Jump to content


Photo

Ad-Aware 10 won't start on Windows Vista


  • This topic is locked This topic is locked
48 replies to this topic

#21 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 13 June 2012 - 12:45 PM

I think it is a good idea if you follow LS Ann's suggestion. This is a strange problem and it is probably much easier for someone that can connect to your computer to find the solution than to do it in the forum.

1. Control Panel - Administration Tools - Services
Find "Ad-Aware Service" in the list and double-click on it.
Check that the start method is automatic.
Click on the Start button. What error message do you get?

2. Let us see what an online scanner says:
Run an online scan with Eset http://www.eset.com/onlinescan/

Un-check "Remove found threats"
Check "Scan Archives"

Click "Advanced Settings"
Check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

When the scan completes the log file C:\Program\Eset\Eset Online Scanner\log.txt is created. Open it in Notepad and paste its content in your answer.

3. Restart the computer and check if there are any common errors with Windows files and settings by running System File Checker: http://support.microsoft.com/kb/929833

#22 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 20 August 2012 - 10:47 PM

Sorry I have not been back in a while. Ayways here's the scan. I tried the other thing, and windows fixe errors but it didn't solve the problem.
The error I get when I run ad aware sevice is this:

Windows could not start the Ad-Aware Service service on Local Computer.

Error 1053: The service did not respond to the start or control request in a timely fashion.

Here is the scan results:
C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe Win32/Toolbar.Zugo application
C:\Users\Jared\AppData\Local\Temp\msimg32.dll a variant of Win32/Kryptik.AKMA trojan
C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1e133708-639f649f a variant of Java/Exploit.CVE-2012-1723.AP trojan

#23 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 20 August 2012 - 11:34 PM

Please, delete C:\Program Files\Search Toolbar.

The DDS logs says that Microsoft Security Essentials is installed. Do you know anything about that?

Upload C:\Users\Jared\AppData\Local\Temp\msimg32.dll to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report.

Best that you post new DDS logs, both DDS.txt and Attach.txt.

#24 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 28 August 2012 - 10:48 PM

Sorry, But I already deleted C:\Users\Jared\AppData\Local\Temp\msimg32.dll.
I did a search on my computer for MSE and it isn't installed.

Here is DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JT at 16:43:13 on 2012-08-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1637 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\TP-LINK\QSS\jswpbapi.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
uRun: [SansaDispatch] c:\users\jt.jared-pc\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [EPSON WorkForce 840 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigma.exe /fu "c:\windows\temp\E_S4C5B.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a3a814ad-e978-4b68-a548-ac9c560c1b9d}\_A6095E4D62E53F7667CEA7.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C2D91CE7-F628-489E-876F-72B5EEE71D4B} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jt.jared-pc\appdata\roaming\mozilla\firefox\profiles\cs9a2nnt.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\jt.jared-pc\appdata\local\roblox\versions\version-eecd9135a67340ab\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQH4mGHPs&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5666aefd00000000000090f6520c5a9c
FF - user.js: extensions.incredibar_i.instlDay - 15571
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:35:21
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQH4mGHPs
FF - user.js: extensions.incredibar_i.upn2n - 92543435031852914
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-7-21 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2012-7-21 188416]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95232]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-10 1153368]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-7-21 1387008]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2012-8-2 20024]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2012-7-21 954368]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 113120]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-28 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-28 19:49:35 -------- d-----w- c:\users\jt.jared-pc\appdata\local\adaware
2012-08-28 19:47:29 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47:18 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 19:38:52 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\Ad-Aware Antivirus
2012-08-28 18:49:04 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49:04 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49:04 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:49:04 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:48:45 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48:43 -------- d-----w- c:\program files\common files\Logitech
2012-08-28 18:48:24 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-08-28 18:48:24 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-08-28 18:48:24 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-08-28 18:48:23 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-08-28 18:48:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-08-28 18:48:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-08-28 18:48:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-08-20 01:07:58 -------- d-----w- c:\users\jt.jared-pc\appdata\roaming\AVS4YOU
2012-08-20 01:06:10 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06:02 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-20 01:06:02 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06:02 -------- d-----w- c:\program files\common files\AVSMedia
2012-08-20 01:06:02 -------- d-----w- c:\program files\AVS4YOU
2012-08-19 22:35:46 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35:25 -------- d-----w- c:\program files\Perion
2012-08-15 02:32:59 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53:20 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04:46 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43:58 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42:01 -------- d-----w- c:\program files\common files\supportsoft
2012-08-14 02:41:19 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41:18 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11:08 -------- d-----w- c:\program files\Evoluent
2012-08-06 02:44:31 -------- d-----w- c:\users\jt.jared-pc\appdata\local\Downloaded Installations
2012-08-05 03:25:31 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bd6d61a0-ad8a-4c88-ad9e-415bea41a8cc}\mpengine.dll
2012-08-05 00:06:35 -------- d-----w- c:\program files\ESET
2012-08-02 19:51:40 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-07-29 23:03:57 -------- dc-h--w- c:\programdata\{174CB352-A040-4B6C-A7AF-265990FED40B}
2012-07-29 23:03:56 -------- d-----w- c:\program files\Ultimate Encoder 7 Free
2012-07-29 22:59:09 -------- d-----w- c:\users\jt.jared-pc\appdata\local\PackageAware
.
==================== Find3M ====================
.
2012-08-15 01:35:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 01:35:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 02:41:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:44:26.02 ===============
And attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/20/2008 1:17:04 PM
System Uptime: 8/28/2012 4:35:03 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 290.163 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.989 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Auslogics Disk Defrag Professional
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Bonjour
Browser Address Error Redirector
CCleaner
CDDRV_Installer
Combat Arms
COWON Media Center - jetAudio Basic VX
Defraggler
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
DVD Shrink 3.2
Epson CreativeZone
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 840 Series Printer Uninstall
EpsonNet Print
ESET Online Scanner v3
Evoluent Mouse Manager
Finding Nemo UWF
Finding Nemo: Nemo's Underwater World of Fun
foobar2000 v1.1.11
Free File Opener
Google Chrome
Google Desktop
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Index.dat Analyzer v2.0
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections
Intel® TV Wizard
iTunes
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
KhalSetup
Mabinogi
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft IntelliPoint 8.2
Microsoft Mathematics
Microsoft Office 2003 Resource Kit
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
MyTomTom 3.2.0.700
Nexon Game Manager
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
Pando Media Booster
PDF Tablet 0.1
Product Documentation Launcher
QSS Installation Program
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
Recuva
Roblox
Roblox for JT
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SetPoint
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
StreamTorrent 1.0
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamViewer 7
TP-LINK Wireless Client Utility
Ultimate Encoder 7 Free
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Video Driver
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio C++ 10.0 Runtime
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
Windows Live ID Sign-in Assistant
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/28/2012 4:44:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ad-Aware Service service to connect.
8/28/2012 4:44:11 PM, Error: Service Control Manager [7000] - The Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/28/2012 4:36:45 PM, Error: Service Control Manager [7023] -
8/28/2012 4:36:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Ad-Aware Service with arguments "" in order to run the server: {706FFEF5-7E90-4149-B038-B39106ECDB99}
8/28/2012 4:34:05 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:32:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:32:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/28/2012 4:32:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/28/2012 4:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/28/2012 4:32:06 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
8/28/2012 4:32:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
8/28/2012 4:32:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/28/2012 4:32:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC jswpslwf MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2012 4:31:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2012 2:44:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
8/28/2012 2:39:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/28/2012 2:38:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
8/28/2012 2:37:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/28/2012 2:37:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter SBRE spldr Wanarpv6
8/28/2012 2:24:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
8/28/2012 2:22:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
.
==== End Of File ===========================

#25 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 29 August 2012 - 12:04 AM

Win32/Kryptik.AKMA trojan can be a very serious infection. We have to use other programs that searches deeper.

1.
Please, save RougueKiller on the Desktop.
http://www.sur-la-to...om/RogueKiller/
Turn off all running programs and remove any external drives and other devices connected with USB except mouse and keyboard.

Start RougueKiller (in Vista and Windows 7 right-click the program and select "Run as administrator"). If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

Wait until "Prescan" has finished.
Click on "Scan" button in upper right corner.
Wait until the scan has finished.

A report with a name similar to RKreport.txt should have been created on the desktop.
Please, post it in your answer.

2.
Please, download aswMBR to your desktop. http://public.avast....erek/aswMBR.exe

Double click it to start the program.
Allow it to download extra definitions.
Click the Scan button to start the scan.
When the scan has finished click the Save log button and save it to your desktop.
Post the log.

3.
Save TDSSKiller on the Desktop:
http://support.kaspe.../tdsskiller.exe

Turn off all programs.
Run the program TDSSKiller.

Click on Start Scan.

If any malicious objects are found select Cure and click Continue. If Cure isn't available select Skip. If any suspicious objects are found select Skip Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

#26 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 31 August 2012 - 01:08 AM

Attached File  TDSSKiller.2.8.8.0_30.08.2012_19.01.47_log.txt   424.62KB   191 downloadsAttached File  aswMBR.txt   2.11KB   115 downloadsAttached File  RKreport1.txt   3.93KB   143 downloadsAttached File  TDSSKiller.2.8.8.0_30.08.2012_19.01.47_log.txt   424.62KB   191 downloadsRKReport.txt:

RogueKiller V8.0.1 [08/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : JT [Admin rights]
Mode : Scan -- Date : 08/30/2012 16:16:24
¤¤¤ Bad processes : 9 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
[RESIDUE] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-215613564-3252992321-3342676906-1011[...]\Run : SansaDispatch (C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4667 : wscript.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Users\JT6640~1.JAR\Desktop\dds.scr) -> FOUND
[FILEASSO] HKLM\[...]\command : (C:\Program Files\Internet Explorer\iexplore.exe) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++
--- User ---
[MBR] 25eb30350c9e160deb561013fb9d3a61
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 16:17:39
-----------------------------
16:17:39.969 OS Version: Windows 6.0.6002 Service Pack 2
16:17:39.969 Number of processors: 2 586 0xF0B
16:17:39.969 ComputerName: JTSDESKTOPCOMPU UserName: JT
16:17:41.495 Initialize success
16:19:02.484 AVAST engine defs: 12083001
16:19:14.713 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:19:14.714 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476940MB BusType: 3
16:19:14.728 Disk 0 MBR read successfully
16:19:14.730 Disk 0 MBR scan
16:19:14.735 Disk 0 Windows VISTA default MBR code
16:19:14.737 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:19:14.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
16:19:14.759 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466651 MB offset 21069824
16:19:14.765 Disk 0 scanning sectors +976771072
16:19:14.832 Disk 0 scanning C:\Windows\system32\drivers
16:19:23.962 Service scanning
16:19:38.451 Service TrueSight C:\Windows\system32\drivers\TrueSight.sys **HIDDEN**
16:19:42.338 Modules scanning
16:20:00.572 Disk 0 trace - called modules:
16:20:00.603 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:20:00.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86666ac8]
16:20:00.610 3 CLASSPNP.SYS[8abab8b3] -> nt!IofCallDriver -> [0x85156830]
16:20:00.614 5 acpi.sys[8068e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85b54528]
16:20:01.583 AVAST engine scan C:\Windows
16:20:18.724 AVAST engine scan C:\Windows\system32
16:23:08.441 AVAST engine scan C:\Windows\system32\drivers
16:23:20.765 AVAST engine scan C:\Users\JT.Jared-PC
16:33:45.362 AVAST engine scan C:\ProgramData
16:36:07.058 Scan finished successfully
16:39:15.230 Disk 0 MBR has been saved successfully to "C:\Users\JT.Jared-PC\Desktop\MBR.dat"
16:39:15.234 The log file has been saved successfully to "C:\Users\JT.Jared-PC\Desktop\aswMBR.txt"

TDSSKiller:

