefox.lnk
[2014/10/14 21:26:24 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/14 18:09:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/10/14 18:09:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/10/14 18:02:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/10/14 18:02:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/10/14 18:02:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/10/14 18:02:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/10/14 18:02:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/10/14 17:48:43 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/10/14 09:24:07 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2014/10/13 12:01:54 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/10/13 11:57:52 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/18 05:57:42 | 000,017,442 | -HS- | C] () -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\192948760
[2010/04/17 17:07:20 | 000,017,514 | -HS- | C] () -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\58G3tyIDc
[2010/04/17 17:07:20 | 000,017,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58G3tyIDc
[2009/03/06 11:03:15 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Misty&Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 10:14:25 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Misty&Steve\Application Data\wklnhst.dat
========== ZeroAccess Check ==========
[2008/04/25 21:50:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:05:06 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
MWB Killer
The OTL extras log. I know this is a ton of stuff - thank you once again!
OTL Extras logfile created on: 10/15/2014 5:11:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Misty&Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.36 Mb Total Physical Memory | 585.82 Mb Available Physical Memory | 57.75% Memory free
1.09 Gb Paging File | 0.75 Gb Available in Paging File | 69.13% Paging File free
Paging file location(s): C:\pagefile.sys 200 200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.12 Gb Total Space | 1.00 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
Computer Name: FERRARO | User Name: Misty&Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B840FAB0-0E67-4DD9-A93C-A92BA7DF9625}" = Dell Box.net Launcher
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avast" = avast! Free Antivirus
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 33.0 (x86 en-US)" = Mozilla Firefox 33.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Dell Touchpad
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 4:59:57 PM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 4:59:57 PM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/14/2014 12:03:52 PM | Computer Name = FERRARO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 10/14/2014 12:03:52 PM | Computer Name = FERRARO | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 10/14/2014 12:03:52 PM | Computer Name = FERRARO | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 10/14/2014 12:06:10 PM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/14/2014 6:52:54 PM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/14/2014 9:44:26 PM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/14/2014 9:45:18 PM | Computer Name = FERRARO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/15/2014 12:45:44 AM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/15/2014 12:58:55 AM | Computer Name = FERRARO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/15/2014 10:09:01 AM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
< End of report >
The OTL extras log. I know this is a ton of stuff - thank you once again!
OTL Extras logfile created on: 10/15/2014 5:11:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Misty&Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.36 Mb Total Physical Memory | 585.82 Mb Available Physical Memory | 57.75% Memory free
1.09 Gb Paging File | 0.75 Gb Available in Paging File | 69.13% Paging File free
Paging file location(s): C:\pagefile.sys 200 200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 7.12 Gb Total Space | 1.00 Gb Free Space | 13.99% Space Free | Partition Type: NTFS
Computer Name: FERRARO | User Name: Misty&Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019 -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019 -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B840FAB0-0E67-4DD9-A93C-A92BA7DF9625}" = Dell Box.net Launcher
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avast" = avast! Free Antivirus
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 33.0 (x86 en-US)" = Mozilla Firefox 33.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Dell Touchpad
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 4:59:57 PM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 1/6/2011 12:31:30 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/13/2014 12:18:24 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/14/2014 6:30:39 PM | Computer Name = FERRARO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 10:01:08 AM | Computer Name = FERRARO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 10/15/2014 4:59:57 PM | Computer Name = FERRARO | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.69.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/14/2014 12:03:52 PM | Computer Name = FERRARO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 10/14/2014 12:03:52 PM | Computer Name = FERRARO | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 10/14/2014 12:03:52 PM | Computer Name = FERRARO | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 10/14/2014 12:06:10 PM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/14/2014 6:52:54 PM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/14/2014 9:44:26 PM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/14/2014 9:45:18 PM | Computer Name = FERRARO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/15/2014 12:45:44 AM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 10/15/2014 12:58:55 AM | Computer Name = FERRARO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 10/15/2014 10:09:01 AM | Computer Name = FERRARO | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
< End of report >