19:01:47.0997 2080 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:01:48.0387 2080 ============================================================
19:01:48.0387 2080 Current date / time: 2012/08/30 19:01:48.0387
19:01:48.0387 2080 SystemInfo:
19:01:48.0387 2080
19:01:48.0387 2080 OS Version: 6.0.6002 ServicePack: 2.0
19:01:48.0387 2080 Product type: Workstation
19:01:48.0387 2080 ComputerName: JTSDESKTOPCOMPU
19:01:48.0387 2080 UserName: JT
19:01:48.0387 2080 Windows directory: C:\Windows
19:01:48.0387 2080 System windows directory: C:\Windows
19:01:48.0403 2080 Processor architecture: Intel x86
19:01:48.0403 2080 Number of processors: 2
19:01:48.0403 2080 Page size: 0x1000
19:01:48.0403 2080 Boot type: Normal boot
19:01:48.0403 2080 ============================================================
19:01:49.0859 2080 BG loaded
19:01:50.0312 2080 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:01:50.0312 2080 ============================================================
19:01:50.0312 2080 \Device\Harddisk0\DR0:
19:01:50.0327 2080 MBR partitions:
19:01:50.0327 2080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
19:01:50.0327 2080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x38F6D800
19:01:50.0327 2080 ============================================================
19:01:50.0390 2080 C: <-> \Device\Harddisk0\DR0\Partition2
19:01:50.0436 2080 D: <-> \Device\Harddisk0\DR0\Partition1
19:01:50.0436 2080 ============================================================
19:01:50.0436 2080 Initialize success
19:01:50.0436 2080 ============================================================
19:02:01.0888 3368 ============================================================
19:02:01.0888 3368 Scan started
19:02:01.0888 3368 Mode: Manual; SigCheck; TDLFS;
19:02:01.0888 3368 ============================================================
19:02:05.0133 3368 ================ Scan system memory ========================
19:02:05.0133 3368 System memory - ok
19:02:05.0133 3368 ================ Scan services =============================
19:02:05.0975 3368 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:02:06.0069 3368 ACPI - ok
19:02:06.0162 3368 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
19:02:06.0193 3368 Ad-Aware Service - ok
19:02:06.0349 3368 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:02:06.0349 3368 AdobeARMservice - ok
19:02:06.0412 3368 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:02:12.0418 3368 AdobeFlashPlayerUpdateSvc - ok
19:02:12.0605 3368 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:02:12.0621 3368 adp94xx - ok
19:02:12.0714 3368 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:02:12.0745 3368 adpahci - ok
19:02:12.0761 3368 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:02:12.0839 3368 adpu160m - ok
19:02:12.0886 3368 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:02:12.0933 3368 adpu320 - ok
19:02:13.0011 3368 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:02:13.0120 3368 AeLookupSvc - ok
19:02:13.0151 3368 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
19:02:13.0182 3368 AERTFilters ( UnsignedFile.Multi.Generic ) - warning
19:02:13.0182 3368 AERTFilters - detected UnsignedFile.Multi.Generic (1)
19:02:13.0229 3368 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:02:13.0291 3368 AFD - ok
19:02:13.0338 3368 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:02:13.0338 3368 agp440 - ok
19:02:13.0385 3368 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:02:13.0385 3368 aic78xx - ok
19:02:13.0447 3368 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:02:13.0557 3368 ALG - ok
19:02:13.0572 3368 [ DC67A153FDB8105B25D05334B5E1D8E2 ] aliide C:\Windows\system32\drivers\aliide.sys
19:02:13.0588 3368 aliide - ok
19:02:13.0603 3368 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:02:13.0619 3368 amdagp - ok
19:02:13.0635 3368 [ 835C4C3355088298A5EBD818FA31430F ] amdide C:\Windows\system32\drivers\amdide.sys
19:02:13.0650 3368 amdide - ok
19:02:13.0697 3368 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:02:14.0555 3368 AmdK7 - ok
19:02:14.0586 3368 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:02:14.0649 3368 AmdK8 - ok
19:02:14.0695 3368 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:02:14.0758 3368 Appinfo - ok
19:02:14.0820 3368 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:02:14.0820 3368 Apple Mobile Device - ok
19:02:14.0851 3368 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:02:14.0867 3368 arc - ok
19:02:14.0898 3368 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:02:14.0914 3368 arcsas - ok
19:02:15.0085 3368 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:02:15.0085 3368 aspnet_state - ok
19:02:15.0132 3368 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:15.0179 3368 AsyncMac - ok
19:02:15.0210 3368 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:02:15.0226 3368 atapi - ok
19:02:15.0335 3368 [ 443CA4F36D0E2576AC0BD7A73A45F32B ] athur C:\Windows\system32\DRIVERS\athur.sys
19:02:15.0413 3368 athur - ok
19:02:15.0460 3368 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:02:15.0475 3368 AudioEndpointBuilder - ok
19:02:15.0585 3368 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:02:15.0881 3368 Audiosrv - ok
19:02:17.0472 3368 [ 47480F4260DAE9AA589BCAF924B3767A ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
19:02:17.0488 3368 BBSvc - ok
19:02:17.0800 3368 [ 6BF743CBF3BCD09DAB79245E60E1AE62 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
19:02:17.0878 3368 BBUpdate - ok
19:02:17.0925 3368 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:02:18.0034 3368 Beep - ok
19:02:18.0127 3368 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:02:18.0174 3368 BFE - ok
19:02:18.0315 3368 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
19:02:18.0377 3368 BITS - ok
19:02:18.0377 3368 blbdrive - ok
19:02:18.0517 3368 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:02:18.0549 3368 Bonjour Service - ok
19:02:18.0595 3368 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:02:18.0673 3368 bowser - ok
19:02:18.0720 3368 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:02:18.0767 3368 BrFiltLo - ok
19:02:18.0798 3368 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:02:18.0876 3368 BrFiltUp - ok
19:02:18.0939 3368 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:02:18.0985 3368 Browser - ok
19:02:19.0048 3368 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:02:19.0126 3368 Brserid - ok
19:02:19.0141 3368 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:02:19.0235 3368 BrSerWdm - ok
19:02:19.0266 3368 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:02:19.0391 3368 BrUsbMdm - ok
19:02:19.0407 3368 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:02:19.0469 3368 BrUsbSer - ok
19:02:19.0500 3368 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:02:19.0625 3368 BTHMODEM - ok
19:02:19.0687 3368 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:02:19.0781 3368 cdfs - ok
19:02:19.0828 3368 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:02:19.0906 3368 cdrom - ok
19:02:19.0984 3368 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:02:19.0999 3368 CertPropSvc - ok
19:02:20.0046 3368 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:02:20.0109 3368 circlass - ok
19:02:20.0171 3368 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:02:20.0202 3368 CLFS - ok
19:02:20.0249 3368 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:20.0311 3368 clr_optimization_v2.0.50727_32 - ok
19:02:20.0436 3368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:02:20.0499 3368 clr_optimization_v4.0.30319_32 - ok
19:02:20.0545 3368 [ E79CBB2195E965F6E3256E2C1B23FD1C ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:02:20.0545 3368 cmdide - ok
19:02:20.0577 3368 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:02:20.0577 3368 Compbatt - ok
19:02:20.0592 3368 COMSysApp - ok
19:02:20.0670 3368 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:02:20.0686 3368 crcdisk - ok
19:02:20.0701 3368 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:02:20.0764 3368 Crusoe - ok
19:02:20.0826 3368 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:02:20.0889 3368 CryptSvc - ok
19:02:21.0107 3368 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:02:21.0123 3368 dc3d - ok
19:02:21.0232 3368 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:02:21.0279 3368 DcomLaunch - ok
19:02:21.0372 3368 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:02:21.0419 3368 DfsC - ok
19:02:21.0528 3368 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:02:21.0653 3368 DFSR - ok
19:02:21.0731 3368 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:02:21.0778 3368 Dhcp - ok
19:02:22.0074 3368 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:02:22.0105 3368 disk - ok
19:02:22.0199 3368 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:02:22.0277 3368 Dnscache - ok
19:02:22.0355 3368 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:02:22.0386 3368 dot3svc - ok
19:02:22.0511 3368 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:02:22.0589 3368 DPS - ok
19:02:22.0667 3368 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:02:22.0683 3368 drmkaud - ok
19:02:22.0761 3368 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:02:22.0792 3368 DXGKrnl - ok
19:02:22.0901 3368 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:02:22.0917 3368 e1express - ok
19:02:22.0979 3368 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:02:23.0088 3368 E1G60 - ok
19:02:23.0119 3368 EagleNT - ok
19:02:23.0135 3368 EagleXNt - ok
19:02:23.0166 3368 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:02:23.0197 3368 EapHost - ok
19:02:23.0260 3368 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:02:23.0291 3368 Ecache - ok
19:02:23.0385 3368 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:02:23.0416 3368 ehRecvr - ok
19:02:23.0478 3368 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:02:23.0587 3368 ehSched - ok
19:02:23.0603 3368 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:02:23.0634 3368 ehstart - ok
19:02:23.0712 3368 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:02:23.0775 3368 elxstor - ok
19:02:23.0821 3368 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:02:24.0009 3368 EMDMgmt - ok
19:02:24.0149 3368 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
19:02:24.0180 3368 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
19:02:24.0180 3368 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
19:02:24.0289 3368 [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:02:24.0352 3368 EPSON_EB_RPCV4_04 - ok
19:02:24.0383 3368 [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:02:24.0399 3368 EPSON_PM_RPCV4_04 - ok
19:02:24.0430 3368 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:02:24.0508 3368 EventSystem - ok
19:02:24.0539 3368 [ D7060D296061A1BD79A1F66D39EE0076 ] EvoMouseDriverMini C:\Windows\system32\drivers\EvoMouseDriverMini.sys
19:02:24.0555 3368 EvoMouseDriverMini - ok
19:02:24.0679 3368 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:02:24.0773 3368 exfat - ok
19:02:24.0804 3368 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:02:24.0851 3368 fastfat - ok
19:02:24.0898 3368 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:02:24.0960 3368 fdc - ok
19:02:25.0007 3368 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:02:25.0054 3368 fdPHost - ok
19:02:25.0085 3368 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:02:25.0147 3368 FDResPub - ok
19:02:25.0163 3368 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:02:25.0179 3368 FileInfo - ok
19:02:25.0194 3368 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:02:25.0225 3368 Filetrace - ok
19:02:25.0257 3368 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:02:25.0319 3368 flpydisk - ok
19:02:25.0350 3368 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:02:25.0366 3368 FltMgr - ok
19:02:25.0428 3368 [ 85E5AD3A9D56FD6F92DB5FC9CA62E2E4 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
19:02:25.0491 3368 FlyUsb - ok
19:02:25.0615 3368 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:02:25.0678 3368 FontCache - ok
19:02:25.0740 3368 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:02:25.0756 3368 FontCache3.0.0.0 - ok
19:02:25.0787 3368 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:02:25.0865 3368 Fs_Rec - ok
19:02:25.0896 3368 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:02:25.0912 3368 gagp30kx - ok
19:02:25.0943 3368 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:02:25.0943 3368 GEARAspiWDM - ok
19:02:26.0037 3368 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:02:26.0052 3368 GoogleDesktopManager-051210-111108 - ok
19:02:26.0099 3368 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:02:26.0193 3368 gpsvc - ok
19:02:26.0244 3368 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:02:26.0244 3368 gupdate - ok
19:02:26.0299 3368 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:02:26.0309 3368 gupdatem - ok
19:02:26.0404 3368 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:02:26.0419 3368 gusvc - ok
19:02:26.0514 3368 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:02:26.0844 3368 HdAudAddService - ok
19:02:27.0054 3368 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:02:27.0124 3368 HDAudBus - ok
19:02:27.0196 3368 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:02:27.0296 3368 HidBth - ok
19:02:27.0327 3368 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:02:27.0496 3368 HidIr - ok
19:02:27.0697 3368 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
19:02:27.0737 3368 hidserv - ok
19:02:27.0766 3368 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:02:27.0814 3368 HidUsb - ok
19:02:27.0848 3368 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:02:27.0892 3368 hkmsvc - ok
19:02:27.0913 3368 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:02:27.0933 3368 HpCISSs - ok
19:02:28.0101 3368 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:02:28.0178 3368 HTTP - ok
19:02:28.0229 3368 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:02:28.0253 3368 i2omp - ok
19:02:28.0344 3368 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:02:28.0549 3368 i8042prt - ok
19:02:28.0679 3368 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
19:02:28.0695 3368 iaStor - ok
19:02:28.0803 3368 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:02:28.0823 3368 iaStorV - ok
19:02:28.0911 3368 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:02:29.0035 3368 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:02:29.0035 3368 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:02:29.0265 3368 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:02:29.0338 3368 idsvc - ok
19:02:29.0547 3368 [ BBACE0293B73BF8C7CB591F2D06F26FA ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:02:29.0610 3368 igfx - ok
19:02:29.0643 3368 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:02:29.0664 3368 iirsp - ok
19:02:29.0769 3368 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:02:29.0841 3368 IKEEXT - ok
19:02:29.0883 3368 IntcAzAudAddService - ok
19:02:29.0917 3368 [ 0084046C084D68E494F8CF36BCF08186 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:02:29.0928 3368 intelide - ok
19:02:29.0961 3368 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:02:29.0982 3368 intelppm - ok
19:02:30.0075 3368 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:02:30.0120 3368 IPBusEnum - ok
19:02:30.0155 3368 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:30.0199 3368 IpFilterDriver - ok
19:02:30.0238 3368 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:02:30.0270 3368 iphlpsvc - ok
19:02:30.0277 3368 IpInIp - ok
19:02:30.0320 3368 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:02:30.0382 3368 IPMIDRV - ok
19:02:30.0432 3368 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:02:30.0515 3368 IPNAT - ok
19:02:30.0560 3368 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:02:30.0587 3368 iPod Service - ok
19:02:30.0612 3368 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:02:30.0655 3368 IRENUM - ok
19:02:30.0685 3368 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:02:30.0710 3368 isapnp - ok
19:02:30.0767 3368 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:02:30.0780 3368 iScsiPrt - ok
19:02:30.0808 3368 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:02:30.0817 3368 iteatapi - ok
19:02:30.0835 3368 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:02:30.0846 3368 iteraid - ok
19:02:30.0922 3368 [ F726B54C7883CB3D4C6A8339AC1ADAF7 ] jswpbapi C:\Program Files\TP-LINK\QSS\jswpbapi.exe
19:02:30.0926 3368 jswpbapi ( UnsignedFile.Multi.Generic ) - warning
19:02:30.0926 3368 jswpbapi - detected UnsignedFile.Multi.Generic (1)
19:02:30.0962 3368 [ E712A6B57943D65AA587655335EF9DAD ] jswpsapi C:\Program Files\TP-LINK\QSS\jswpsapi.exe
19:02:31.0010 3368 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
19:02:31.0010 3368 jswpsapi - detected UnsignedFile.Multi.Generic (1)
19:02:31.0054 3368 [ 55C9B4252B751226B838EED2BC50BB64 ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
19:02:31.0134 3368 jswpslwf - ok
19:02:31.0161 3368 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:02:31.0171 3368 kbdclass - ok
19:02:31.0222 3368 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:02:31.0275 3368 kbdhid - ok
19:02:31.0308 3368 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:02:31.0398 3368 KeyIso - ok
19:02:31.0500 3368 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:02:31.0540 3368 KSecDD - ok
19:02:31.0678 3368 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:02:31.0858 3368 KtmRm - ok
19:02:31.0916 3368 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
19:02:32.0044 3368 LanmanServer - ok
19:02:32.0192 3368 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:02:32.0269 3368 LanmanWorkstation - ok
19:02:32.0293 3368 Lavasoft Kernexplorer - ok
19:02:32.0359 3368 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:02:32.0418 3368 lltdio - ok
19:02:32.0477 3368 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:02:32.0556 3368 lltdsvc - ok
19:02:32.0595 3368 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:02:32.0652 3368 lmhosts - ok
19:02:32.0709 3368 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:02:32.0731 3368 LSI_FC - ok
19:02:32.0754 3368 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:02:32.0781 3368 LSI_SAS - ok
19:02:32.0801 3368 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:02:32.0841 3368 LSI_SCSI - ok
19:02:32.0898 3368 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:02:32.0950 3368 luafv - ok
19:02:33.0402 3368 [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
19:02:33.0412 3368 McAfee SiteAdvisor Service - ok
19:02:33.0454 3368 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:02:33.0497 3368 Mcx2Svc - ok
19:02:33.0530 3368 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
19:02:33.0582 3368 megasas - ok
19:02:33.0627 3368 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:02:33.0657 3368 MMCSS - ok
19:02:33.0707 3368 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:02:33.0789 3368 Modem - ok
19:02:33.0840 3368 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:02:33.0899 3368 monitor - ok
19:02:33.0924 3368 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:02:33.0934 3368 mouclass - ok
19:02:33.0969 3368 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:02:34.0023 3368 mouhid - ok
19:02:34.0061 3368 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:02:34.0086 3368 MountMgr - ok
19:02:34.0201 3368 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:02:34.0214 3368 MpFilter - ok
19:02:34.0267 3368 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
19:02:34.0299 3368 mpio - ok
19:02:34.0316 3368 [ 2C3489660D4A8D514C123C3F0D67DF46 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
19:02:34.0324 3368 MpNWMon - ok
19:02:34.0359 3368 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:02:34.0405 3368 mpsdrv - ok
19:02:34.0504 3368 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:02:34.0559 3368 MpsSvc - ok
19:02:34.0604 3368 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:02:34.0630 3368 Mraid35x - ok
19:02:34.0661 3368 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:02:34.0705 3368 MRxDAV - ok
19:02:34.0749 3368 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:34.0799 3368 mrxsmb - ok
19:02:34.0829 3368 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:34.0847 3368 mrxsmb10 - ok
19:02:34.0865 3368 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:34.0901 3368 mrxsmb20 - ok
19:02:34.0924 3368 [ D420BC42A637AC3CC4F411220549C0DC ] msahci C:\Windows\system32\drivers\msahci.sys
19:02:34.0937 3368 msahci - ok
19:02:34.0952 3368 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:02:34.0964 3368 msdsm - ok
19:02:34.0990 3368 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:02:35.0028 3368 MSDTC - ok
19:02:35.0068 3368 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:02:35.0115 3368 Msfs - ok
19:02:35.0166 3368 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:02:35.0190 3368 msisadrv - ok
19:02:35.0224 3368 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:02:35.0299 3368 MSiSCSI - ok
19:02:35.0303 3368 msiserver - ok
19:02:35.0337 3368 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:02:35.0391 3368 MSKSSRV - ok
19:02:35.0478 3368 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:02:35.0489 3368 MsMpSvc - ok
19:02:35.0504 3368 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:35.0531 3368 MSPCLOCK - ok
19:02:35.0568 3368 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:02:35.0595 3368 MSPQM - ok
19:02:35.0646 3368 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:02:35.0670 3368 MsRPC - ok
19:02:35.0698 3368 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:02:35.0709 3368 mssmbios - ok
19:02:35.0739 3368 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:02:35.0794 3368 MSTEE - ok
19:02:35.0828 3368 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:02:35.0841 3368 Mup - ok
19:02:35.0916 3368 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:02:35.0956 3368 napagent - ok
19:02:35.0998 3368 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:02:36.0031 3368 NativeWifiP - ok
19:02:36.0146 3368 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:02:36.0188 3368 NDIS - ok
19:02:36.0214 3368 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:36.0262 3368 NdisTapi - ok
19:02:36.0292 3368 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:36.0337 3368 Ndisuio - ok
19:02:36.0377 3368 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:36.0424 3368 NdisWan - ok
19:02:36.0453 3368 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:02:36.0470 3368 NDProxy - ok
19:02:36.0492 3368 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:02:36.0514 3368 NetBIOS - ok
19:02:36.0544 3368 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:02:36.0584 3368 netbt - ok
19:02:36.0599 3368 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:02:36.0610 3368 Netlogon - ok
19:02:36.0662 3368 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:02:36.0711 3368 Netman - ok
19:02:36.0757 3368 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:02:36.0804 3368 netprofm - ok
19:02:36.0829 3368 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:02:36.0857 3368 NetTcpPortSharing - ok
19:02:36.0901 3368 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:02:36.0925 3368 nfrd960 - ok
19:02:36.0979 3368 [ 7B01C6172CFD0B10116175E09200D4B4 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:02:36.0987 3368 NisDrv - ok
19:02:37.0013 3368 [ A5CB074F34BBD89948E34A630D459C0C ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:02:37.0026 3368 NisSrv - ok
19:02:37.0076 3368 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:02:37.0125 3368 NlaSvc - ok
19:02:37.0158 3368 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:02:37.0174 3368 Npfs - ok
19:02:37.0198 3368 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:02:37.0243 3368 nsi - ok
19:02:37.0268 3368 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:02:37.0289 3368 nsiproxy - ok
19:02:37.0372 3368 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:02:37.0464 3368 Ntfs - ok
19:02:37.0487 3368 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:02:37.0555 3368 ntrigdigi - ok
19:02:37.0601 3368 [ 37BE10FF10A92031FC5A01E8363925CC ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
19:02:37.0609 3368 NuidFltr - ok
19:02:37.0652 3368 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:02:37.0673 3368 Null - ok
19:02:37.0689 3368 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:02:37.0711 3368 nvraid - ok
19:02:37.0732 3368 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:02:37.0748 3368 nvstor - ok
19:02:37.0765 3368 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:02:37.0796 3368 nv_agp - ok
19:02:37.0802 3368 NwlnkFlt - ok
19:02:37.0806 3368 NwlnkFwd - ok
19:02:37.0836 3368 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:02:37.0887 3368 ohci1394 - ok
19:02:37.0962 3368 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:37.0998 3368 ose - ok
19:02:38.0130 3368 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:02:38.0234 3368 p2pimsvc - ok
19:02:38.0300 3368 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:02:38.0786 3368 p2psvc - ok
19:02:38.0896 3368 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:02:39.0054 3368 Parport - ok
19:02:39.0098 3368 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:02:39.0123 3368 partmgr - ok
19:02:39.0176 3368 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:02:39.0304 3368 Parvdm - ok
19:02:39.0356 3368 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:02:39.0546 3368 PcaSvc - ok
19:02:39.0598 3368 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:02:39.0638 3368 pci - ok
19:02:39.0663 3368 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
19:02:39.0682 3368 pciide - ok
19:02:39.0741 3368 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:02:39.0785 3368 pcmcia - ok
19:02:39.0825 3368 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
19:02:39.0922 3368 pcouffin - ok
19:02:40.0075 3368 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:02:40.0186 3368 PEAUTH - ok
19:02:40.0442 3368 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:02:40.0544 3368 pla - ok
19:02:40.0585 3368 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:02:40.0625 3368 PlugPlay - ok
19:02:40.0734 3368 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:02:40.0763 3368 PNRPAutoReg - ok
19:02:40.0827 3368 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:02:40.0891 3368 PNRPsvc - ok
19:02:40.0936 3368 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
19:02:40.0944 3368 Point32 - ok
19:02:40.0998 3368 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:02:41.0058 3368 PolicyAgent - ok
19:02:41.0108 3368 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:02:41.0129 3368 PptpMiniport - ok
19:02:41.0179 3368 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
19:02:41.0227 3368 Processor - ok
19:02:41.0269 3368 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:02:41.0310 3368 ProfSvc - ok
19:02:41.0326 3368 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:02:41.0337 3368 ProtectedStorage - ok
19:02:41.0377 3368 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:02:41.0400 3368 PSched - ok
19:02:41.0459 3368 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:02:41.0476 3368 PxHelp20 - ok
19:02:41.0688 3368 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:02:41.0875 3368 ql2300 - ok
19:02:41.0904 3368 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:02:41.0916 3368 ql40xx - ok
19:02:41.0958 3368 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:02:41.0998 3368 QWAVE - ok
19:02:42.0038 3368 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:02:42.0076 3368 QWAVEdrv - ok
19:02:42.0427 3368 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:02:42.0602 3368 R300 - ok
19:02:42.0646 3368 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:02:42.0667 3368 RasAcd - ok
19:02:42.0709 3368 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:02:42.0732 3368 RasAuto - ok
19:02:42.0777 3368 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:42.0798 3368 Rasl2tp - ok
19:02:42.0838 3368 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:02:42.0886 3368 RasMan - ok
19:02:42.0909 3368 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:42.0925 3368 RasPppoe - ok
19:02:42.0949 3368 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:02:42.0982 3368 RasSstp - ok
19:02:43.0036 3368 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:02:43.0078 3368 rdbss - ok
19:02:43.0116 3368 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:43.0163 3368 RDPCDD - ok
19:02:43.0238 3368 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:02:43.0334 3368 rdpdr - ok
19:02:43.0348 3368 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:02:43.0397 3368 RDPENCDD - ok
19:02:43.0445 3368 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:02:43.0475 3368 RDPWD - ok
19:02:43.0537 3368 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:02:43.0583 3368 RemoteAccess - ok
19:02:43.0613 3368 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:02:43.0656 3368 RemoteRegistry - ok
19:02:43.0777 3368 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
19:02:43.0907 3368 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
19:02:43.0907 3368 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
19:02:43.0957 3368 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
19:02:43.0986 3368 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
19:02:43.0986 3368 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
19:02:44.0022 3368 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:02:44.0077 3368 RpcLocator - ok
19:02:44.0101 3368 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:02:44.0126 3368 RpcSs - ok
19:02:44.0174 3368 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:02:44.0195 3368 rspndr - ok
19:02:44.0220 3368 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:02:44.0231 3368 SamSs - ok
19:02:44.0515 3368 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
19:02:45.0216 3368 SBAMSvc - ok
19:02:45.0269 3368 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\Windows\system32\drivers\sbapifs.sys
19:02:45.0279 3368 sbapifs - ok
19:02:45.0367 3368 [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips C:\Windows\system32\drivers\sbhips.sys
19:02:45.0377 3368 sbhips - ok
19:02:45.0406 3368 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:02:45.0431 3368 sbp2port - ok
19:02:45.0478 3368 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
19:02:45.0487 3368 SBRE - ok
19:02:45.0617 3368 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:02:45.0650 3368 SBSDWSCService - ok
19:02:45.0702 3368 [ 9BDF801A6C78E3F1E6FA1C5CA90BAA8A ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
19:02:45.0711 3368 sbwtis - ok
19:02:45.0752 3368 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:02:45.0808 3368 SCardSvr - ok
19:02:45.0878 3368 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:02:45.0957 3368 Schedule - ok
19:02:45.0998 3368 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:02:46.0014 3368 SCPolicySvc - ok
19:02:46.0039 3368 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:02:46.0110 3368 SDRSVC - ok
19:02:46.0134 3368 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:02:46.0182 3368 secdrv - ok
19:02:46.0207 3368 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:02:46.0260 3368 seclogon - ok
19:02:46.0273 3368 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:02:46.0321 3368 SENS - ok
19:02:46.0349 3368 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:02:46.0410 3368 Serenum - ok
19:02:46.0446 3368 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:02:46.0532 3368 Serial - ok
19:02:46.0573 3368 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:02:46.0602 3368 sermouse - ok
19:02:46.0624 3368 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:02:46.0675 3368 SessionEnv - ok
19:02:46.0693 3368 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:02:46.0750 3368 sffdisk - ok
19:02:46.0765 3368 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:02:46.0802 3368 sffp_mmc - ok
19:02:46.0830 3368 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:02:46.0870 3368 sffp_sd - ok
19:02:46.0901 3368 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:02:46.0951 3368 sfloppy - ok
19:02:46.0970 3368 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:02:47.0012 3368 SharedAccess - ok
19:02:47.0046 3368 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:02:47.0080 3368 ShellHWDetection - ok
19:02:47.0114 3368 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:02:47.0149 3368 sisagp - ok
19:02:47.0178 3368 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:02:47.0189 3368 SiSRaid2 - ok
19:02:47.0213 3368 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:02:47.0236 3368 SiSRaid4 - ok
19:02:47.0387 3368 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:02:47.0599 3368 slsvc - ok
19:02:47.0645 3368 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:02:47.0687 3368 SLUINotify - ok
19:02:47.0731 3368 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:02:47.0770 3368 Smb - ok
19:02:47.0816 3368 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:02:47.0829 3368 SNMPTRAP - ok
19:02:47.0865 3368 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:02:47.0886 3368 spldr - ok
19:02:47.0923 3368 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:02:47.0962 3368 Spooler - ok
19:02:48.0064 3368 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_dellsupportcenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
19:02:48.0073 3368 sprtsvc_dellsupportcenter - ok
19:02:48.0247 3368 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:02:48.0310 3368 srv - ok
19:02:48.0336 3368 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:02:48.0366 3368 srv2 - ok
19:02:48.0387 3368 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:02:48.0470 3368 srvnet - ok
19:02:48.0516 3368 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
19:02:48.0561 3368 sscdbus - ok
19:02:48.0586 3368 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:02:48.0630 3368 sscdmdfl - ok
19:02:48.0644 3368 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
19:02:48.0654 3368 sscdmdm - ok
19:02:48.0679 3368 [ 751E66EB32EFA80633B80F5D7FF0A1D8 ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
19:02:48.0727 3368 sscdserd - ok
19:02:48.0762 3368 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:02:48.0785 3368 SSDPSRV - ok
19:02:48.0833 3368 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:02:48.0846 3368 SstpSvc - ok
19:02:48.0891 3368 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:02:48.0934 3368 stisvc - ok
19:02:48.0983 3368 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:02:48.0992 3368 stllssvr ( UnsignedFile.Multi.Generic ) - warning
19:02:48.0993 3368 stllssvr - detected UnsignedFile.Multi.Generic (1)
19:02:49.0005 3368 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:02:49.0016 3368 swenum - ok
19:02:49.0039 3368 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:02:49.0059 3368 swprv - ok
19:02:49.0080 3368 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:02:49.0090 3368 Symc8xx - ok
19:02:49.0109 3368 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:02:49.0119 3368 Sym_hi - ok
19:02:49.0133 3368 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:02:49.0143 3368 Sym_u3 - ok
19:02:49.0191 3368 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:02:49.0238 3368 SysMain - ok
19:02:49.0295 3368 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:02:49.0308 3368 TabletInputService - ok
19:02:49.0339 3368 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:02:49.0362 3368 TapiSrv - ok
19:02:49.0394 3368 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:02:49.0444 3368 TBS - ok
19:02:49.0565 3368 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:02:49.0591 3368 Tcpip - ok
19:02:49.0605 3368 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:02:49.0630 3368 Tcpip6 - ok
19:02:49.0648 3368 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:02:49.0658 3368 tcpipreg - ok
19:02:49.0689 3368 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:02:49.0754 3368 TDPIPE - ok
19:02:49.0792 3368 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:02:49.0812 3368 TDTCP - ok
19:02:49.0849 3368 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:02:49.0867 3368 tdx - ok
19:02:50.0065 3368 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:02:50.0123 3368 TeamViewer7 - ok
19:02:50.0207 3368 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:02:50.0219 3368 TermDD - ok
19:02:50.0326 3368 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:02:50.0378 3368 TermService - ok
19:02:50.0396 3368 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:02:50.0410 3368 Themes - ok
19:02:50.0442 3368 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:02:50.0465 3368 THREADORDER - ok
19:02:50.0537 3368 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:02:50.0579 3368 TrkWks - ok
19:02:50.0695 3368 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:02:50.0765 3368 TrustedInstaller - ok
19:02:50.0830 3368 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:02:50.0958 3368 tssecsrv - ok
19:02:50.0993 3368 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:02:51.0004 3368 tunmp - ok
19:02:51.0016 3368 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:02:51.0026 3368 tunnel - ok
19:02:51.0061 3368 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:02:51.0080 3368 uagp35 - ok
19:02:51.0119 3368 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:02:51.0165 3368 udfs - ok
19:02:51.0239 3368 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:02:51.0261 3368 UI0Detect - ok
19:02:51.0382 3368 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:02:51.0437 3368 uliagpkx - ok
19:02:51.0459 3368 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:02:51.0474 3368 uliahci - ok
19:02:51.0485 3368 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:02:51.0498 3368 UlSata - ok
19:02:51.0520 3368 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:02:51.0532 3368 ulsata2 - ok
19:02:51.0559 3368 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:02:51.0580 3368 umbus - ok
19:02:51.0637 3368 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
19:02:51.0685 3368 UMPass - ok
19:02:51.0760 3368 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:02:51.0831 3368 upnphost - ok
19:02:51.0880 3368 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:02:51.0914 3368 USBAAPL - ok
19:02:51.0946 3368 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:02:51.0963 3368 usbccgp - ok
19:02:51.0979 3368 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:02:52.0062 3368 usbcir - ok
19:02:52.0100 3368 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:02:52.0116 3368 usbehci - ok
19:02:52.0135 3368 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:02:52.0176 3368 usbhub - ok
19:02:52.0206 3368 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:02:52.0273 3368 usbohci - ok
19:02:52.0309 3368 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:02:52.0365 3368 usbprint - ok
19:02:52.0421 3368 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:02:52.0438 3368 usbscan - ok
19:02:52.0454 3368 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:02:52.0489 3368 USBSTOR - ok
19:02:52.0514 3368 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:02:52.0530 3368 usbuhci - ok
19:02:52.0567 3368 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:02:52.0610 3368 UxSms - ok
19:02:52.0681 3368 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:02:52.0780 3368 vds - ok
19:02:52.0804 3368 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:02:52.0842 3368 vga - ok
19:02:52.0884 3368 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:02:52.0905 3368 VgaSave - ok
19:02:52.0945 3368 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:02:52.0981 3368 viaagp - ok
19:02:52.0991 3368 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:02:53.0056 3368 ViaC7 - ok
19:02:53.0072 3368 [ F3B4762EB85A2AFF4999401F14C3262B ] viaide C:\Windows\system32\drivers\viaide.sys
19:02:53.0083 3368 viaide - ok
19:02:53.0113 3368 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:02:53.0124 3368 volmgr - ok
19:02:53.0160 3368 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:02:53.0178 3368 volmgrx - ok
19:02:53.0212 3368 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:02:53.0230 3368 volsnap - ok
19:02:53.0253 3368 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:02:53.0310 3368 vsmraid - ok
19:02:53.0385 3368 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:02:53.0440 3368 VSS - ok
19:02:53.0550 3368 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:02:53.0570 3368 W32Time - ok
19:02:53.0583 3368 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:02:53.0621 3368 WacomPen - ok
19:02:53.0685 3368 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:02:53.0737 3368 Wanarp - ok
19:02:53.0745 3368 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:02:53.0763 3368 Wanarpv6 - ok
19:02:53.0825 3368 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:02:53.0862 3368 wcncsvc - ok
19:02:53.0893 3368 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:02:53.0930 3368 WcsPlugInService - ok
19:02:53.0973 3368 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:02:54.0010 3368 Wd - ok
19:02:54.0058 3368 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:02:54.0088 3368 Wdf01000 - ok
19:02:54.0110 3368 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:02:54.0157 3368 WdiServiceHost - ok
19:02:54.0160 3368 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:02:54.0183 3368 WdiSystemHost - ok
19:02:54.0274 3368 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:02:54.0312 3368 WebClient - ok
19:02:54.0356 3368 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:02:54.0382 3368 Wecsvc - ok
19:02:54.0406 3368 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:02:54.0424 3368 wercplsupport - ok
19:02:54.0514 3368 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:02:54.0533 3368 WerSvc - ok
19:02:54.0716 3368 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:02:54.0731 3368 WinDefend - ok
19:02:54.0736 3368 WinHttpAutoProxySvc - ok
19:02:54.0894 3368 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:02:54.0914 3368 Winmgmt - ok
19:02:55.0002 3368 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:02:55.0062 3368 WinRM - ok
19:02:55.0189 3368 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:02:55.0378 3368 Wlansvc - ok
19:02:55.0454 3368 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:02:55.0594 3368 wlidsvc - ok
19:02:55.0625 3368 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:02:55.0811 3368 WmiAcpi - ok
19:02:55.0947 3368 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:02:56.0003 3368 wmiApSrv - ok
19:02:56.0101 3368 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:02:56.0192 3368 WMPNetworkSvc - ok
19:02:56.0226 3368 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:02:56.0259 3368 WPCSvc - ok
19:02:56.0293 3368 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:02:56.0318 3368 WPDBusEnum - ok
19:02:56.0375 3368 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:02:56.0420 3368 WpdUsb - ok
19:02:57.0265 3368 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:02:57.0338 3368 WPFFontCache_v0400 - ok
19:02:57.0388 3368 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:02:57.0461 3368 ws2ifsl - ok
19:02:57.0523 3368 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
19:02:57.0577 3368 wscsvc - ok
19:02:57.0676 3368 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:02:57.0713 3368 WSDPrintDevice - ok
19:02:57.0765 3368 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
19:02:57.0806 3368 WSDScan - ok
19:02:57.0810 3368 WSearch - ok
19:02:58.0135 3368 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:02:58.0369 3368 wuauserv - ok
19:02:58.0455 3368 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:02:58.0567 3368 WUDFRd - ok
19:02:58.0599 3368 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:02:58.0648 3368 wudfsvc - ok
19:02:58.0835 3368 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:02:58.0859 3368 YahooAUService - ok
19:02:58.0893 3368 ================ Scan global ===============================
19:02:58.0939 3368 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:02:59.0009 3368 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:02:59.0023 3368 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:02:59.0076 3368 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:02:59.0079 3368 [Global] - ok
19:02:59.0079 3368 ================ Scan MBR ==================================
19:02:59.0106 3368 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:03:03.0298 3368 \Device\Harddisk0\DR0 - ok
19:03:03.0299 3368 ================ Scan VBR ==================================
19:03:03.0353 3368 [ E74BA818B36A061471D14E46C63FF10D ] \Device\Harddisk0\DR0\Partition1
19:03:03.0410 3368 \Device\Harddisk0\DR0\Partition1 - ok
19:03:03.0433 3368 [ AF60D573188E73BF582BE42836F80641 ] \Device\Harddisk0\DR0\Partition2
19:03:03.0441 3368 \Device\Harddisk0\DR0\Partition2 - ok
19:03:03.0443 3368 ================ Scan active images ========================
19:03:03.0445 3368 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
19:03:03.0445 3368 C:\Windows\System32\drivers\crashdmp.sys - ok
19:03:03.0448 3368 [ C67EBF9C05531C406E1E079FF669A2E6 ] C:\Windows\System32\drivers\Dumpata.sys
19:03:03.0448 3368 C:\Windows\System32\drivers\Dumpata.sys - ok
19:03:03.0452 3368 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] C:\Windows\System32\drivers\atapi.sys
19:03:03.0452 3368 C:\Windows\System32\drivers\atapi.sys - ok
19:03:03.0456 3368 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
19:03:03.0456 3368 C:\Windows\System32\drivers\tunnel.sys - ok
19:03:03.0463 3368 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys
19:03:03.0463 3368 C:\Windows\System32\drivers\intelppm.sys - ok
19:03:03.0468 3368 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
19:03:03.0468 3368 C:\Windows\System32\drivers\TUNMP.SYS - ok
19:03:03.0473 3368 [ BBACE0293B73BF8C7CB591F2D06F26FA ] C:\Windows\System32\drivers\igdkmd32.sys
19:03:03.0473 3368 C:\Windows\System32\drivers\igdkmd32.sys - ok
19:03:03.0478 3368 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
19:03:03.0478 3368 C:\Windows\System32\drivers\dxgkrnl.sys - ok
19:03:03.0483 3368 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
19:03:03.0483 3368 C:\Windows\System32\drivers\watchdog.sys - ok
19:03:03.0489 3368 [ 04944F4FC4F0477185F5D26AE0DDB90E ] C:\Windows\System32\drivers\e1e6032.sys
19:03:03.0489 3368 C:\Windows\System32\drivers\e1e6032.sys - ok
19:03:03.0493 3368 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
19:03:03.0493 3368 C:\Windows\System32\drivers\usbport.sys - ok
19:03:03.0497 3368 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys
19:03:03.0497 3368 C:\Windows\System32\drivers\usbuhci.sys - ok
19:03:03.0500 3368 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
19:03:03.0500 3368 C:\Windows\System32\drivers\usbehci.sys - ok
19:03:03.0506 3368 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] C:\Windows\System32\drivers\fdc.sys
19:03:03.0506 3368 C:\Windows\System32\drivers\fdc.sys - ok
19:03:03.0512 3368 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
19:03:03.0513 3368 C:\Windows\System32\drivers\hdaudbus.sys - ok
19:03:03.0517 3368 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
19:03:03.0517 3368 C:\Windows\System32\drivers\cdrom.sys - ok
19:03:03.0524 3368 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\Windows\System32\drivers\GEARAspiWDM.sys
19:03:03.0524 3368 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
19:03:03.0529 3368 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys
19:03:03.0529 3368 C:\Windows\System32\drivers\Storport.sys - ok
19:03:03.0545 3368 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
19:03:03.0545 3368 C:\Windows\System32\drivers\msiscsi.sys - ok
19:03:03.0559 3368 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
19:03:03.0559 3368 C:\Windows\System32\drivers\rasl2tp.sys - ok
19:03:03.0563 3368 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
19:03:03.0563 3368 C:\Windows\System32\drivers\tdi.sys - ok
19:03:03.0567 3368 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
19:03:03.0567 3368 C:\Windows\System32\drivers\ndistapi.sys - ok
19:03:03.0573 3368 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
19:03:03.0573 3368 C:\Windows\System32\drivers\ndiswan.sys - ok
19:03:03.0577 3368 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
19:03:03.0577 3368 C:\Windows\System32\drivers\raspppoe.sys - ok
19:03:03.0580 3368 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
19:03:03.0580 3368 C:\Windows\System32\drivers\raspptp.sys - ok
19:03:03.0584 3368 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
19:03:03.0584 3368 C:\Windows\System32\drivers\rassstp.sys - ok
19:03:03.0590 3368 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
19:03:03.0590 3368 C:\Windows\System32\drivers\termdd.sys - ok
19:03:03.0595 3368 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
19:03:03.0595 3368 C:\Windows\System32\drivers\kbdclass.sys - ok
19:03:03.0600 3368 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
19:03:03.0600 3368 C:\Windows\System32\drivers\mouclass.sys - ok
19:03:03.0614 3368 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
19:03:03.0614 3368 C:\Windows\System32\drivers\ks.sys - ok
19:03:03.0618 3368 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
19:03:03.0618 3368 C:\Windows\System32\drivers\swenum.sys - ok
19:03:03.0624 3368 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
19:03:03.0624 3368 C:\Windows\System32\drivers\mssmbios.sys - ok
19:03:03.0627 3368 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
19:03:03.0627 3368 C:\Windows\System32\drivers\umbus.sys - ok
19:03:03.0631 3368 [ D7060D296061A1BD79A1F66D39EE0076 ] C:\Windows\System32\drivers\EvoMouseDriverMini.sys
19:03:03.0632 3368 C:\Windows\System32\drivers\EvoMouseDriverMini.sys - ok
19:03:03.0639 3368 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
19:03:03.0639 3368 C:\Windows\System32\drivers\usbhub.sys - ok
19:03:03.0642 3368 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
19:03:03.0642 3368 C:\Windows\System32\drivers\ndproxy.sys - ok
19:03:03.0646 3368 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
19:03:03.0646 3368 C:\Windows\System32\drivers\drmk.sys - ok
19:03:03.0650 3368 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
19:03:03.0650 3368 C:\Windows\System32\drivers\portcls.sys - ok
19:03:03.0654 3368 [ 3F90E001369A07243763BD5A523D8722 ] C:\Windows\System32\drivers\HdAudio.sys
19:03:03.0654 3368 C:\Windows\System32\drivers\HdAudio.sys - ok
19:03:03.0658 3368 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
19:03:03.0658 3368 C:\Windows\System32\drivers\fs_rec.sys - ok
19:03:03.0662 3368 [ FEE0BADED54222E9F1DAE9541212AAB1 ] C:\Windows\System32\drivers\MpFilter.sys
19:03:03.0662 3368 C:\Windows\System32\drivers\MpFilter.sys - ok
19:03:03.0665 3368 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
19:03:03.0665 3368 C:\Windows\System32\drivers\beep.sys - ok
19:03:03.0669 3368 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
19:03:03.0669 3368 C:\Windows\System32\drivers\null.sys - ok
19:03:03.0674 3368 [ 1FD538C4FEB36B793D2121F20BBDC16F ] C:\Windows\System32\drivers\SBREDrv.sys
19:03:03.0674 3368 C:\Windows\System32\drivers\SBREDrv.sys - ok
19:03:03.0677 3368 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
19:03:03.0677 3368 C:\Windows\System32\drivers\hidparse.sys - ok
19:03:03.0681 3368 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys
19:03:03.0681 3368 C:\Windows\System32\drivers\kbdhid.sys - ok
19:03:03.0685 3368 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
19:03:03.0685 3368 C:\Windows\System32\drivers\vga.sys - ok
19:03:03.0690 3368 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
19:03:03.0690 3368 C:\Windows\System32\drivers\videoprt.sys - ok
19:03:03.0694 3368 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
19:03:03.0694 3368 C:\Windows\System32\drivers\msfs.sys - ok
19:03:03.0697 3368 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
19:03:03.0697 3368 C:\Windows\System32\drivers\RDPCDD.sys - ok
19:03:03.0700 3368 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
19:03:03.0700 3368 C:\Windows\System32\drivers\RDPENCDD.sys - ok
19:03:03.0705 3368 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
19:03:03.0705 3368 C:\Windows\System32\drivers\npfs.sys - ok
19:03:03.0709 3368 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
19:03:03.0709 3368 C:\Windows\System32\drivers\rasacd.sys - ok
19:03:03.0714 3368 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
19:03:03.0714 3368 C:\Windows\System32\drivers\tdx.sys - ok
19:03:03.0718 3368 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
19:03:03.0718 3368 C:\Windows\System32\drivers\smb.sys - ok
19:03:03.0722 3368 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
19:03:03.0722 3368 C:\Windows\System32\drivers\netbt.sys - ok
19:03:03.0726 3368 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
19:03:03.0726 3368 C:\Windows\System32\drivers\afd.sys - ok
19:03:03.0729 3368 [ E3A3CB253C0EC2494D4A61F5E43A389C ] C:\Windows\System32\drivers\ws2ifsl.sys
19:03:03.0729 3368 C:\Windows\System32\drivers\ws2ifsl.sys - ok
19:03:03.0733 3368 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
19:03:03.0733 3368 C:\Windows\System32\drivers\pacer.sys - ok
19:03:03.0738 3368 [ 55C9B4252B751226B838EED2BC50BB64 ] C:\Windows\System32\drivers\jswpslwf.sys
19:03:03.0738 3368 C:\Windows\System32\drivers\jswpslwf.sys - ok
19:03:03.0741 3368 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
19:03:03.0741 3368 C:\Windows\System32\drivers\netbios.sys - ok
19:03:03.0747 3368 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
19:03:03.0747 3368 C:\Windows\System32\drivers\wanarp.sys - ok
19:03:03.0750 3368 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
19:03:03.0750 3368 C:\Windows\System32\drivers\nsiproxy.sys - ok
19:03:03.0755 3368 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
19:03:03.0755 3368 C:\Windows\System32\drivers\rdbss.sys - ok
19:03:03.0759 3368 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
19:03:03.0759 3368 C:\Windows\System32\drivers\dfsc.sys - ok
19:03:03.0762 3368 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
19:03:03.0762 3368 C:\Windows\System32\ntdll.dll - ok
19:03:03.0766 3368 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
19:03:03.0766 3368 C:\Windows\System32\smss.exe - ok
19:03:03.0769 3368 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
19:03:03.0769 3368 C:\Windows\System32\autochk.exe - ok
19:03:03.0773 3368 [ 443CA4F36D0E2576AC0BD7A73A45F32B ] C:\Windows\System32\drivers\athur.sys
19:03:03.0774 3368 C:\Windows\System32\drivers\athur.sys - ok
19:03:03.0778 3368 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] C:\Windows\System32\drivers\dc3d.sys
19:03:03.0778 3368 C:\Windows\System32\drivers\dc3d.sys - ok
19:03:03.0781 3368 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
19:03:03.0782 3368 C:\Windows\System32\drivers\usbccgp.sys - ok
19:03:03.0785 3368 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
19:03:03.0785 3368 C:\Windows\System32\drivers\usbd.sys - ok
19:03:03.0790 3368 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
19:03:03.0790 3368 C:\Windows\System32\drivers\hidclass.sys - ok
19:03:03.0793 3368 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
19:03:03.0793 3368 C:\Windows\System32\drivers\hidusb.sys - ok
19:03:03.0797 3368 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
19:03:03.0797 3368 C:\Windows\System32\drivers\mouhid.sys - ok
19:03:03.0800 3368 [ 37BE10FF10A92031FC5A01E8363925CC ] C:\Windows\System32\drivers\nuidfltr.sys
19:03:03.0801 3368 C:\Windows\System32\drivers\nuidfltr.sys - ok
19:03:03.0806 3368 [ 896D916DE06F5502D301E8C4DC442AE8 ] C:\Windows\System32\drivers\point32.sys
19:03:03.0806 3368 C:\Windows\System32\drivers\point32.sys - ok
19:03:03.0810 3368 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
19:03:03.0810 3368 C:\Windows\System32\advapi32.dll - ok
19:03:03.0813 3368 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
19:03:03.0813 3368 C:\Windows\System32\usp10.dll - ok
19:03:03.0817 3368 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
19:03:03.0817 3368 C:\Windows\System32\gdi32.dll - ok
19:03:03.0822 3368 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
19:03:03.0822 3368 C:\Windows\System32\Wldap32.dll - ok
19:03:03.0826 3368 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
19:03:03.0826 3368 C:\Windows\System32\msvcrt.dll - ok
19:03:03.0829 3368 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
19:03:03.0829 3368 C:\Windows\System32\rpcrt4.dll - ok
19:03:03.0833 3368 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
19:03:03.0833 3368 C:\Windows\System32\imagehlp.dll - ok
19:03:03.0836 3368 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
19:03:03.0836 3368 C:\Windows\System32\shlwapi.dll - ok
19:03:03.0841 3368 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
19:03:03.0841 3368 C:\Windows\System32\clbcatq.dll - ok
19:03:03.0845 3368 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
19:03:03.0846 3368 C:\Windows\System32\lpk.dll - ok
19:03:03.0849 3368 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
19:03:03.0849 3368 C:\Windows\System32\msctf.dll - ok
19:03:03.0855 3368 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
19:03:03.0855 3368 C:\Windows\System32\normaliz.dll - ok
19:03:03.0859 3368 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
19:03:03.0859 3368 C:\Windows\System32\setupapi.dll - ok
19:03:03.0862 3368 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
19:03:03.0862 3368 C:\Windows\System32\imm32.dll - ok
19:03:03.0867 3368 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
19:03:03.0867 3368 C:\Windows\System32\nsi.dll - ok
19:03:03.0872 3368 [ 75A97A2C060E72AB49E071E08C7DD2BA ] C:\Windows\System32\wininet.dll
19:03:03.0872 3368 C:\Windows\System32\wininet.dll - ok
19:03:03.0875 3368 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
19:03:03.0875 3368 C:\Windows\System32\ole32.dll - ok
19:03:03.0879 3368 [ 667981F2E7C26275F0694B58EEE303B9 ] C:\Windows\System32\urlmon.dll
19:03:03.0879 3368 C:\Windows\System32\urlmon.dll - ok
19:03:03.0882 3368 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
19:03:03.0882 3368 C:\Windows\System32\shell32.dll - ok
19:03:03.0885 3368 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
19:03:03.0885 3368 C:\Windows\System32\user32.dll - ok
19:03:03.0890 3368 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
19:03:03.0890 3368 C:\Windows\System32\comdlg32.dll - ok
19:03:03.0894 3368 [ B17ADBBBDC97148D28F995F32C380F2E ] C:\Windows\System32\iertutil.dll
19:03:03.0894 3368 C:\Windows\System32\iertutil.dll - ok
19:03:03.0897 3368 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
19:03:03.0897 3368 C:\Windows\System32\ws2_32.dll - ok
19:03:03.0900 3368 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
19:03:03.0900 3368 C:\Windows\System32\oleaut32.dll - ok
19:03:03.0905 3368 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll
19:03:03.0905 3368 C:\Windows\System32\kernel32.dll - ok
19:03:03.0909 3368 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
19:03:03.0909 3368 C:\Windows\System32\comctl32.dll - ok
19:03:03.0913 3368 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
19:03:03.0913 3368 C:\Windows\System32\psapi.dll - ok
19:03:03.0917 3368 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
19:03:03.0917 3368 C:\Windows\System32\drivers\dxapi.sys - ok
19:03:03.0922 3368 [ 92D85E8A4129FE44A3266266AC8D151D ] C:\Windows\System32\win32k.sys
19:03:03.0922 3368 C:\Windows\System32\win32k.sys - ok
19:03:03.0926 3368 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
19:03:03.0926 3368 C:\Windows\System32\csrsrv.dll - ok
19:03:03.0929 3368 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
19:03:03.0929 3368 C:\Windows\System32\csrss.exe - ok
19:03:03.0932 3368 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
19:03:03.0932 3368 C:\Windows\System32\basesrv.dll - ok
19:03:03.0937 3368 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
19:03:03.0938 3368 C:\Windows\System32\winsrv.dll - ok
19:03:03.0942 3368 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
19:03:03.0942 3368 C:\Windows\System32\drivers\monitor.sys - ok
19:03:03.0947 3368 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
19:03:03.0947 3368 C:\Windows\System32\tsddd.dll - ok
19:03:03.0951 3368 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
19:03:03.0951 3368 C:\Windows\System32\secur32.dll - ok
19:03:03.0957 3368 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
19:03:03.0958 3368 C:\Windows\System32\userenv.dll - ok
19:03:03.0964 3368 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
19:03:03.0964 3368 C:\Windows\System32\wininit.exe - ok
19:03:03.0968 3368 [ 6434B5F02751B9140DEECF4E4A3BAB47 ] C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
19:03:03.0968 3368 C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL - ok
19:03:03.0974 3368 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
19:03:03.0974 3368 C:\Windows\System32\KBDUS.DLL - ok
19:03:03.0979 3368 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
19:03:03.0979 3368 C:\Windows\System32\cdd.dll - ok
19:03:03.0983 3368 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
19:03:03.0983 3368 C:\Windows\System32\winlogon.exe - ok
19:03:03.0989 3368 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
19:03:03.0989 3368 C:\Windows\System32\winsta.dll - ok
19:03:03.0992 3368 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
19:03:03.0992 3368 C:\Windows\System32\apphelp.dll - ok
19:03:03.0997 3368 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
19:03:03.0997 3368 C:\Windows\System32\services.exe - ok
19:03:04.0002 3368 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
19:03:04.0002 3368 C:\Windows\System32\WlS0WndH.dll - ok
19:03:04.0008 3368 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
19:03:04.0008 3368 C:\Windows\System32\sxs.dll - ok
19:03:04.0012 3368 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
19:03:04.0012 3368 C:\Windows\System32\lsass.exe - ok
19:03:04.0016 3368 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
19:03:04.0016 3368 C:\Windows\System32\scesrv.dll - ok
19:03:04.0022 3368 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
19:03:04.0022 3368 C:\Windows\System32\lsm.exe - ok
19:03:04.0026 3368 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
19:03:04.0026 3368 C:\Windows\System32\lsasrv.dll - ok
19:03:04.0030 3368 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
19:03:04.0030 3368 C:\Windows\System32\authz.dll - ok
19:03:04.0033 3368 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
19:03:04.0034 3368 C:\Windows\System32\sysntfy.dll - ok
19:03:04.0040 3368 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll
19:03:04.0040 3368 C:\Windows\System32\netapi32.dll - ok
19:03:04.0045 3368 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
19:03:04.0045 3368 C:\Windows\System32\wmsgapi.dll - ok
19:03:04.0049 3368 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
19:03:04.0049 3368 C:\Windows\System32\ncobjapi.dll - ok
19:03:04.0055 3368 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
19:03:04.0055 3368 C:\Windows\System32\samsrv.dll - ok
19:03:04.0060 3368 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll
19:03:04.0061 3368 C:\Windows\System32\aelupsvc.dll - ok
19:03:04.0066 3368 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
19:03:04.0066 3368 C:\Windows\System32\alg.exe - ok
19:03:04.0076 3368 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
19:03:04.0076 3368 C:\Windows\System32\cryptdll.dll - ok
19:03:04.0081 3368 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
19:03:04.0081 3368 C:\Windows\System32\dnsapi.dll - ok
19:03:04.0085 3368 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
19:03:04.0085 3368 C:\Windows\System32\samlib.dll - ok
19:03:04.0091 3368 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
19:03:04.0091 3368 C:\Windows\System32\appinfo.dll - ok
19:03:04.0097 3368 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
19:03:04.0097 3368 C:\Windows\System32\feclient.dll - ok
19:03:04.0101 3368 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
19:03:04.0101 3368 C:\Windows\System32\mpr.dll - ok
19:03:04.0113 3368 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
19:03:04.0113 3368 C:\Windows\System32\msasn1.dll - ok
19:03:04.0118 3368 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
19:03:04.0118 3368 C:\Windows\System32\ntdsapi.dll - ok
19:03:04.0123 3368 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
19:03:04.0123 3368 C:\Windows\System32\audiosrv.dll - ok
19:03:04.0128 3368 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
19:03:04.0128 3368 C:\Windows\System32\BFE.DLL - ok
19:03:04.0132 3368 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll
19:03:04.0132 3368 C:\Windows\System32\qmgr.dll - ok
19:03:04.0139 3368 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
19:03:04.0139 3368 C:\Windows\System32\browser.dll - ok
19:03:04.0144 3368 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
19:03:04.0144 3368 C:\Windows\System32\certprop.dll - ok
19:03:04.0149 3368 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
19:03:04.0149 3368 C:\Windows\System32\comres.dll - ok
19:03:04.0152 3368 [ 75C6A297E364014840B48ECCD7525E30 ] C:\Windows\System32\cryptsvc.dll
19:03:04.0152 3368 C:\Windows\System32\cryptsvc.dll - ok
19:03:04.0157 3368 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
19:03:04.0157 3368 C:\Windows\System32\oleres.dll - ok
19:03:04.0160 3368 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
19:03:04.0160 3368 C:\Windows\System32\dfsrres.dll - ok
19:03:04.0163 3368 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
19:03:04.0163 3368 C:\Windows\System32\dhcpcsvc.dll - ok
19:03:04.0167 3368 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
19:03:04.0167 3368 C:\Windows\System32\dot3svc.dll - ok
19:03:04.0172 3368 [ 9BE3744D295A7701EB425332014F0797 ] C:\Windows\ehome\ehrecvr.exe
19:03:04.0172 3368 C:\Windows\ehome\ehrecvr.exe - ok
19:03:04.0179 3368 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
19:03:04.0179 3368 C:\Windows\System32\dps.dll - ok
19:03:04.0184 3368 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
19:03:04.0184 3368 C:\Windows\System32\eapsvc.dll - ok
19:03:04.0189 3368 [ AD1870C8E5D6DD340C829E6074BF3C3F ] C:\Windows\ehome\ehsched.exe
19:03:04.0189 3368 C:\Windows\ehome\ehsched.exe - ok
19:03:04.0192 3368 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] C:\Windows\ehome\ehstart.dll
19:03:04.0192 3368 C:\Windows\ehome\ehstart.dll - ok
19:03:04.0195 3368 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
19:03:04.0195 3368 C:\Windows\System32\emdmgmt.dll - ok
19:03:04.0199 3368 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
19:03:04.0199 3368 C:\Windows\System32\wevtsvc.dll - ok
19:03:04.0202 3368 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
19:03:04.0202 3368 C:\Windows\System32\fdPHost.dll - ok
19:03:04.0207 3368 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
19:03:04.0207 3368 C:\Windows\System32\FDResPub.dll - ok
19:03:04.0211 3368 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
19:03:04.0211 3368 C:\Windows\System32\FntCache.dll - ok
19:03:04.0215 3368 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
19:03:04.0215 3368 C:\Windows\System32\gpapi.dll - ok
19:03:04.0218 3368 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
19:03:04.0218 3368 C:\Windows\System32\hidserv.dll - ok
19:03:04.0223 3368 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
19:03:04.0223 3368 C:\Windows\System32\KMSVC.DLL - ok
19:03:04.0227 3368 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
19:03:04.0227 3368 C:\Windows\System32\PresentationHost.exe - ok
19:03:04.0230 3368 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
19:03:04.0230 3368 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
19:03:04.0234 3368 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
19:03:04.0234 3368 C:\Windows\System32\IKEEXT.DLL - ok
19:03:04.0239 3368 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
19:03:04.0239 3368 C:\Windows\System32\IPBusEnum.dll - ok
19:03:04.0243 3368 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
19:03:04.0243 3368 C:\Windows\System32\rascfg.dll - ok
19:03:04.0245 3368 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll
19:03:04.0245 3368 C:\Windows\System32\iphlpsvc.dll - ok
19:03:04.0251 3368 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
19:03:04.0251 3368 C:\Windows\System32\keyiso.dll - ok
19:03:04.0256 3368 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
19:03:04.0256 3368 C:\Windows\System32\srvsvc.dll - ok
19:03:04.0259 3368 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
19:03:04.0259 3368 C:\Windows\System32\wkssvc.dll - ok
19:03:04.0262 3368 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
19:03:04.0263 3368 C:\Windows\System32\lltdres.dll - ok
19:03:04.0266 3368 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
19:03:04.0266 3368 C:\Windows\System32\lmhsvc.dll - ok
19:03:04.0270 3368 [ 132F6237FA3BF3E9715F63A1CCF72BF1 ] C:\Windows\ehome\ehres.dll
19:03:04.0270 3368 C:\Windows\ehome\ehres.dll - ok
19:03:04.0274 3368 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
19:03:04.0274 3368 C:\Windows\System32\FirewallAPI.dll - ok
19:03:04.0278 3368 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
19:03:04.0278 3368 C:\Windows\System32\mmcss.dll - ok
19:03:04.0282 3368 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
19:03:04.0282 3368 C:\Windows\System32\iscsidsc.dll - ok
19:03:04.0287 3368 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
19:03:04.0287 3368 C:\Windows\System32\msimsg.dll - ok
19:03:04.0292 3368 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
19:03:04.0292 3368 C:\Windows\System32\QAGENTRT.DLL - ok
19:03:04.0295 3368 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
19:03:04.0295 3368 C:\Windows\System32\netlogon.dll - ok
19:03:04.0299 3368 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
19:03:04.0299 3368 C:\Windows\System32\netman.dll - ok
19:03:04.0302 3368 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
19:03:04.0302 3368 C:\Windows\System32\netprof.dll - ok
19:03:04.0308 3368 [ 0EF5A9073DD4BF47DD7C340749D56B14 ] C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll
19:03:04.0308 3368 C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll - ok
19:03:04.0311 3368 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
19:03:04.0311 3368 C:\Windows\System32\nlasvc.dll - ok
19:03:04.0315 3368 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
19:03:04.0315 3368 C:\Windows\System32\nsisvc.dll - ok
19:03:04.0319 3368 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
19:03:04.0319 3368 C:\Windows\System32\p2psvc.dll - ok
19:03:04.0323 3368 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
19:03:04.0324 3368 C:\Windows\System32\pcasvc.dll - ok
19:03:04.0333 3368 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
19:03:04.0333 3368 C:\Windows\System32\pla.dll - ok
19:03:04.0338 3368 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
19:03:04.0338 3368 C:\Windows\System32\umpnpmgr.dll - ok
19:03:04.0342 3368 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
19:03:04.0342 3368 C:\Windows\System32\polstore.dll - ok
19:03:04.0346 3368 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
19:03:04.0346 3368 C:\Windows\System32\profsvc.dll - ok
19:03:04.0358 3368 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
19:03:04.0358 3368 C:\Windows\System32\psbase.dll - ok
19:03:04.0361 3368 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
19:03:04.0361 3368 C:\Windows\System32\drivers\qwavedrv.sys - ok
19:03:04.0365 3368 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
19:03:04.0365 3368 C:\Windows\System32\qwave.dll - ok
19:03:04.0370 3368 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
19:03:04.0370 3368 C:\Windows\System32\rasauto.dll - ok
19:03:04.0374 3368 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
19:03:04.0374 3368 C:\Windows\System32\rasmans.dll - ok
19:03:04.0377 3368 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
19:03:04.0377 3368 C:\Windows\System32\mprdim.dll - ok
19:03:04.0381 3368 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
19:03:04.0381 3368 C:\Windows\System32\sstpsvc.dll - ok
19:03:04.0384 3368 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
19:03:04.0384 3368 C:\Windows\System32\regsvc.dll - ok
19:03:04.0389 3368 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
19:03:04.0389 3368 C:\Windows\System32\Locator.exe - ok
19:03:04.0392 3368 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
19:03:04.0392 3368 C:\Windows\System32\SCardSvr.dll - ok
19:03:04.0396 3368 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
19:03:04.0396 3368 C:\Windows\System32\schedsvc.dll - ok
19:03:04.0399 3368 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
19:03:04.0399 3368 C:\Windows\System32\sdrsvc.dll - ok
19:03:04.0402 3368 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
19:03:04.0402 3368 C:\Windows\System32\seclogon.dll - ok
19:03:04.0407 3368 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
19:03:04.0407 3368 C:\Windows\System32\Sens.dll - ok
19:03:04.0411 3368 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
19:03:04.0411 3368 C:\Windows\System32\SessEnv.dll - ok
19:03:04.0414 3368 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll
19:03:04.0414 3368 C:\Windows\System32\ipnathlp.dll - ok
19:03:04.0418 3368 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
19:03:04.0418 3368 C:\Windows\System32\shsvcs.dll - ok
19:03:04.0423 3368 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
19:03:04.0423 3368 C:\Windows\System32\SLsvc.exe - ok
19:03:04.0428 3368 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
19:03:04.0428 3368 C:\Windows\System32\SLUINotify.dll - ok
19:03:04.0438 3368 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
19:03:04.0438 3368 C:\Windows\System32\tcpipcfg.dll - ok
19:03:04.0442 3368 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
19:03:04.0442 3368 C:\Windows\System32\snmptrap.exe - ok
19:03:04.0445 3368 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
19:03:04.0445 3368 C:\Windows\System32\spoolsv.exe - ok
19:03:04.0449 3368 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
19:03:04.0449 3368 C:\Windows\System32\ssdpsrv.dll - ok
19:03:04.0454 3368 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
19:03:04.0454 3368 C:\Windows\System32\wiaservc.dll - ok
19:03:04.0458 3368 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
19:03:04.0458 3368 C:\Windows\System32\swprv.dll - ok
19:03:04.0461 3368 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
19:03:04.0461 3368 C:\Windows\System32\sysmain.dll - ok
19:03:04.0465 3368 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll
19:03:04.0465 3368 C:\Windows\System32\TabSvc.dll - ok
19:03:04.0469 3368 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
19:03:04.0469 3368 C:\Windows\System32\tapisrv.dll - ok
19:03:04.0473 3368 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
19:03:04.0473 3368 C:\Windows\System32\tbssvc.dll - ok
19:03:04.0477 3368 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
19:03:04.0477 3368 C:\Windows\System32\termsrv.dll - ok
19:03:04.0480 3368 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
19:03:04.0480 3368 C:\Windows\servicing\TrustedInstaller.exe - ok
19:03:04.0483 3368 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll
19:03:04.0483 3368 C:\Windows\System32\trkwks.dll - ok
19:03:04.0488 3368 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
19:03:04.0488 3368 C:\Windows\System32\UI0Detect.exe - ok
19:03:04.0492 3368 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
19:03:04.0492 3368 C:\Windows\System32\upnphost.dll - ok
19:03:04.0494 3368 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
19:03:04.0494 3368 C:\Windows\System32\dwm.exe - ok
19:03:04.0498 3368 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
19:03:04.0498 3368 C:\Windows\System32\vds.exe - ok
19:03:04.0501 3368 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
19:03:04.0501 3368 C:\Windows\System32\VSSVC.exe - ok
19:03:04.0506 3368 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
19:03:04.0506 3368 C:\Windows\System32\w32time.dll - ok
19:03:04.0510 3368 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
19:03:04.0510 3368 C:\Windows\System32\wcncsvc.dll - ok
19:03:04.0514 3368 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
19:03:04.0514 3368 C:\Windows\System32\WcsPlugInService.dll - ok
19:03:04.0517 3368 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
19:03:04.0517 3368 C:\Windows\System32\wdi.dll - ok
19:03:04.0523 3368 [ F180EDE9CFC3FF218D4B45155119F4D9 ] C:\Windows\System32\crypt32.dll
19:03:04.0523 3368 C:\Windows\System32\crypt32.dll - ok
19:03:04.0526 3368 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
19:03:04.0526 3368 C:\Windows\System32\SLC.dll - ok
19:03:04.0530 3368 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
19:03:04.0530 3368 C:\Windows\System32\dhcpcsvc6.dll - ok
19:03:04.0533 3368 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
19:03:04.0533 3368 C:\Windows\System32\IPHLPAPI.DLL - ok
19:03:04.0539 3368 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
19:03:04.0539 3368 C:\Windows\System32\wevtapi.dll - ok
19:03:04.0543 3368 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
19:03:04.0543 3368 C:\Windows\System32\winnsi.dll - ok
19:03:04.0546 3368 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
19:03:04.0546 3368 C:\Windows\System32\cngaudit.dll - ok
19:03:04.0550 3368 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll
19:03:04.0550 3368 C:\Windows\System32\ncrypt.dll - ok
19:03:04.0555 3368 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
19:03:04.0555 3368 C:\Windows\System32\bcrypt.dll - ok
19:03:04.0558 3368 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
19:03:04.0558 3368 C:\Windows\System32\credssp.dll - ok
19:03:04.0563 3368 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
19:03:04.0563 3368 C:\Windows\System32\kerberos.dll - ok
19:03:04.0567 3368 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
19:03:04.0567 3368 C:\Windows\System32\msprivs.dll - ok
19:03:04.0572 3368 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll
19:03:04.0572 3368 C:\Windows\System32\WebClnt.dll - ok
19:03:04.0576 3368 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
19:03:04.0576 3368 C:\Windows\System32\wecsvc.dll - ok
19:03:04.0579 3368 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
19:03:04.0579 3368 C:\Windows\System32\wship6.dll - ok
19:03:04.0583 3368 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
19:03:04.0583 3368 C:\Windows\System32\wshqos.dll - ok
19:03:04.0587 3368 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
19:03:04.0587 3368 C:\Windows\System32\WSHTCPIP.DLL - ok
19:03:04.0591 3368 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
19:03:04.0591 3368 C:\Windows\System32\mswsock.dll - ok
19:03:04.0594 3368 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
19:03:04.0594 3368 C:\Windows\System32\NapiNSP.dll - ok
19:03:04.0598 3368 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
19:03:04.0598 3368 C:\Windows\System32\pnrpnsp.dll - ok
19:03:04.0603 3368 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
19:03:04.0603 3368 C:\Windows\System32\wercplsupport.dll - ok
19:03:04.0607 3368 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
19:03:04.0607 3368 C:\Windows\System32\msv1_0.dll - ok
19:03:04.0610 3368 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
19:03:04.0610 3368 C:\Windows\System32\wersvc.dll - ok
19:03:04.0614 3368 [ 62DB790A860CDFC4278D2F03CC5675D8 ] C:\Program Files\Windows Defender\MsMpRes.dll
19:03:04.0614 3368 C:\Program Files\Windows Defender\MsMpRes.dll - ok
19:03:04.0617 3368 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
19:03:04.0617 3368 C:\Windows\System32\winbrand.dll - ok
19:03:04.0622 3368 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
19:03:04.0622 3368 C:\Windows\System32\schannel.dll - ok
19:03:04.0625 3368 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
19:03:04.0625 3368 C:\Windows\System32\winhttp.dll - ok
19:03:04.0629 3368 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
19:03:04.0629 3368 C:\Windows\System32\wbem\WMIsvc.dll - ok
19:03:04.0633 3368 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
19:03:04.0633 3368 C:\Windows\System32\wdigest.dll - ok
19:03:04.0639 3368 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
19:03:04.0639 3368 C:\Windows\System32\WsmSvc.dll - ok
19:03:04.0642 3368 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
19:03:04.0642 3368 C:\Windows\System32\rsaenh.dll - ok
19:03:04.0646 3368 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
19:03:04.0646 3368 C:\Windows\System32\TSpkg.dll - ok
19:03:04.0649 3368 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
19:03:04.0649 3368 C:\Windows\System32\wlansvc.dll - ok
19:03:04.0654 3368 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
19:03:04.0654 3368 C:\Windows\System32\wbem\WmiApSrv.exe - ok
19:03:04.0657 3368 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
19:03:04.0657 3368 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
19:03:04.0661 3368 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
19:03:04.0661 3368 C:\Windows\System32\wpcsvc.dll - ok
19:03:04.0664 3368 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
19:03:04.0664 3368 C:\Windows\System32\wpdbusenum.dll - ok
19:03:04.0668 3368 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:03:04.0668 3368 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
19:03:04.0674 3368 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
19:03:04.0674 3368 C:\Windows\System32\wscsvc.dll - ok
19:03:04.0677 3368 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe
19:03:04.0677 3368 C:\Windows\System32\SearchIndexer.exe - ok
19:03:04.0681 3368 [ 575A4190D989F64732119E4114045A4F ] C:\Windows\System32\WUDFSvc.dll
19:03:04.0681 3368 C:\Windows\System32\WUDFSvc.dll - ok
19:03:04.0684 3368 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
19:03:04.0684 3368 C:\Windows\System32\scecli.dll - ok
19:03:04.0689 3368 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
19:03:04.0689 3368 C:\Windows\System32\ntmarta.dll - ok
19:03:04.0692 3368 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
19:03:04.0692 3368 C:\Windows\System32\svchost.exe - ok
19:03:04.0696 3368 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
19:03:04.0696 3368 C:\Windows\System32\powrprof.dll - ok
19:03:04.0700 3368 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
19:03:04.0700 3368 C:\Windows\System32\drivers\luafv.sys - ok
19:03:04.0713 3368 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] C:\Windows\System32\drivers\sbapifs.sys
19:03:04.0713 3368 C:\Windows\System32\drivers\sbapifs.sys - ok
19:03:04.0718 3368 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
19:03:04.0719 3368 C:\Windows\System32\rpcss.dll - ok
19:03:04.0724 3368 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
19:03:04.0724 3368 C:\Windows\System32\version.dll - ok
19:03:04.0727 3368 [ DD1D685D387A8AC666BA3B7539C774E8 ] C:\Windows\System32\wpclsp.dll
19:03:04.0728 3368 C:\Windows\System32\wpclsp.dll - ok
19:03:04.0732 3368 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
19:03:04.0732 3368 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
19:03:04.0737 3368 [ F614AB3F0AF8DEFE7AD91BE2BA483603 ] C:\Program Files\Microsoft Security Client\Antimalware\MpSvc.dll
19:03:04.0737 3368 C:\Program Files\Microsoft Security Client\Antimalware\MpSvc.dll - ok
19:03:04.0741 3368 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:03:04.0741 3368 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe - ok
19:03:04.0745 3368 [ 12B9C4FA0D4735A1873FED4083B75748 ] C:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll
19:03:04.0745 3368 C:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll - ok
19:03:04.0747 3368 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
19:03:04.0747 3368 C:\Windows\System32\LogonUI.exe - ok
19:03:04.0751 3368 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
19:03:04.0751 3368 C:\Windows\System32\wtsapi32.dll - ok
19:03:04.0755 3368 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
19:03:04.0755 3368 C:\Windows\System32\authui.dll - ok
19:03:04.0759 3368 [ E253E5DA1249A471D913F7EA4C81FAF6 ] C:\Windows\System32\wintrust.dll
19:03:04.0759 3368 C:\Windows\System32\wintrust.dll - ok
19:03:04.0762 3368 [ 4575AA12561C5648483403541D0D7F2B ] C:\Program Files\Windows Defender\MpSvc.dll
19:03:04.0762 3368 C:\Program Files\Windows Defender\MpSvc.dll - ok
19:03:04.0766 3368 [ 1BD363738B672A394EBE3B8A78EAB9D3 ] C:\Program Files\Windows Defender\MpClient.dll
19:03:04.0766 3368 C:\Program Files\Windows Defender\MpClient.dll - ok
19:03:04.0771 3368 [ 96E6931ECC73B103B1A00A84416DADA9 ] C:\Program Files\Microsoft Security Client\eppmanifest.dll
19:03:04.0771 3368 C:\Program Files\Microsoft Security Client\eppmanifest.dll - ok
19:03:04.0775 3368 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
19:03:04.0775 3368 C:\Windows\System32\msimg32.dll - ok
19:03:04.0778 3368 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
19:03:04.0778 3368 C:\Windows\System32\uxtheme.dll - ok
19:03:04.0782 3368 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
19:03:04.0782 3368 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
19:03:04.0787 3368 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
19:03:04.0787 3368 C:\Windows\System32\duser.dll - ok
19:03:04.0791 3368 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
19:03:04.0791 3368 C:\Windows\System32\xmllite.dll - ok
19:03:04.0794 3368 [ B44A7AC9E801C38F54F7340351313E85 ] C:\Windows\System32\atmfd.dll
19:03:04.0794 3368 C:\Windows\System32\atmfd.dll - ok
19:03:04.0797 3368 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
19:03:04.0797 3368 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
19:03:04.0801 3368 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
19:03:04.0801 3368 C:\Windows\System32\rasplap.dll - ok
19:03:04.0806 3368 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
19:03:04.0806 3368 C:\Windows\System32\rasapi32.dll - ok
19:03:04.0810 3368 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
19:03:04.0810 3368 C:\Windows\System32\MMDevAPI.dll - ok
19:03:04.0813 3368 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
19:03:04.0813 3368 C:\Windows\System32\avrt.dll - ok
19:03:04.0817 3368 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
19:03:04.0817 3368 C:\Windows\System32\rasman.dll - ok
19:03:04.0821 3368 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
19:03:05.0131 3368 C:\Windows\System32\cabinet.dll - ok
19:03:05.0138 3368 [ 801F1E963F7EEFFDA3F9EF89DB3EF133 ] C:\Windows\System32\radardt.dll
19:03:05.0138 3368 C:\Windows\System32\radardt.dll - ok
19:03:05.0142 3368 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
19:03:05.0142 3368 C:\Windows\System32\tapi32.dll - ok
19:03:05.0147 3368 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
19:03:05.0147 3368 C:\Windows\System32\rtutils.dll - ok
19:03:05.0152 3368 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
19:03:05.0152 3368 C:\Windows\System32\winmm.dll - ok
19:03:05.0157 3368 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
19:03:05.0157 3368 C:\Windows\System32\oleacc.dll - ok
19:03:05.0161 3368 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
19:03:05.0161 3368 C:\Windows\System32\WinSCard.dll - ok
19:03:05.0166 3368 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
19:03:05.0166 3368 C:\Windows\System32\shgina.dll - ok
19:03:05.0175 3368 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
19:03:05.0175 3368 C:\Windows\System32\shacct.dll - ok
19:03:05.0179 3368 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
19:03:05.0179 3368 C:\Windows\System32\propsys.dll - ok
19:03:05.0183 3368 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
19:03:05.0183 3368 C:\Windows\System32\adtschema.dll - ok
19:03:05.0189 3368 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
19:03:05.0189 3368 C:\Windows\System32\drivers\fltMgr.sys - ok
19:03:05.0192 3368 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
19:03:05.0192 3368 C:\Windows\System32\PSHED.DLL - ok
19:03:05.0197 3368 [ 97FEF831AB90BEE128C9AF390E243F80 ] C:\Windows\System32\drivers\drmkaud.sys
19:03:05.0197 3368 C:\Windows\System32\drivers\drmkaud.sys - ok
19:03:05.0203 3368 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
19:03:05.0203 3368 C:\Windows\System32\p2pcollab.dll - ok
19:03:05.0207 3368 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
19:03:05.0207 3368 C:\Windows\System32\audiodg.exe - ok
19:03:05.0213 3368 [ FEE0BADED54222E9F1DAE9541212AAB1 ] C:\Program Files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys
19:03:05.0213 3368 C:\Program Files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys - ok
19:03:05.0221 3368 [ 7A63B08C8E9F3A057A81E3B29D29C407 ] C:\Program Files\Microsoft Security Client\Antimalware\MpRTP.dll
19:03:05.0221 3368 C:\Program Files\Microsoft Security Client\Antimalware\MpRTP.dll - ok
19:03:05.0225 3368 [ 797F458071A9C679D13B6A9257AC32DC ] C:\Program Files\Microsoft Security Client\Antimalware\MsMpLics.dll
19:03:05.0225 3368 C:\Program Files\Microsoft Security Client\Antimalware\MsMpLics.dll - ok
19:03:05.0230 3368 [ A9542FF2E9A82CF100E5729EC79068F0 ] C:\Windows\System32\fltLib.dll
19:03:05.0230 3368 C:\Windows\System32\fltLib.dll - ok
19:03:05.0234 3368 [ 70C6489D56008D75DEDF73226FA63C11 ] C:\Windows\System32\dimsjob.dll
19:03:05.0235 3368 C:\Windows\System32\dimsjob.dll - ok
19:03:05.0240 3368 [ 364F37DA8F61636EF3838DB9D21488F2 ] C:\Program Files\Microsoft Security Client\Antimalware\NisIpsPlugin.dll
19:03:05.0240 3368 C:\Program Files\Microsoft Security Client\Antimalware\NisIpsPlugin.dll - ok
19:03:05.0243 3368 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
19:03:05.0243 3368 C:\Windows\System32\ksuser.dll - ok
19:03:05.0245 3368 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
19:03:05.0245 3368 C:\Windows\System32\wdmaud.drv - ok
19:03:05.0254 3368 [ 1543108C1D46B5FA069D33E0B39E57F8 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
19:03:05.0254 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll - ok
19:03:05.0259 3368 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
19:03:05.0259 3368 C:\Windows\System32\gpsvc.dll - ok
19:03:05.0263 3368 [ 7663BAC924DC35AA6A689705300559F1 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasbase.vdm
19:03:05.0263 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasbase.vdm - ok
19:03:05.0267 3368 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
19:03:05.0267 3368 C:\Windows\System32\nlaapi.dll - ok
19:03:05.0272 3368 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
19:03:05.0272 3368 C:\Windows\System32\atl.dll - ok
19:03:05.0275 3368 [ C9173ECA9FF08BACB4DAA7221B07917B ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasdlta.vdm
19:03:05.0275 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasdlta.vdm - ok
19:03:05.0288 3368 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
19:03:05.0288 3368 C:\Windows\System32\es.dll - ok
19:03:05.0292 3368 [ D615FD8A3FBE5BF68AD49257C031E0EB ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavbase.vdm
19:03:05.0292 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavbase.vdm - ok
19:03:05.0312 3368 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
19:03:05.0312 3368 C:\Windows\System32\drivers\spsys.sys - ok
19:03:05.0317 3368 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
19:03:05.0317 3368 C:\Windows\System32\uxsms.dll - ok
19:03:05.0322 3368 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
19:03:05.0322 3368 C:\Windows\System32\hid.dll - ok
19:03:05.0325 3368 [ 399BB52AD0668472717498E97CF28341 ] C:\Windows\System32\WUDFPlatform.dll
19:03:05.0325 3368 C:\Windows\System32\WUDFPlatform.dll - ok
19:03:05.0329 3368 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
19:03:05.0329 3368 C:\Windows\System32\drivers\lltdio.sys - ok
19:03:05.0332 3368 [ 2DFD120AB72A15C872EB524F430DDBC4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavdlta.vdm
19:03:05.0332 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavdlta.vdm - ok
19:03:05.0338 3368 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
19:03:05.0338 3368 C:\Windows\System32\WindowsCodecs.dll - ok
19:03:05.0341 3368 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] C:\Windows\System32\drivers\nwifi.sys
19:03:05.0341 3368 C:\Windows\System32\drivers\nwifi.sys - ok
19:03:05.0344 3368 [ D6973AA34C4D5D76C0430B181C3CD389 ] C:\Windows\System32\drivers\ndisuio.sys
19:03:05.0344 3368 C:\Windows\System32\drivers\ndisuio.sys - ok
19:03:05.0387 3368 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
19:03:05.0387 3368 C:\Windows\System32\drivers\rspndr.sys - ok
19:03:05.0391 3368 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll
19:03:05.0391 3368 C:\Windows\System32\dnsrslvr.dll - ok
19:03:05.0395 3368 [ 3AB4023CBD406AC33AB8CDFF6C8079A0 ] C:\Windows\System32\eapphost.dll
19:03:05.0395 3368 C:\Windows\System32\eapphost.dll - ok
19:03:05.0399 3368 [ 1543108C1D46B5FA069D33E0B39E57F8 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpengine.dll
19:03:05.0399 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpengine.dll - ok
19:03:05.0404 3368 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
19:03:05.0404 3368 C:\Windows\System32\rastls.dll - ok
19:03:05.0408 3368 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
19:03:05.0408 3368 C:\Windows\System32\raschap.dll - ok
19:03:05.0411 3368 [ 3727F8B85E24BBDD325BFF75F029DDE3 ] C:\Windows\System32\wlanmsm.dll
19:03:05.0411 3368 C:\Windows\System32\wlanmsm.dll - ok
19:03:05.0414 3368 [ 7663BAC924DC35AA6A689705300559F1 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpasbase.vdm
19:03:05.0414 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpasbase.vdm - ok
19:03:05.0420 3368 [ C9173ECA9FF08BACB4DAA7221B07917B ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpasdlta.vdm
19:03:05.0420 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpasdlta.vdm - ok
19:03:05.0445 3368 [ D615FD8A3FBE5BF68AD49257C031E0EB ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpavbase.vdm
19:03:05.0445 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpavbase.vdm - ok
19:03:05.0449 3368 [ 2DFD120AB72A15C872EB524F430DDBC4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpavdlta.vdm
19:03:05.0449 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07BD90C3-E787-4B16-8508-F53E8FA0DF01}\mpavdlta.vdm - ok
19:03:05.0456 3368 [ 1543108C1D46B5FA069D33E0B39E57F8 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpengine.dll
19:03:05.0456 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpengine.dll - ok
19:03:05.0460 3368 [ 7663BAC924DC35AA6A689705300559F1 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpasbase.vdm
19:03:05.0460 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpasbase.vdm - ok
19:03:05.0464 3368 [ C9173ECA9FF08BACB4DAA7221B07917B ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpasdlta.vdm
19:03:05.0464 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpasdlta.vdm - ok
19:03:05.0469 3368 [ 4662AF853DFAD5648CE3814E7D9EF3D6 ] C:\Windows\System32\wlansec.dll
19:03:05.0469 3368 C:\Windows\System32\wlansec.dll - ok
19:03:05.0473 3368 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
19:03:05.0473 3368 C:\Windows\System32\umb.dll - ok
19:03:05.0476 3368 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
19:03:05.0476 3368 C:\Windows\System32\onex.dll - ok
19:03:05.0480 3368 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
19:03:05.0480 3368 C:\Windows\System32\eappcfg.dll - ok
19:03:05.0483 3368 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
19:03:05.0483 3368 C:\Windows\System32\eappprxy.dll - ok
19:03:05.0488 3368 [ 91D995A67D9447592A1BF21CBC15C628 ] C:\Windows\System32\wlgpclnt.dll
19:03:05.0488 3368 C:\Windows\System32\wlgpclnt.dll - ok
19:03:05.0492 3368 [ 19FFAD68A02AF1BF0BC336EE26CD6767 ] C:\Windows\System32\l2gpstore.dll
19:03:05.0492 3368 C:\Windows\System32\l2gpstore.dll - ok
19:03:05.0495 3368 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
19:03:05.0495 3368 C:\Windows\System32\wlanutil.dll - ok
19:03:05.0498 3368 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll
19:03:05.0498 3368 C:\Windows\System32\msxml6.dll - ok
19:03:05.0503 3368 [ D615FD8A3FBE5BF68AD49257C031E0EB ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpavbase.vdm
19:03:05.0503 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpavbase.vdm - ok
19:03:05.0507 3368 [ 2DFD120AB72A15C872EB524F430DDBC4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpavdlta.vdm
19:03:05.0507 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20826639-9833-43F3-B56F-354CFEA36C7C}\mpavdlta.vdm - ok
19:03:05.0510 3368 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
19:03:05.0510 3368 C:\Windows\System32\ktmw32.dll - ok
19:03:05.0514 3368 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
19:03:05.0514 3368 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
19:03:05.0519 3368 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
19:03:05.0519 3368 C:\Windows\System32\netcfgx.dll - ok
19:03:05.0522 3368 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
19:03:05.0522 3368 C:\Windows\System32\wiarpc.dll - ok
19:03:05.0526 3368 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
19:03:05.0526 3368 C:\Windows\System32\taskcomp.dll - ok
19:03:05.0530 3368 [ F870AA3E254628EBEAFE754108D664DE ] C:\Windows\System32\drivers\http.sys
19:03:05.0530 3368 C:\Windows\System32\drivers\http.sys - ok
19:03:05.0533 3368 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
19:03:05.0533 3368 C:\Windows\System32\spoolss.dll - ok
19:03:05.0538 3368 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
19:03:05.0538 3368 C:\Windows\System32\drivers\srvnet.sys - ok
19:03:05.0542 3368 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
19:03:05.0542 3368 C:\Windows\System32\FWPUCLNT.DLL - ok
19:03:05.0546 3368 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
19:03:05.0546 3368 C:\Windows\System32\drivers\bowser.sys - ok
19:03:05.0553 3368 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
19:03:05.0553 3368 C:\Windows\System32\drivers\mpsdrv.sys - ok
19:03:05.0557 3368 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
19:03:05.0557 3368 C:\Windows\System32\drivers\mrxsmb.sys - ok
19:03:05.0561 3368 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
19:03:05.0561 3368 C:\Windows\System32\drivers\mrxsmb10.sys - ok
19:03:05.0565 3368 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
19:03:05.0565 3368 C:\Windows\System32\drivers\mrxsmb20.sys - ok
19:03:05.0569 3368 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
19:03:05.0569 3368 C:\Windows\System32\drivers\srv2.sys - ok
19:03:05.0573 3368 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
19:03:05.0573 3368 C:\Windows\System32\MPSSVC.dll - ok
19:03:05.0576 3368 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
19:03:05.0576 3368 C:\Windows\System32\drivers\srv.sys - ok
19:03:05.0580 3368 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
19:03:05.0580 3368 C:\Windows\System32\netmsg.dll - ok
19:03:05.0583 3368 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
19:03:05.0583 3368 C:\Windows\System32\wfapigp.dll - ok
19:03:05.0592 3368 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
19:03:05.0592 3368 C:\Windows\System32\sscore.dll - ok
19:03:05.0596 3368 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
19:03:05.0596 3368 C:\Windows\System32\clusapi.dll - ok
19:03:05.0600 3368 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll
19:03:05.0600 3368 C:\Windows\System32\mscms.dll - ok
19:03:05.0604 3368 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
19:03:05.0604 3368 C:\Windows\System32\activeds.dll - ok
19:03:05.0608 3368 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
19:03:05.0608 3368 C:\Windows\System32\adsldpc.dll - ok
19:03:05.0611 3368 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
19:03:05.0611 3368 C:\Windows\System32\credui.dll - ok
19:03:05.0614 3368 [ E230F3776F373F4C5E788794B53101E4 ] C:\Windows\System32\plasrv.exe
19:03:05.0614 3368 C:\Windows\System32\plasrv.exe - ok
19:03:05.0619 3368 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
19:03:05.0619 3368 C:\Windows\System32\resutils.dll - ok
19:03:05.0623 3368 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
19:03:05.0623 3368 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe - ok
19:03:05.0626 3368 [ 78E3A1BE942B6CA69C01BAD7263D888C ] C:\Windows\System32\EEBUtil.dll
19:03:05.0626 3368 C:\Windows\System32\EEBUtil.dll - ok
19:03:05.0631 3368 [ 8D6D80315A238D049AE8A33C1EE632F8 ] C:\Program Files\Common Files\EPSON\EBAPI\eEBRsvc.dll
19:03:05.0631 3368 C:\Program Files\Common Files\EPSON\EBAPI\eEBRsvc.dll - ok
19:03:05.0636 3368 [ 89971C511861513C5C12EE71C537E21A ] C:\Program Files\Common Files\EPSON\EBAPI\eEBLPDEV.DLL
19:03:05.0637 3368 C:\Program Files\Common Files\EPSON\EBAPI\eEBLPDEV.DLL - ok
19:03:05.0640 3368 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
19:03:05.0640 3368 C:\Windows\System32\winspool.drv - ok
19:03:05.0644 3368 [ 65BB5D319081E4EC2880A78A0091A84B ] C:\Program Files\Common Files\EPSON\EBAPI\eEBIPDev.DLL
19:03:05.0644 3368 C:\Program Files\Common Files\EPSON\EBAPI\eEBIPDev.DLL - ok
19:03:05.0647 3368 [ 59CDF93DFA24264E6D75E1E3C00CD27F ] C:\Program Files\Common Files\EPSON\EBAPI\eEBNWDev.dll
19:03:05.0647 3368 C:\Program Files\Common Files\EPSON\EBAPI\eEBNWDev.dll - ok
19:03:05.0652 3368 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
19:03:05.0652 3368 C:\Windows\System32\wsock32.dll - ok
19:03:05.0657 3368 [ 2510150D2BB54115141E83F3205B6013 ] C:\Program Files\Common Files\EPSON\EBAPI\eEBMSDev.dll
19:03:05.0657 3368 C:\Program Files\Common Files\EPSON\EBAPI\eEBMSDev.dll - ok
19:03:05.0662 3368 [ AF9658974154C3B6A333D86DC2E0AAC8 ] C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
19:03:05.0662 3368 C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe - ok
19:03:05.0666 3368 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:05.0666 3368 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
19:03:05.0671 3368 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
19:03:05.0671 3368 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
19:03:05.0675 3368 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
19:03:05.0675 3368 C:\Windows\System32\shimeng.dll - ok
19:03:05.0678 3368 [ 330A1E4DF07C2E29949ED8631CD8828E ] C:\Windows\System32\AERTSrv.exe
19:03:05.0678 3368 C:\Windows\System32\AERTSrv.exe - ok
19:03:05.0682 3368 [ 7EF47644B74EBE721CC32211D3C35E76 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:03:05.0682 3368 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
19:03:05.0687 3368 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
19:03:05.0687 3368 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
19:03:05.0695 3368 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
19:03:05.0695 3368 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
19:03:05.0700 3368 [ 8C22C6088057A00EAE7D963600F26EEB ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
19:03:05.0700 3368 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
19:03:05.0705 3368 [ 2DEDC3AFE3C49B5DAE717D0A9BEBF298 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
19:03:05.0706 3368 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
19:03:05.0710 3368 [ 67B539D844F804EBAC7A1E3828FDE709 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
19:03:05.0710 3368 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
19:03:05.0713 3368 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
19:03:05.0713 3368 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
19:03:05.0718 3368 [ 62169BDD927A67C360A35F4526429B01 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
19:03:05.0718 3368 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
19:03:05.0723 3368 [ 3BDE52411DF2FE4252C9289F51CB0F7E ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
19:03:05.0723 3368 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
19:03:05.0728 3368 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
19:03:05.0728 3368 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
19:03:05.0732 3368 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
19:03:05.0732 3368 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
19:03:05.0737 3368 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
19:03:05.0737 3368 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
19:03:05.0762 3368 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
19:03:05.0762 3368 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
19:03:05.0767 3368 [ F8ECB748B53A010464F7A63154D75F56 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
19:03:05.0767 3368 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
19:03:05.0804 3368 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll
19:03:05.0804 3368 C:\Windows\System32\dnssd.dll - ok
19:03:05.0809 3368 [ 2C478E667CE27B2B7142F756CF569A9A ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
19:03:05.0809 3368 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
19:03:05.0813 3368 [ 47480F4260DAE9AA589BCAF924B3767A ] C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
19:03:05.0813 3368 C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE - ok
19:03:05.0817 3368 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
19:03:05.0817 3368 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
19:03:05.0822 3368 [ 57E8C7791AB2596AFB8EE1273C2DF1F8 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
19:03:05.0822 3368 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
19:03:05.0861 3368 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
19:03:05.0861 3368 C:\Windows\System32\msi.dll - ok
19:03:05.0865 3368 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
19:03:05.0865 3368 C:\Windows\System32\SensApi.dll - ok
19:03:05.0870 3368 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
19:03:05.0870 3368 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
19:03:05.0874 3368 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
19:03:05.0874 3368 C:\Program Files\Bonjour\mDNSResponder.exe - ok
19:03:05.0878 3368 [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
19:03:05.0878 3368 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
19:03:05.0882 3368 [ B92F2B3247F0A99490C1298A1D3D7B4C ] C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:03:05.0882 3368 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE - ok
19:03:05.0887 3368 [ ED806820DEE3AD03816B0B4C190F9092 ] C:\Windows\System32\RpcNs4.dll
19:03:05.0887 3368 C:\Windows\System32\RpcNs4.dll - ok
19:03:05.0891 3368 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
19:03:05.0891 3368 C:\Windows\System32\wdscore.dll - ok
19:03:05.0894 3368 [ 651336B99C75FB54E4B5971CF458F9BD ] C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:03:05.0894 3368 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE - ok
19:03:05.0933 3368 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
19:03:05.0933 3368 C:\Windows\System32\taskschd.dll - ok
19:03:05.0938 3368 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
19:03:05.0938 3368 C:\Windows\System32\vssapi.dll - ok
19:03:05.0941 3368 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
19:03:05.0941 3368 C:\Windows\System32\vsstrace.dll - ok
19:03:05.0945 3368 [ F798A893C8C214F74889DBF9D3A412DE ] C:\Windows\System32\cryptnet.dll
19:03:05.0945 3368 C:\Windows\System32\cryptnet.dll - ok
19:03:05.0948 3368 [ F726B54C7883CB3D4C6A8339AC1ADAF7 ] C:\Program Files\TP-LINK\QSS\jswpbapi.exe
19:03:05.0948 3368 C:\Program Files\TP-LINK\QSS\jswpbapi.exe - ok
19:03:05.0953 3368 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
19:03:05.0953 3368 C:\Windows\System32\WSDApi.dll - ok
19:03:05.0956 3368 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
19:03:05.0957 3368 C:\Windows\System32\diagperf.dll - ok
19:03:05.0960 3368 [ C226CE46CD17FCE6261A9DE406F01C8B ] C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
19:03:05.0960 3368 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe - ok
19:03:06.0004 3368 [ F86293D93760C70ADF4F19E66E3FA5E8 ] C:\Windows\System32\httpapi.dll
19:03:06.0004 3368 C:\Windows\System32\httpapi.dll - ok
19:03:06.0042 3368 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
19:03:06.0042 3368 C:\Windows\System32\fundisc.dll - ok
19:03:06.0046 3368 [ 4BAEC13BCAA595639EBB5185278DEFEA ] C:\Windows\System32\fdWSD.dll
19:03:06.0046 3368 C:\Windows\System32\fdWSD.dll - ok
19:03:06.0049 3368 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
19:03:06.0049 3368 C:\Windows\System32\ncsi.dll - ok
19:03:06.0054 3368 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll
19:03:06.0054 3368 C:\Windows\System32\mlang.dll - ok
19:03:06.0058 3368 [ 1D702A6E768510F2623171C963AFAE36 ] C:\PROGRA~1\McAfee\SITEAD~1\SaSSHMod.dll
19:03:06.0058 3368 C:\PROGRA~1\McAfee\SITEAD~1\SaSSHMod.dll - ok
19:03:06.0061 3368 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
19:03:06.0061 3368 C:\Windows\System32\cfgmgr32.dll - ok
19:03:06.0064 3368 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
19:03:06.0064 3368 C:\Windows\System32\ssdpapi.dll - ok
19:03:06.0070 3368 [ 443C5961CACD4ABC16648874AF06E4A0 ] C:\Windows\System32\fdSSDP.dll
19:03:06.0070 3368 C:\Windows\System32\fdSSDP.dll - ok
19:03:06.0074 3368 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
19:03:06.0074 3368 C:\Windows\System32\pnpts.dll - ok
19:03:06.0120 3368 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
19:03:06.0120 3368 C:\Windows\System32\drivers\PEAuth.sys - ok
19:03:06.0125 3368 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
19:03:06.0125 3368 C:\Windows\System32\msxml3.dll - ok
19:03:06.0129 3368 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
19:03:06.0130 3368 C:\Windows\System32\IPSECSVC.DLL - ok
19:03:06.0135 3368 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
19:03:06.0135 3368 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe - ok
19:03:06.0139 3368 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\System32\msvcp71.dll
19:03:06.0139 3368 C:\Windows\System32\msvcp71.dll - ok
19:03:06.0142 3368 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
19:03:06.0142 3368 C:\Windows\System32\FwRemoteSvr.dll - ok
19:03:06.0145 3368 [ 7DED7521EB8B8D56DADCD044D1B77709 ] C:\PROGRA~1\McAfee\SITEAD~1\saupkeep.dll
19:03:06.0145 3368 C:\PROGRA~1\McAfee\SITEAD~1\saupkeep.dll - ok
19:03:06.0148 3368 [ 2C3489660D4A8D514C123C3F0D67DF46 ] C:\Windows\System32\drivers\MpNWMon.sys
19:03:06.0148 3368 C:\Windows\System32\drivers\MpNWMon.sys - ok
19:03:06.0189 3368 [ 574C4419F1634E0DBA09FA920AB837FF ] C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
19:03:06.0189 3368 C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe - ok
19:03:06.0193 3368 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\System32\msvcr71.dll
19:03:06.0193 3368 C:\Windows\System32\msvcr71.dll - ok
19:03:06.0197 3368 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll
19:03:06.0197 3368 C:\Windows\System32\wscapi.dll - ok
19:03:06.0202 3368 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys
19:03:06.0202 3368 C:\Windows\System32\drivers\fastfat.sys - ok
19:03:06.0205 3368 [ D0A95E567224B4C347CBDD6541E5D928 ] C:\Windows\System32\wscisvif.dll
19:03:06.0205 3368 C:\Windows\System32\wscisvif.dll - ok
19:03:06.0209 3368 [ 4B555106290BD117334E9A08761C035A ] C:\Windows\System32\rundll32.exe
19:03:06.0209 3368 C:\Windows\System32\rundll32.exe - ok
19:03:06.0212 3368 [ FE3702015BE4D214808A2FBC07B8E5FF ] C:\Windows\System32\wscproxystub.dll
19:03:06.0212 3368 C:\Windows\System32\wscproxystub.dll - ok
19:03:06.0217 3368 [ F6C66188DEF298E2C3827AF6FB2C0637 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll
19:03:06.0217 3368 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll - ok
19:03:06.0258 3368 [ 3C03DB6F66C9792C9B6E30473E847CA2 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
19:03:06.0258 3368 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll - ok
19:03:06.0264 3368 [ D6804F089CBB6749E95124E7C4D80900 ] C:\Windows\AppPatch\AcLayers.dll
19:03:06.0264 3368 C:\Windows\AppPatch\AcLayers.dll - ok
19:03:06.0271 3368 [ E84B3CB28AB4D95C07738AE9937C2734 ] C:\Program Files\McAfee\SiteAdvisor\sahook.dll
19:03:06.0271 3368 C:\Program Files\McAfee\SiteAdvisor\sahook.dll - ok
19:03:06.0274 3368 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
19:03:06.0274 3368 C:\Windows\System32\dllhost.exe - ok
19:03:06.0278 3368 [ 5FCE5B36991DBAA99DA9E9C62D8E60AC ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll
19:03:06.0278 3368 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll - ok
19:03:06.0281 3368 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe
19:03:06.0281 3368 C:\Windows\System32\AtBroker.exe - ok
19:03:06.0286 3368 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
19:03:06.0286 3368 C:\Windows\System32\taskeng.exe - ok
19:03:06.0291 3368 [ 1BAC818025403333C11817DAFBCEE283 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll
19:03:06.0291 3368 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll - ok
19:03:06.0293 3368 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
19:03:06.0293 3368 C:\Windows\System32\winrnr.dll - ok
19:03:06.0334 3368 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
19:03:06.0334 3368 C:\Windows\System32\userinit.exe - ok
19:03:06.0339 3368 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
19:03:06.0339 3368 C:\Program Files\Bonjour\mdnsNSP.dll - ok
19:03:06.0343 3368 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
19:03:06.0343 3368 C:\Windows\System32\dwmapi.dll - ok
19:03:06.0347 3368 [ C7C30B24C8C57078654BA9574CE70E3D ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll
19:03:06.0347 3368 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll - ok
19:03:06.0352 3368 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
19:03:06.0352 3368 C:\Windows\System32\rasadhlp.dll - ok
19:03:06.0356 3368 [ 41857DA3EA7A2568E1AAE8FEDC8D8939 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll
19:03:06.0356 3368 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll - ok
19:03:06.0360 3368 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
19:03:06.0360 3368 C:\Windows\System32\TSChannel.dll - ok
19:03:06.0364 3368 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
19:03:06.0364 3368 C:\Windows\System32\dwmredir.dll - ok
19:03:06.0453 3368 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
19:03:06.0453 3368 C:\Windows\System32\milcore.dll - ok
19:03:06.0495 3368 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
19:03:06.0495 3368 C:\Windows\explorer.exe - ok
19:03:06.0498 3368 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
19:03:06.0498 3368 C:\Windows\System32\d3d9.dll - ok
19:03:06.0503 3368 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
19:03:06.0503 3368 C:\Windows\System32\d3d8thk.dll - ok
19:03:06.0507 3368 [ 7BE97F43723DC53B65A6DE5FCA76E4C2 ] C:\Windows\System32\igdumd32.dll
19:03:06.0507 3368 C:\Windows\System32\igdumd32.dll - ok
19:03:06.0511 3368 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\Windows\System32\msxml4.dll
19:03:06.0511 3368 C:\Windows\System32\msxml4.dll - ok
19:03:06.0514 3368 [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
19:03:06.0514 3368 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
19:03:06.0519 3368 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
19:03:06.0519 3368 C:\Windows\System32\HotStartUserAgent.dll - ok
19:03:06.0526 3368 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
19:03:06.0526 3368 C:\Windows\System32\PlaySndSrv.dll - ok
19:03:06.0529 3368 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll
19:03:06.0529 3368 C:\Windows\System32\uDWM.dll - ok
19:03:06.0534 3368 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
19:03:06.0534 3368 C:\Windows\System32\MsCtfMonitor.dll - ok
19:03:06.0538 3368 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
19:03:06.0538 3368 C:\Windows\System32\msutb.dll - ok
19:03:06.0541 3368 [ C10C57F42042781B9CE4F0F492B1D5C2 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
19:03:06.0541 3368 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
19:03:06.0543 3368 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
19:03:06.0543 3368 C:\Windows\System32\drivers\secdrv.sys - ok
19:03:06.0547 3368 [ 777115C9CC675BD98127660712D2F784 ] C:\Program Files\Dell Support Center\bin\sprtsvc.exe
19:03:06.0547 3368 C:\Program Files\Dell Support Center\bin\sprtsvc.exe - ok
19:03:06.0553 3368 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
19:03:06.0553 3368 C:\Windows\System32\wiatrace.dll - ok
19:03:06.0557 3368 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
19:03:06.0557 3368 C:\Windows\System32\wsdchngr.dll - ok
19:03:06.0561 3368 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] C:\Windows\System32\drivers\tcpipreg.sys
19:03:06.0561 3368 C:\Windows\System32\drivers\tcpipreg.sys - ok
19:03:06.0572 3368 [ 8E8D1251C52DE0256C076CAAA79AF327 ] C:\Program Files\Dell Support Center\bin\sprtsched.dll
19:03:06.0572 3368 C:\Program Files\Dell Support Center\bin\sprtsched.dll - ok
19:03:06.0576 3368 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
19:03:06.0576 3368 C:\Windows\System32\esent.dll - ok
19:03:06.0581 3368 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:03:06.0581 3368 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe - ok
19:03:06.0586 3368 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll
19:03:06.0586 3368 C:\Windows\System32\localspl.dll - ok
19:03:06.0590 3368 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
19:03:06.0590 3368 C:\Windows\System32\TMM.dll - ok
19:03:06.0594 3368 [ 0AB6629467D8F073B762FCA1D416BF2D ] C:\Program Files\Dell Support Center\bin\sprtfod.dll
19:03:06.0594 3368 C:\Program Files\Dell Support Center\bin\sprtfod.dll - ok
19:03:06.0598 3368 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
19:03:06.0598 3368 C:\Windows\System32\sfc.dll - ok
19:03:06.0603 3368 [ D3F7F1971B66B0D2F38703F87D02EA9B ] C:\Program Files\Dell Support Center\bin\sprtsync.dll
19:03:06.0603 3368 C:\Program Files\Dell Support Center\bin\sprtsync.dll - ok
19:03:06.0638 3368 [ F4F3EAE16AE6FD93E1F22DF295E2A7FC ] C:\Windows\System32\E_FLBGMA.DLL
19:03:06.0638 3368 C:\Windows\System32\E_FLBGMA.DLL - ok
19:03:06.0643 3368 [ 336B96830AC7A93800A76BD4ADFA1B9F ] C:\Windows\System32\enppmon.dll
19:03:06.0643 3368 C:\Windows\System32\enppmon.dll - ok
19:03:06.0647 3368 [ BED7741C3668517B13A1D15600CA60DC ] C:\Windows\System32\enpres.dll
19:03:06.0647 3368 C:\Windows\System32\enpres.dll - ok
19:03:06.0651 3368 [ 109F6C42B99F746E4963F252768667AC ] C:\Windows\System32\igfxTMM.dll
19:03:06.0651 3368 C:\Windows\System32\igfxTMM.dll - ok
19:03:06.0655 3368 [ E4D3F600CFF1E76950ABB0D790F2A1EF ] C:\Program Files\Dell Support Center\bin\sprtupdate.dll
19:03:06.0655 3368 C:\Program Files\Dell Support Center\bin\sprtupdate.dll - ok
19:03:06.0659 3368 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
19:03:06.0659 3368 C:\Windows\System32\tcpmon.dll - ok
19:03:06.0662 3368 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
19:03:06.0662 3368 C:\Windows\System32\snmpapi.dll - ok
19:03:06.0667 3368 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
19:03:06.0667 3368 C:\Windows\System32\wsnmp32.dll - ok
19:03:06.0671 3368 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
19:03:06.0671 3368 C:\Windows\System32\tcpmib.dll - ok
19:03:06.0709 3368 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
19:03:06.0709 3368 C:\Windows\System32\mgmtapi.dll - ok
19:03:06.0712 3368 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
19:03:06.0712 3368 C:\Windows\System32\usbmon.dll - ok
19:03:06.0717 3368 [ 5C5209B04B1942A534259C2AB7BB1EEA ] C:\Program Files\Dell Support Center\bin\libeay32.dll
19:03:06.0717 3368 C:\Program Files\Dell Support Center\bin\libeay32.dll - ok
19:03:06.0721 3368 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
19:03:06.0721 3368 C:\Windows\System32\WSDMon.dll - ok
19:03:06.0725 3368 [ 39C5FCF8AA3B83D79A0E853ECB38BF25 ] C:\Program Files\Google\Update\1.3.21.115\goopdate.dll
19:03:06.0725 3368 C:\Program Files\Google\Update\1.3.21.115\goopdate.dll - ok
19:03:06.0729 3368 [ 18AAB47E84ABDC8AEA129E76681FEC9F ] C:\Windows\System32\Magnification.dll
19:03:06.0729 3368 C:\Windows\System32\Magnification.dll - ok
19:03:06.0732 3368 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll
19:03:06.0732 3368 C:\Windows\System32\shfolder.dll - ok
19:03:06.0737 3368 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
19:03:06.0737 3368 C:\Windows\System32\icaapi.dll - ok
19:03:06.0740 3368 [ C4A230C8052A656198781572D81EA663 ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
19:03:06.0740 3368 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
19:03:06.0780 3368 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
19:03:06.0780 3368 C:\Windows\System32\wbemcomn.dll - ok
19:03:06.0785 3368 [ 5144AE67D60EC653F97DDF3FEED29E77 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
19:03:06.0785 3368 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
19:03:06.0789 3368 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
19:03:06.0789 3368 C:\Windows\System32\shdocvw.dll - ok
19:03:06.0793 3368 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
19:03:06.0793 3368 C:\Windows\System32\QAGENT.DLL - ok
19:03:06.0795 3368 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
19:03:06.0795 3368 C:\Windows\System32\QUTIL.DLL - ok
19:03:06.0800 3368 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
19:03:06.0800 3368 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
19:03:06.0805 3368 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
19:03:06.0805 3368 C:\Windows\System32\cscapi.dll - ok
19:03:06.0809 3368 [ 900A9D261859EC999C9C7243410C3203 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll
19:03:06.0809 3368 C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll - ok
19:03:06.0812 3368 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
19:03:06.0812 3368 C:\Windows\System32\dbghelp.dll - ok
19:03:06.0851 3368 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
19:03:06.0851 3368 C:\Windows\System32\win32spl.dll - ok
19:03:06.0855 3368 [ 743E556A998074ED7EEB99CA495B2E5D ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll
19:03:06.0855 3368 C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
19:03:06.0859 3368 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Windows\System32\mfc71.dll
19:03:06.0859 3368 C:\Windows\System32\mfc71.dll - ok
19:03:06.0862 3368 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
19:03:06.0862 3368 C:\Windows\System32\browseui.dll - ok
19:03:06.0867 3368 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
19:03:06.0867 3368 C:\Windows\System32\netrap.dll - ok
19:03:06.0871 3368 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
19:03:06.0871 3368 C:\Windows\System32\printcom.dll - ok
19:03:06.0875 3368 [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
19:03:06.0875 3368 C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
19:03:06.0878 3368 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
19:03:06.0878 3368 C:\Windows\System32\inetpp.dll - ok
19:03:06.0881 3368 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
19:03:06.0881 3368 C:\Windows\System32\wbem\WinMgmtR.dll - ok
19:03:06.0919 3368 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
19:03:06.0919 3368 C:\Windows\System32\PortableDeviceApi.dll - ok
19:03:06.0922 3368 [ 44A611DCE116D109C8CCF692F09DFBAE ] C:\Program Files\Common Files\Apple\Mobile Device Support\ssleay32.dll
19:03:06.0923 3368 C:\Program Files\Common Files\Apple\Mobile Device Support\ssleay32.dll - ok
19:03:06.0926 3368 [ A9662BCF218BC76869A8D91635D5F93A ] C:\Windows\System32\Wpc.dll
19:03:06.0926 3368 C:\Windows\System32\Wpc.dll - ok
19:03:06.0929 3368 [ 0C8C3200825823285A0EBFC94F4E7158 ] C:\Program Files\Google\Drive\googledrivesync32.dll
19:03:06.0929 3368 C:\Program Files\Google\Drive\googledrivesync32.dll - ok
19:03:06.0934 3368 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
19:03:06.0934 3368 C:\Windows\System32\EhStorShell.dll - ok
19:03:06.0938 3368 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
19:03:06.0938 3368 C:\Windows\System32\imageres.dll - ok
19:03:06.0942 3368 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll
19:03:06.0942 3368 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
19:03:06.0946 3368 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\System32\MFC71ENU.DLL
19:03:06.0946 3368 C:\Windows\System32\MFC71ENU.DLL - ok
19:03:06.0985 3368 [ 3C84FCA13C4EB607478A45F2D7E16DB3 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll
19:03:06.0985 3368 C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll - ok
19:03:06.0990 3368 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
19:03:06.0990 3368 C:\Windows\System32\wbem\wbemprox.dll - ok
19:03:06.0994 3368 [ CFF7CD91E1814438552959BC71FE5342 ] C:\Program Files\Common Files\Apple\Mobile Device Support\libeay32.dll
19:03:06.0994 3368 C:\Program Files\Common Files\Apple\Mobile Device Support\libeay32.dll - ok
19:03:06.0997 3368 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
19:03:06.0997 3368 C:\Windows\System32\wbem\wbemcore.dll - ok
19:03:07.0002 3368 [ DCA3FA9F9DD103DC39C24C85EF073DB1 ] C:\Windows\System32\icmp.dll
19:03:07.0002 3368 C:\Windows\System32\icmp.dll - ok
19:03:07.0005 3368 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
19:03:07.0005 3368 C:\Windows\System32\IconCodecService.dll - ok
19:03:07.0010 3368 [ 878873AB4FDA2328A96BC8AD87316411 ] C:\Windows\System32\spool\drivers\w32x86\3\E_FMAIGMA.DLL
19:03:07.0010 3368 C:\Windows\System32\spool\drivers\w32x86\3\E_FMAIGMA.DLL - ok
19:03:07.0013 3368 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
19:03:07.0013 3368 C:\Windows\System32\wbem\esscli.dll - ok
19:03:07.0019 3368 [ A1CF0ED4315C7EBFF0B8E86C36B86FE6 ] C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll
19:03:07.0019 3368 C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll - ok
19:03:07.0036 3368 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
19:03:07.0036 3368 C:\Windows\System32\wbem\fastprox.dll - ok
19:03:07.0041 3368 [ ABFB7F489020E4633B887CF5921429F8 ] C:\Windows\System32\spool\drivers\w32x86\3\E_FUICGMA.DLL
19:03:07.0041 3368 C:\Windows\System32\spool\drivers\w32x86\3\E_FUICGMA.DLL - ok
19:03:07.0044 3368 [ 0151C2C433693948FD5A48E3D0408C77 ] C:\Program Files\TeamViewer\Version7\TeamViewer.exe
19:03:07.0044 3368 C:\Program Files\TeamViewer\Version7\TeamViewer.exe - ok
19:03:07.0051 3368 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
19:03:07.0051 3368 C:\Windows\System32\wbem\wbemsvc.dll - ok
19:03:07.0055 3368 [ 3A2EEE8444A8E5C1A454C57B2198F5FC ] C:\Windows\System32\ntlanman.dll
19:03:07.0055 3368 C:\Windows\System32\ntlanman.dll - ok
19:03:07.0059 3368 [ CFBD2E1FE18B50748A76703A2DC6D4E3 ] C:\Windows\System32\davclnt.dll
19:03:07.0059 3368 C:\Windows\System32\davclnt.dll - ok
19:03:07.0063 3368 [ 582EFE56FC0858E58A6CEBA2A64B02C7 ] C:\Windows\System32\drprov.dll
19:03:07.0063 3368 C:\Windows\System32\drprov.dll - ok
19:03:07.0100 3368 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
19:03:07.0100 3368 C:\Windows\System32\netprofm.dll - ok
19:03:07.0105 3368 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
19:03:07.0105 3368 C:\Windows\System32\wbem\wmiutils.dll - ok
19:03:07.0110 3368 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
19:03:07.0110 3368 C:\Windows\System32\actxprxy.dll - ok
19:03:07.0117 3368 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
19:03:07.0118 3368 C:\Windows\System32\wbem\repdrvfs.dll - ok
19:03:07.0122 3368 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
19:03:07.0122 3368 C:\Windows\System32\ntshrui.dll - ok
19:03:07.0126 3368 [ 8F58544719E1C435BC36A8B207096581 ] C:\Windows\System32\verclsid.exe
19:03:07.0126 3368 C:\Windows\System32\verclsid.exe - ok
19:03:07.0130 3368 [ 928C90E02E05244D2290C1551DF732C8 ] C:\Windows\System32\avicap32.dll
19:03:07.0130 3368 C:\Windows\System32\avicap32.dll - ok
19:03:07.0136 3368 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll
19:03:07.0137 3368 C:\Windows\System32\msvfw32.dll - ok
19:03:07.0177 3368 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll
19:03:07.0177 3368 C:\Windows\System32\tquery.dll - ok
19:03:07.0181 3368 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
19:03:07.0181 3368 C:\Windows\System32\riched20.dll - ok
19:03:07.0188 3368 [ 335BB264B36D5A6A132BBC45A1FE37CE ] C:\Program Files\TeamViewer\Version7\TeamViewer_Resource_en.dll
19:03:07.0188 3368 C:\Program Files\TeamViewer\Version7\TeamViewer_Resource_en.dll - ok
19:03:07.0193 3368 [ 402D432013C926372D93941723F9E8F1 ] C:\Program Files\TeamViewer\Version7\TeamViewer_StaticRes.dll
19:03:07.0193 3368 C:\Program Files\TeamViewer\Version7\TeamViewer_StaticRes.dll - ok
19:03:07.0198 3368 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
19:03:07.0198 3368 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
19:03:07.0205 3368 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll
19:03:07.0205 3368 C:\Windows\System32\mssrch.dll - ok
19:03:07.0248 3368 [ 93F29E6964BAEF31E53D203992B0AFD4 ] C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
19:03:07.0249 3368 C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe - ok
19:03:07.0252 3368 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll
19:03:07.0253 3368 C:\Windows\System32\msidle.dll - ok
19:03:07.0256 3368 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
19:03:07.0256 3368 C:\Windows\System32\wbem\wbemess.dll - ok
19:03:07.0259 3368 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll
19:03:07.0259 3368 C:\Windows\System32\Query.dll - ok
19:03:07.0263 3368 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:03:07.0263 3368 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - ok
19:03:07.0268 3368 [ FD647CA82ACF232DBE5F20345647B948 ] C:\Windows\AppPatch\AcGenral.dll
19:03:07.0268 3368 C:\Windows\AppPatch\AcGenral.dll - ok
19:03:07.0273 3368 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui
19:03:07.0273 3368 C:\Windows\System32\en-US\tquery.dll.mui - ok
19:03:07.0277 3368 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
19:03:07.0277 3368 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
19:03:07.0280 3368 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll
19:03:07.0280 3368 C:\Windows\System32\msscb.dll - ok
19:03:07.0319 3368 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
19:03:07.0320 3368 C:\Windows\System32\wbem\NCProv.dll - ok
19:03:07.0325 3368 [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll
19:03:07.0326 3368 C:\Windows\System32\wbem\cimwin32.dll - ok
19:03:07.0331 3368 [ E91B5FA739CCF7F0CE3282B0FCFA5108 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
19:03:07.0332 3368 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
19:03:07.0336 3368 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
19:03:07.0336 3368 C:\Windows\System32\msacm32.dll - ok
19:03:07.0340 3368 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
19:03:07.0340 3368 C:\Windows\System32\sfc_os.dll - ok
19:03:07.0343 3368 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
19:03:07.0343 3368 C:\Windows\System32\wbem\wbemcons.dll - ok
19:03:07.0347 3368 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
19:03:07.0347 3368 C:\Windows\System32\npmproxy.dll - ok
19:03:07.0352 3368 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
19:03:07.0352 3368 C:\Windows\System32\wuapi.dll - ok
19:03:07.0356 3368 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll
19:03:07.0356 3368 C:\Windows\System32\sqmapi.dll - ok
19:03:07.0395 3368 [ 794D4B48DFB6E999537C7C3947863463 ] C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:03:07.0395 3368 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - ok
19:03:07.0402 3368 [ ABAEAEE763E287BDD39094C4165E1F3F ] C:\Windows\System32\fdProxy.dll
19:03:07.0402 3368 C:\Windows\System32\fdProxy.dll - ok
19:03:07.0407 3368 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
19:03:07.0407 3368 C:\Windows\System32\hnetcfg.dll - ok
19:03:07.0410 3368 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
19:03:07.0410 3368 C:\Windows\System32\mstask.dll - ok
19:03:07.0414 3368 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
19:03:07.0414 3368 C:\Windows\System32\wups.dll - ok
19:03:07.0419 3368 [ 25A5E3E7E5544584EC04BF565954921D ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
19:03:07.0419 3368 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
19:03:07.0423 3368 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll
19:03:07.0423 3368 C:\Windows\System32\framedynos.dll - ok
19:03:07.0428 3368 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
19:03:07.0428 3368 C:\Windows\System32\wmi.dll - ok
19:03:07.0437 3368 [ 24422E879BAEA2B69C9B131548D16888 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll
19:03:07.0437 3368 C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
19:03:07.0440 3368 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\System32\wer.dll
19:03:07.0440 3368 C:\Windows\System32\wer.dll - ok
19:03:07.0443 3368 [ 77784A2BD5912A4EC6284255865526BC ] C:\Windows\System32\Faultrep.dll
19:03:07.0444 3368 C:\Windows\System32\Faultrep.dll - ok
19:03:07.0447 3368 [ 6B44700917F45B19B96B46B345B6F0E7 ] C:\Program Files\Spybot - Search & Destroy\SDMain.exe
19:03:07.0447 3368 C:\Program Files\Spybot - Search & Destroy\SDMain.exe - ok
19:03:07.0452 3368 [ 83C2F5076E1B4A63C04F2B14EE7CAD47 ] C:\Windows\System32\wbem\wbemdisp.dll
19:03:07.0452 3368 C:\Windows\System32\wbem\wbemdisp.dll - ok
19:03:07.0456 3368 [ AEF9BABB8A506BC4CE0451A64AADED46 ] C:\Windows\System32\Mcx2Svc.dll
19:03:07.0456 3368 C:\Windows\System32\Mcx2Svc.dll - ok
19:03:07.0459 3368 [ 54138A36D9680FEFD036DB1187CE2DBB ] C:\Windows\ehome\ehtrace.dll
19:03:07.0459 3368 C:\Windows\ehome\ehtrace.dll - ok
19:03:07.0463 3368 [ EE7E10BED85C312C1D5D30C435BDDA9F ] C:\Windows\System32\drivers\tcpip.sys
19:03:07.0463 3368 C:\Windows\System32\drivers\tcpip.sys - ok
19:03:07.0496 3368 [ C127EBD5AFAB31524662C48DFCEB773A ] C:\Windows\System32\drivers\rdpwd.sys
19:03:07.0496 3368 C:\Windows\System32\drivers\rdpwd.sys - ok
19:03:07.0500 3368 [ 9090A44920CC7F643CC32AF3C6940E5C ] C:\Windows\System32\rdpdd.dll
19:03:07.0500 3368 C:\Windows\System32\rdpdd.dll - ok
19:03:07.0505 3368 [ BF2156D8D9866983B55D95382131DC4A ] C:\Windows\System32\lsmproxy.dll
19:03:07.0505 3368 C:\Windows\System32\lsmproxy.dll - ok
19:03:07.0508 3368 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
19:03:07.0508 3368 C:\Windows\System32\pcadm.dll - ok
19:03:07.0513 3368 [ 7B01C6172CFD0B10116175E09200D4B4 ] C:\Windows\System32\drivers\NisDrvWFP.sys
19:03:07.0513 3368 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
19:03:07.0520 3368 [ A6250DF429D0D78DACFBC6B87074E584 ] C:\Windows\System32\regapi.dll
19:03:07.0520 3368 C:\Windows\System32\regapi.dll - ok
19:03:07.0527 3368 [ A5CB074F34BBD89948E34A630D459C0C ] C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:03:07.0527 3368 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe - ok
19:03:07.0536 3368 [ E67DAF21DDBE6D4B5771E12902902EEA ] C:\Windows\System32\rdpwsx.dll
19:03:07.0536 3368 C:\Windows\System32\rdpwsx.dll - ok
19:03:07.0543 3368 [ EE60FC8F65B94C392DE0F75533C014FB ] C:\Windows\System32\mstlsapi.dll
19:03:07.0543 3368 C:\Windows\System32\mstlsapi.dll - ok
19:03:07.0554 3368 [ A6625BEB44B5F47448A9C72DC0419999 ] C:\Program Files\Microsoft Security Client\Antimalware\NisLog.dll
19:03:07.0554 3368 C:\Program Files\Microsoft Security Client\Antimalware\NisLog.dll - ok
19:03:07.0561 3368 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll
19:03:07.0561 3368 C:\Windows\System32\mssprxy.dll - ok
19:03:07.0570 3368 [ 98C77FD99F3DB37B2C03F32B8F837B65 ] C:\Windows\System32\mapi32.dll
19:03:07.0570 3368 C:\Windows\System32\mapi32.dll - ok
19:03:07.0575 3368 [ 97A9CE4475BF2AE973939D254220C8D3 ] C:\Program Files\TeamViewer\Version7\tv_w32.dll
19:03:07.0575 3368 C:\Program Files\TeamViewer\Version7\tv_w32.dll - ok
19:03:07.0583 3368 [ F21F255B91CA4F04E4250DECD2067CBB ] C:\Windows\System32\bitsperf.dll
19:03:07.0583 3368 C:\Windows\System32\bitsperf.dll - ok
19:03:07.0590 3368 [ A6E127E241535C02DE9B9E5C25B70345 ] C:\Windows\System32\crtdll.dll
19:03:07.0590 3368 C:\Windows\System32\crtdll.dll - ok
19:03:07.0597 3368 [ 26ED0791F84F49571AB88CF7A8217F5C ] C:\Program Files\TeamViewer\Version7\tv_w32.exe
19:03:07.0597 3368 C:\Program Files\TeamViewer\Version7\tv_w32.exe - ok
19:03:07.0605 3368 [ AD9F8B2CCC4310F54859A4F91010897C ] C:\Program Files\Microsoft Security Client\Antimalware\IpsConsumer.dll
19:03:07.0605 3368 C:\Program Files\Microsoft Security Client\Antimalware\IpsConsumer.dll - ok
19:03:07.0612 3368 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll
19:03:07.0612 3368 C:\Windows\System32\rastapi.dll - ok
19:03:07.0620 3368 [ 632557F2495931D952161465AA177B3B ] C:\Windows\System32\bitsigd.dll
19:03:07.0620 3368 C:\Windows\System32\bitsigd.dll - ok
19:03:07.0626 3368 [ 389C63E32B3CEFED425B61ED92D3F021 ] C:\Windows\System32\drivers\tdtcp.sys
19:03:07.0626 3368 C:\Windows\System32\drivers\tdtcp.sys - ok
19:03:07.0634 3368 [ DCF0F056A2E4F52287264F5AB29CF206 ] C:\Windows\System32\drivers\tssecsrv.sys
19:03:07.0634 3368 C:\Windows\System32\drivers\tssecsrv.sys - ok
19:03:07.0641 3368 [ E1B80644E7125231AAEF62FC2C81C8FE ] C:\Windows\System32\newdev.dll
19:03:07.0641 3368 C:\Windows\System32\newdev.dll - ok
19:03:07.0649 3368 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll
19:03:07.0649 3368 C:\Windows\System32\upnp.dll - ok
19:03:07.0655 3368 [ 6950BBCEB21F9C3CB3B52E90960109C3 ] C:\Windows\System32\devenum.dll
19:03:07.0655 3368 C:\Windows\System32\devenum.dll - ok
19:03:07.0666 3368 [ B8AEFF80ABD57E6ABC6A46EAC7F4515F ] C:\Windows\System32\msdmo.dll
19:03:07.0666 3368 C:\Windows\System32\msdmo.dll - ok
19:03:07.0694 3368 [ 7E651757D28B6D3BFA5F522AF522320A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1750F537-2061-45D2-99A1-1042427653F2}\gapaengine.dll
19:03:07.0694 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1750F537-2061-45D2-99A1-1042427653F2}\gapaengine.dll - ok
19:03:07.0703 3368 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp
19:03:07.0703 3368 C:\Windows\System32\unimdm.tsp - ok
19:03:07.0707 3368 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll
19:03:07.0707 3368 C:\Windows\System32\uniplat.dll - ok
19:03:07.0710 3368 [ F0139479B37732121D09D58792959D50 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1750F537-2061-45D2-99A1-1042427653F2}\nisfull.vdm
19:03:07.0710 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1750F537-2061-45D2-99A1-1042427653F2}\nisfull.vdm - ok
19:03:07.0717 3368 [ 10F13FFF542FEC4A2C4FA734EEBE56B9 ] C:\Windows\System32\qmgrprxy.dll
19:03:07.0717 3368 C:\Windows\System32\qmgrprxy.dll - ok
19:03:07.0721 3368 [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp
19:03:07.0721 3368 C:\Windows\System32\kmddsp.tsp - ok
19:03:07.0729 3368 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp
19:03:07.0729 3368 C:\Windows\System32\ndptsp.tsp - ok
19:03:07.0734 3368 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
19:03:07.0734 3368 C:\Windows\System32\runonce.exe - ok
19:03:07.0740 3368 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp
19:03:07.0740 3368 C:\Windows\System32\hidphone.tsp - ok
19:03:07.0746 3368 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll
19:03:07.0746 3368 C:\Windows\System32\rasppp.dll - ok
19:03:07.0754 3368 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
19:03:07.0754 3368 C:\Windows\System32\cmd.exe - ok
19:03:07.0763 3368 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll
19:03:07.0763 3368 C:\Windows\System32\mprapi.dll - ok
19:03:07.0768 3368 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll
19:03:07.0768 3368 C:\Windows\System32\rasqec.dll - ok
19:03:07.0772 3368 [ 32E15ECF5854F5610BC895490BC3246A ] C:\Windows\System32\ieframe.dll
19:03:07.0772 3368 C:\Windows\System32\ieframe.dll - ok
19:03:07.0776 3368 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll
19:03:07.0776 3368 C:\Windows\System32\cryptui.dll - ok
19:03:07.0779 3368 [ 254AC97C9AF4DDF3F5F57855198527B7 ] C:\Windows\System32\wermgr.exe
19:03:07.0779 3368 C:\Windows\System32\wermgr.exe - ok
19:03:07.0788 3368 [ BF899F57858B8C6F162D9EEB2370641C ] C:\Windows\System32\wercon.exe
19:03:07.0788 3368 C:\Windows\System32\wercon.exe - ok
19:03:07.0791 3368 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] C:\Windows\System32\drivers\umpass.sys
19:03:07.0791 3368 C:\Windows\System32\drivers\umpass.sys - ok
19:03:07.0795 3368 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\Users\JT.Jared-PC\AppData\Local\Temp\97AD0711-5F99-4F04-BC38-3ACD11B0D24D.exe
19:03:07.0795 3368 C:\Users\JT.Jared-PC\AppData\Local\Temp\97AD0711-5F99-4F04-BC38-3ACD11B0D24D.exe - ok
19:03:07.0800 3368 [ 7E651757D28B6D3BFA5F522AF522320A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
19:03:07.0800 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll - ok
19:03:07.0804 3368 [ F0139479B37732121D09D58792959D50 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\nisfull.vdm
19:03:07.0804 3368 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\nisfull.vdm - ok
19:03:07.0808 3368 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
19:03:07.0808 3368 C:\Windows\System32\ie4uinit.exe - ok
19:03:07.0811 3368 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
19:03:07.0811 3368 C:\Windows\System32\iedkcs32.dll - ok
19:03:07.0816 3368 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
19:03:07.0816 3368 C:\Windows\System32\timedate.cpl - ok
19:03:07.0819 3368 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
19:03:07.0819 3368 C:\Windows\System32\msshsq.dll - ok
19:03:07.0825 3368 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
19:03:07.0825 3368 C:\Windows\System32\NaturalLanguage6.dll - ok
19:03:07.0829 3368 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
19:03:07.0829 3368 C:\Windows\System32\NlsData0009.dll - ok
19:03:07.0834 3368 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
19:03:07.0834 3368 C:\Windows\System32\NlsLexicons0009.dll - ok
19:03:07.0838 3368 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
19:03:07.0838 3368 C:\Windows\System32\linkinfo.dll - ok
19:03:07.0841 3368 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
19:03:07.0841 3368 C:\Windows\System32\networkexplorer.dll - ok
19:03:07.0845 3368 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
19:03:07.0845 3368 C:\Windows\System32\ExplorerFrame.dll - ok
19:03:07.0849 3368 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
19:03:07.0849 3368 C:\Windows\System32\control.exe - ok
19:03:07.0853 3368 [ 26DE50A7F668F541B8130A0E26EFF3D8 ] C:\Program Files\Microsoft Works\MSWorks.exe
19:03:07.0853 3368 C:\Program Files\Microsoft Works\MSWorks.exe - ok
19:03:07.0856 3368 [ C37571F7C79C3972D641804F1DF7C0F5 ] C:\Program Files\Microsoft Works\wksdb.exe
19:03:07.0857 3368 C:\Program Files\Microsoft Works\wksdb.exe - ok
19:03:07.0863 3368 [ 43C8B44E46E6A986A41EDF7446FD6C4B ] C:\Program Files\OpenOffice.org 3\program\swriter.exe
19:03:07.0863 3368 C:\Program Files\OpenOffice.org 3\program\swriter.exe - ok
19:03:07.0868 3368 [ DEB8152C28DACFEFF7B830AD9EDD7A0E ] C:\Program Files\OpenOffice.org 3\program\scalc.exe
19:03:07.0868 3368 C:\Program Files\OpenOffice.org 3\program\scalc.exe - ok
19:03:07.0872 3368 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
19:03:07.0872 3368 C:\Program Files\Windows Calendar\WinCal.exe - ok
19:03:07.0875 3368 [ 6CB6621885CCDB77BE40CA75DF9EBF45 ] C:\Program Files\OpenOffice.org 3\program\simpress.exe
19:03:07.0875 3368 C:\Program Files\OpenOffice.org 3\program\simpress.exe - ok
19:03:07.0879 3368 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
19:03:07.0879 3368 C:\Program Files\Windows Mail\wab.exe - ok
19:03:07.0884 3368 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\11181603.sys
19:03:07.0884 3368 C:\Windows\System32\drivers\11181603.sys - ok
19:03:07.0891 3368 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll
19:03:07.0891 3368 C:\Windows\System32\msiltcfg.dll - ok
19:03:07.0895 3368 [ B0F11A24BDB7BC744722D882E90267AE ] C:\Program Files\OpenOffice.org 3\program\sbase.exe
19:03:07.0895 3368 C:\Program Files\OpenOffice.org 3\program\sbase.exe - ok
19:03:07.0901 3368 [ 395335431AD55C167CFDBBAB8420DA73 ] C:\Program Files\Movie Maker\DVDMaker.exe
19:03:07.0902 3368 C:\Program Files\Movie Maker\DVDMaker.exe - ok
19:03:07.0906 3368 [ 7E6EA9CB72B5DE84A5D700BED877E5F9 ] C:\Program Files\Windows Mail\WinMail.exe
19:03:07.0906 3368 C:\Program Files\Windows Mail\WinMail.exe - ok
19:03:07.0910 3368 [ B7ED332A57FC78CA29E40D3619550225 ] C:\Windows\ehome\ehshell.exe
19:03:07.0910 3368 C:\Windows\ehome\ehshell.exe - ok
19:03:07.0913 3368 [ A76F5EB146C0859489818C3F913CB5A6 ] C:\Program Files\AVS4YOU\Uninstall.exe
19:03:07.0913 3368 C:\Program Files\AVS4YOU\Uninstall.exe - ok
19:03:07.0918 3368 [ FA4B5940B31853ADE67A73026884C8C9 ] C:\Windows\System32\dfshim.dll
19:03:07.0918 3368 C:\Windows\System32\dfshim.dll - ok
19:03:07.0945 3368 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
19:03:07.0945 3368 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
19:03:07.0950 3368 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
19:03:07.0951 3368 C:\Windows\System32\mscoree.dll - ok
19:03:07.0955 3368 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
19:03:07.0955 3368 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
19:03:07.0959 3368 [ AB6D0A4EBA0B43A83A21F698F3E1BCC8 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
19:03:07.0959 3368 C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll - ok
19:03:07.0966 3368 [ 215CE077258CEDD5BE4C56E9D614DB9F ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
19:03:07.0966 3368 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
19:03:07.0969 3368 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
19:03:07.0969 3368 C:\Windows\System32\msvcr100_clr0400.dll - ok
19:03:07.0973 3368 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe
19:03:07.0973 3368 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
19:03:07.0977 3368 [ FFDC9B03F80FE0472918407404725543 ] C:\Users\JT.Jared-PC\AppData\Local\Roblox\Versions\version-eecd9135a67340ab\Roblox.exe
19:03:07.0977 3368 C:\Users\JT.Jared-PC\AppData\Local\Roblox\Versions\version-eecd9135a67340ab\Roblox.exe - ok
19:03:07.0984 3368 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
19:03:07.0984 3368 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
19:03:07.0990 3368 [ 00000000000000000000000000000000 ] C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\Sansa Media Converter.EXE
19:03:07.0990 3368 C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\Sansa Media Converter.EXE - ok
19:03:07.0994 3368 [ ADFEBD59E05E7302CAD384E4E22C4875 ] C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
19:03:07.0995 3368 C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe - ok
19:03:08.0000 3368 [ 5AEAFAD91042C188498FF8945C80ED9B ] C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
19:03:08.0000 3368 C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe - ok
19:03:08.0009 3368 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe
19:03:08.0009 3368 C:\Windows\System32\wuapp.exe - ok
19:03:08.0017 3368 [ 42CE2206B168AB4E20AF6CEBDD7421E1 ] C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe
19:03:08.0017 3368 C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe - ok
19:03:08.0021 3368 [ 9ABF687071C649609BF7E177062A9008 ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
19:03:08.0021 3368 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok
19:03:08.0025 3368 [ FFD8CC893D4757888731F2E44055900B ] C:\Games\Toribash-3.94\toribash.exe
19:03:08.0025 3368 C:\Games\Toribash-3.94\toribash.exe - ok
19:03:08.0051 3368 [ 314C76642049DD4E9B964BC333A620B1 ] C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
19:03:08.0051 3368 C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe - ok
19:03:08.0055 3368 [ CD9C71270466A09E867DC108A097E0DD ] C:\Program Files\Audacity 1.3 Beta (Unicode)\audacity.exe
19:03:08.0055 3368 C:\Program Files\Audacity 1.3 Beta (Unicode)\audacity.exe - ok
19:03:08.0058 3368 [ C456658AF90F42BE3CDF1048F9CDB5CA ] C:\Windows\System32\wpcumi.exe
19:03:08.0058 3368 C:\Windows\System32\wpcumi.exe - ok
19:03:08.0061 3368 [ 124E2C20AB91D299EC9526C31E8B7BDD ] C:\Program Files\foobar2000\foobar2000.exe
19:03:08.0062 3368 C:\Program Files\foobar2000\foobar2000.exe - ok
19:03:08.0067 3368 [ C5F1D82D9CC8979971CC748FCB2EE7CA ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
19:03:08.0068 3368 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe - ok
19:03:08.0072 3368 [ 8A4D564076F8739C8C0C2B9A461F9408 ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
19:03:08.0072 3368 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll - ok
19:03:08.0076 3368 [ 5C32C1096F504177843540F731970235 ] C:\Windows\System32\igfxtray.exe
19:03:08.0076 3368 C:\Windows\System32\igfxtray.exe - ok
19:03:08.0078 3368 [ 7B204EC5B3D3C2781394778D72A6D147 ] C:\Program Files\Common Files\microsoft shared\PhotoEd\PHOTOED.EXE
19:03:08.0078 3368 C:\Program Files\Common Files\microsoft shared\PhotoEd\PHOTOED.EXE - ok
19:03:08.0083 3368 [ CD06EB1E4269EE1A00AEA6FC25A8FF08 ] C:\Windows\System32\hccutils.dll
19:03:08.0083 3368 C:\Windows\System32\hccutils.dll - ok
19:03:08.0087 3368 [ D82FCF05051438693043885501919F77 ] C:\Windows\System32\igfxsrvc.exe
19:03:08.0087 3368 C:\Windows\System32\igfxsrvc.exe - ok
19:03:08.0090 3368 [ E2104096C9033ADD333BAEAE475F921E ] C:\Windows\System32\hkcmd.exe
19:03:08.0090 3368 C:\Windows\System32\hkcmd.exe - ok
19:03:08.0093 3368 [ 0CEBD9F54FC23E34040A8DD49A9C0EC6 ] C:\Windows\System32\igfxpers.exe
19:03:08.0093 3368 C:\Windows\System32\igfxpers.exe - ok
19:03:08.0098 3368 [ 3917664C26B4344768C288BBA6FEFCB6 ] C:\Program Files\Dell Support Center\bin\sprtcmd.exe
19:03:08.0098 3368 C:\Program Files\Dell Support Center\bin\sprtcmd.exe - ok
19:03:08.0103 3368 [ 0D392EDE3B97E0B3131B2F63EF1DB94E ] C:\Program Files\Windows Defender\MSASCui.exe
19:03:08.0103 3368 C:\Program Files\Windows Defender\MSASCui.exe - ok
19:03:08.0107 3368 [ F530A7B2408A8D95518CC68057504BCA ] C:\Windows\System32\igfxsrvc.dll
19:03:08.0107 3368 C:\Windows\System32\igfxsrvc.dll - ok
19:03:08.0111 3368 [ E774F875819DEE4A312A921A88F779FE ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
19:03:08.0111 3368 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
19:03:08.0117 3368 [ 2309320E453A7004B65C4D4075C1E7D6 ] C:\Windows\System32\igfxdev.dll
19:03:08.0117 3368 C:\Windows\System32\igfxdev.dll - ok
19:03:08.0121 3368 [ 4725295F9A3613D5E07C8B265AF5AE75 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SIGNINOPTIONS.EXE
19:03:08.0121 3368 C:\Program Files\Common Files\microsoft shared\Windows Live\SIGNINOPTIONS.EXE - ok
19:03:08.0127 3368 [ 1BCE2C02487972FF0D5E6702D79E7A75 ] C:\Program Files\7-Zip\7zFM.exe
19:03:08.0127 3368 C:\Program Files\7-Zip\7zFM.exe - ok
19:03:08.0132 3368 [ CCA6D858736586EECF8C7C66ED50BCBB ] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
19:03:08.0132 3368 C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe - ok
19:03:08.0136 3368 [ FD9BB1596433AE242DEF9320E4645BDC ] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe
19:03:08.0136 3368 C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe - ok
19:03:08.0140 3368 [ 1ED2124313CCE34C877247574212EFC8 ] C:\Windows\System32\calc.exe
19:03:08.0140 3368 C:\Windows\System32\calc.exe - ok
19:03:08.0143 3368 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:03:08.0143 3368 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
19:03:08.0148 3368 [ 338104E0E18307CD65604FE317B5FB8D ] C:\Windows\System32\mblctr.exe
19:03:08.0148 3368 C:\Windows\System32\mblctr.exe - ok
19:03:08.0152 3368 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
19:03:08.0152 3368 C:\Windows\System32\stobject.dll - ok
19:03:08.0155 3368 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
19:03:08.0155 3368 C:\Windows\System32\batmeter.dll - ok
19:03:08.0160 3368 [ E634A88CFA85F413E2D41476520D61BC ] C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
19:03:08.0160 3368 C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe - ok
19:03:08.0167 3368 [ B1AFF0B6DED627A1D22A6817DD58AC0F ] C:\Windows\System32\NetProj.exe
19:03:08.0167 3368 C:\Windows\System32\NetProj.exe - ok
19:03:08.0171 3368 [ 694AF8B27C9A0A99399E02CE977F986B ] C:\Windows\System32\mspaint.exe
19:03:08.0171 3368 C:\Windows\System32\mspaint.exe - ok
19:03:08.0174 3368 [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe
19:03:08.0174 3368 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
19:03:08.0178 3368 [ 16FEE292E95EDC274385103E6B498019 ] C:\Windows\System32\mstsc.exe
19:03:08.0178 3368 C:\Windows\System32\mstsc.exe - ok
19:03:08.0182 3368 [ BF08674925F151BD4537B89A493E3E0C ] C:\Windows\ehome\ehtray.exe
19:03:08.0182 3368 C:\Windows\ehome\ehtray.exe - ok
19:03:08.0186 3368 [ 9E35FF7F943AE0FB89192BFE058B7FD4 ] C:\Program Files\Windows Sidebar\sidebar.exe
19:03:08.0186 3368 C:\Program Files\Windows Sidebar\sidebar.exe - ok
19:03:08.0189 3368 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
19:03:08.0189 3368 C:\Windows\System32\SndVolSSO.dll - ok
19:03:08.0192 3368 [ E0E15F209360E4A97ABCC21A486B4AEE ] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
19:03:08.0193 3368 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe - ok
19:03:08.0196 3368 [ E80DB295132C5EF0C623935422BD0FC7 ] C:\Windows\System32\SnippingTool.exe
19:03:08.0196 3368 C:\Windows\System32\SnippingTool.exe - ok
19:03:08.0200 3368 [ 313B30189557A2E2793F845DE0F0A4D5 ] C:\Windows\ehome\ehSSO.dll
19:03:08.0200 3368 C:\Windows\ehome\ehSSO.dll - ok
19:03:08.0204 3368 [ 3C43470506F54EE0A6D1C7B890AC879E ] C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
19:03:08.0204 3368 C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE - ok
19:03:08.0208 3368 [ 248F33A6C2380757BC1E20E34D9E827B ] C:\Windows\System32\SoundRecorder.exe
19:03:08.0208 3368 C:\Windows\System32\SoundRecorder.exe - ok
19:03:08.0211 3368 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
19:03:08.0211 3368 C:\Windows\System32\netshell.dll - ok
19:03:08.0215 3368 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll
19:03:08.0215 3368 C:\Windows\System32\pnidui.dll - ok
19:03:08.0219 3368 [ 390679F7A217A5E73D756276C40AE887 ] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
19:03:08.0219 3368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - ok
19:03:08.0222 3368 [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe
19:03:08.0222 3368 C:\Windows\System32\mobsync.exe - ok
19:03:08.0226 3368 [ 19D0FC69D4E68D5CE2E4B34940529727 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
19:03:08.0226 3368 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
19:03:08.0229 3368 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll
19:03:08.0229 3368 C:\Windows\System32\rasdlg.dll - ok
19:03:08.0234 3368 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
19:03:08.0234 3368 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
19:03:08.0237 3368 [ 105A4D87C8DCF2CF5DB042830B203E5F ] C:\Windows\Speech\Common\sapisvr.exe
19:03:08.0238 3368 C:\Windows\Speech\Common\sapisvr.exe - ok
19:03:08.0241 3368 [ A623666C8A8EC9A57DCA07915A3F1EC6 ] C:\Windows\System32\sdclt.exe
19:03:08.0241 3368 C:\Windows\System32\sdclt.exe - ok
19:03:08.0244 3368 [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\Windows\System32\pautoenr.dll
19:03:08.0244 3368 C:\Windows\System32\pautoenr.dll - ok
19:03:08.0249 3368 [ AC48FD62E22C4425879FCA5A63F50497 ] C:\Windows\System32\certcli.dll
19:03:08.0249 3368 C:\Windows\System32\certcli.dll - ok
19:03:08.0254 3368 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
19:03:08.0254 3368 C:\Windows\System32\wlanapi.dll - ok
19:03:08.0257 3368 [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\Windows\System32\CertEnroll.dll
19:03:08.0257 3368 C:\Windows\System32\CertEnroll.dll - ok
19:03:08.0261 3368 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll
19:03:08.0261 3368 C:\Windows\System32\AltTab.dll - ok
19:03:08.0265 3368 [ 00D36A53A79B593C5F589105F8100D5F ] C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
19:03:08.0265 3368 C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe - ok
19:03:08.0269 3368 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll
19:03:08.0269 3368 C:\Windows\System32\WPDShServiceObj.dll - ok
19:03:08.0273 3368 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll
19:03:08.0273 3368 C:\Windows\System32\PortableDeviceTypes.dll - ok
19:03:08.0276 3368 [ 6840CD6DD6C3E00457B55738BBFD6DAC ] C:\Program Files\Evoluent\VMouse\V4\EvoMouseHook.dll
19:03:08.0276 3368 C:\Program Files\Evoluent\VMouse\V4\EvoMouseHook.dll - ok
19:03:08.0281 3368 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll
19:03:08.0281 3368 C:\Windows\System32\srchadmin.dll - ok
19:03:08.0285 3368 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
19:03:08.0285 3368 C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
19:03:08.0289 3368 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
19:03:08.0289 3368 C:\Windows\System32\webcheck.dll - ok
19:03:08.0292 3368 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll
19:03:08.0292 3368 C:\Windows\System32\SyncCenter.dll - ok
19:03:08.0296 3368 [ 05B6A5CE1C7767C32DF35966107CB1EC ] C:\Windows\System32\hhctrl.ocx
19:03:08.0296 3368 C:\Windows\System32\hhctrl.ocx - ok
19:03:08.0300 3368 [ 0F4195B9B348DE5CF9B822F81704B20E ] C:\Windows\ehome\ehmsas.exe
19:03:08.0300 3368 C:\Windows\ehome\ehmsas.exe - ok
19:03:08.0304 3368 [ 40C83177506E4CCABB45E1F0E350993B ] C:\Program Files\SetPoint\SetPoint.exe
19:03:08.0304 3368 C:\Program Files\SetPoint\SetPoint.exe - ok
19:03:08.0307 3368 [ BB4910DE8B6C5E30DF39EC97308D44BA ] C:\Windows\System32\charmap.exe
19:03:08.0307 3368 C:\Windows\System32\charmap.exe - ok
19:03:08.0310 3368 [ 2327C11B043FCEB80BE00CC8D077E9AA ] C:\Windows\System32\dfrgui.exe
19:03:08.0310 3368 C:\Windows\System32\dfrgui.exe - ok
19:03:08.0315 3368 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56 ] C:\Windows\System32\wscntfy.dll
19:03:08.0315 3368 C:\Windows\System32\wscntfy.dll - ok
19:03:08.0319 3368 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys
19:03:08.0319 3368 C:\Windows\System32\drivers\cdfs.sys - ok
19:03:08.0322 3368 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll
19:03:08.0322 3368 C:\Windows\System32\imapi2.dll - ok
19:03:08.0326 3368 [ 6619FBECBF8AD8148AD0B9EAA6B939B2 ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
19:03:08.0326 3368 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
19:03:08.0329 3368 [ 86AB3F6C784197DC1D994A83AF4259CD ] C:\Windows\System32\cleanmgr.exe
19:03:08.0329 3368 C:\Windows\System32\cleanmgr.exe - ok
19:03:08.0334 3368 [ 8274C87726D4561EE8750D883764ACC1 ] C:\Windows\System32\wbem\unsecapp.exe
19:03:08.0334 3368 C:\Windows\System32\wbem\unsecapp.exe - ok
19:03:08.0337 3368 [ FBF628702A408977FEB0845D48F4F154 ] C:\Windows\System32\migwiz\migwiz.exe
19:03:08.0338 3368 C:\Windows\System32\migwiz\migwiz.exe - ok
19:03:08.0341 3368 [ D3D1CE8FF30786D50272DA3085149904 ] C:\Windows\System32\msinfo32.exe
19:03:08.0341 3368 C:\Windows\System32\msinfo32.exe - ok
19:03:08.0345 3368 [ 95D5AC5CCBE10E8B4B8A0DF41022568D ] C:\Windows\System32\rstrui.exe
19:03:08.0345 3368 C:\Windows\System32\rstrui.exe - ok
19:03:08.0350 3368 [ C9B520028498E5DA23651619F8A556D4 ] C:\Windows\System32\StikyNot.exe
19:03:08.0350 3368 C:\Windows\System32\StikyNot.exe - ok
19:03:08.0354 3368 [ 7122B0AA2212B07BBFC49BD22215BF3B ] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
19:03:08.0354 3368 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - ok
19:03:08.0358 3368 [ 6AD252B89E74A2805D30D632647E62B6 ] C:\Program Files\Evoluent\VMouse\V4\EvoSetupCustomAction.exe
19:03:08.0358 3368 C:\Program Files\Evoluent\VMouse\V4\EvoSetupCustomAction.exe - ok
19:03:08.0368 3368 [ C20436B4F0596ACD5569749206F99265 ] C:\Program Files\Windows Journal\Journal.exe
19:03:08.0368 3368 C:\Program Files\Windows Journal\Journal.exe - ok
19:03:08.0373 3368 [ 36B6F71B6D7D280302B348145DB05A9F ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
19:03:08.0373 3368 C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe - ok
19:03:08.0377 3368 [ DF4217DDB34A0B73DC7AAC7829371C0C ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
19:03:08.0377 3368 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
19:03:08.0382 3368 [ B9E766FA56607DEB9DB9CCD03467A875 ] C:\Windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut4_2C44B39324B94969A0B2A3EFCFBC4594.exe
19:03:08.0382 3368 C:\Windows\Installer\{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}\NewShortcut4_2C44B39324B94969A0B2A3EFCFBC4594.exe - ok
19:03:08.0386 3368 [ 4CAAD229A00C0DEFFF51841AE2B93B46 ] C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll
19:03:08.0386 3368 C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll - ok
19:03:08.0390 3368 [ C559672F31ABE6BA7277DD73C4502238 ] C:\Windows\System32\msiexec.exe
19:03:08.0390 3368 C:\Windows\System32\msiexec.exe - ok
19:03:08.0393 3368 [ 1C474C0C4CB5F15A555FE912CBF4549C ] C:\Windows\System32\odbcad32.exe
19:03:08.0393 3368 C:\Windows\System32\odbcad32.exe - ok
19:03:08.0398 3368 [ 1CB1B95D67BC380FBCCFAEA3CF2DDA80 ] C:\Windows\System32\iscsicpl.exe
19:03:08.0398 3368 C:\Windows\System32\iscsicpl.exe - ok
19:03:08.0403 3368 [ 8D865A3E7E2C78317EDE4EAE8316284F ] C:\Windows\System32\MdSched.exe
19:03:08.0403 3368 C:\Windows\System32\MdSched.exe - ok
19:03:08.0408 3368 [ 7CF9DBE2D5D2CA53DD33B5C708CC9B7A ] C:\Windows\System32\mmcshext.dll
19:03:08.0409 3368 C:\Windows\System32\mmcshext.dll - ok
19:03:08.0416 3368 [ 75C594669717137332364E44C38777E1 ] C:\Windows\System32\hhsetup.dll
19:03:08.0416 3368 C:\Windows\System32\hhsetup.dll - ok
19:03:08.0420 3368 [ F3880570EF4ADF91795DDB8574764D51 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
19:03:08.0420 3368 C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe - ok
19:03:08.0424 3368 [ 7629E9BB2FF06EACA62580A2C1D4FE6A ] C:\Windows\System32\msconfig.exe
19:03:08.0424 3368 C:\Windows\System32\msconfig.exe - ok
19:03:08.0427 3368 [ 08904F860B94F29FCF200B623D93389E ] C:\Intel\ExtremeGraphics\CUI\Resource\igfxres.dll
19:03:08.0427 3368 C:\Intel\ExtremeGraphics\CUI\Resource\igfxres.dll - ok
19:03:08.0432 3368 [ B9440AE91F8541576C41F29F560F53FC ] C:\Windows\System32\KemUtil.dll
19:03:08.0432 3368 C:\Windows\System32\KemUtil.dll - ok
19:03:08.0441 3368 [ E97BC7718923E0B9EF6C10984D4E759A ] C:\Program Files\Microsoft IntelliPoint\ipres.dll
19:03:08.0441 3368 C:\Program Files\Microsoft IntelliPoint\ipres.dll - ok
19:03:08.0445 3368 [ DB597A3335155D623462562C847C9A4C ] C:\Program Files\Auslogics\Auslogics Disk Defrag Professional\DiskDefrag.exe
19:03:08.0445 3368 C:\Program Files\Auslogics\Auslogics Disk Defrag Professional\DiskDefrag.exe - ok
19:03:08.0451 3368 [ 2C45682AFD6F0B7896DBF97D1F2F3577 ] C:\Program Files\Auslogics\Auslogics Disk Defrag Professional\unins000.exe
19:03:08.0451 3368 C:\Program Files\Auslogics\Auslogics Disk Defrag Professional\unins000.exe - ok
19:03:08.0455 3368 [ 1A92C36288CA72EAE731243EA4426185 ] C:\Program Files\AVS4YOU\Registration.exe
19:03:08.0455 3368 C:\Program Files\AVS4YOU\Registration.exe - ok
19:03:08.0459 3368 [ E3102DBA1D25A32ABC498C0886F0C9F3 ] C:\Program Files\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe
19:03:08.0459 3368 C:\Program Files\AVS4YOU\AVSUpdateManager\AVSUpdateManager.exe - ok
19:03:08.0465 3368 [ 310A4E352895D417F8834A95D263AA1D ] C:\Program Files\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe
19:03:08.0465 3368 C:\Program Files\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe - ok
19:03:08.0517 3368 [ 8B2575BAA6FB12B4744BBF3076C2A0A1 ] C:\Program Files\Common Files\AVSMedia\ActiveX\Repairing.exe
19:03:08.0517 3368 C:\Program Files\Common Files\AVSMedia\ActiveX\Repairing.exe - ok
19:03:08.0521 3368 [ 8B51F008FBF580899E0BB3DB48B6D899 ] C:\Program Files\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
19:03:08.0521 3368 C:\Program Files\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe - ok
19:03:08.0525 3368 [ 5C83FF19F99CD024F1FDF247DD51727D ] C:\Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe
19:03:08.0525 3368 C:\Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe - ok
19:03:08.0531 3368 [ 45C26D4AF94C4D2335B5960F1D9BCC7D ] C:\Program Files\CCleaner\CCleaner.exe
19:03:08.0531 3368 C:\Program Files\CCleaner\CCleaner.exe - ok
19:03:08.0535 3368 [ BE8B86BC2B57FB83C597ABD90AB4621A ] C:\Program Files\CCleaner\uninst.exe
19:03:08.0535 3368 C:\Program Files\CCleaner\uninst.exe - ok
19:03:08.0539 3368 [ F7798864C7A29BABF92353FC1128506B ] C:\Program Files\JetAudio\JetAudio.exe
19:03:08.0539 3368 C:\Program Files\JetAudio\JetAudio.exe - ok
19:03:08.0544 3368 [ 709973DB6DDDD35A0A433A8594D82051 ] C:\Program Files\JetAudio\JetCast.exe
19:03:08.0544 3368 C:\Program Files\JetAudio\JetCast.exe - ok
19:03:08.0550 3368 [ 3F49CCB07DD991746FBC6EFB32D26CFD ] C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe
19:03:08.0550 3368 C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe - ok
19:03:08.0553 3368 [ 23754E13C135B321D39A6F66A4032D11 ] C:\Program Files\Microsoft IntelliPoint\srres.dll
19:03:08.0553 3368 C:\Program Files\Microsoft IntelliPoint\srres.dll - ok
19:03:08.0557 3368 [ F892C6EBD16789797404AE4DC7D12862 ] C:\Program Files\JetAudio\JetRecorder.exe
19:03:08.0557 3368 C:\Program Files\JetAudio\JetRecorder.exe - ok
19:03:08.0561 3368 [ BB08DD42A0403ED51A6B4D2C2727454D ] C:\Program Files\JetAudio\JetTrim.exe
19:03:08.0561 3368 C:\Program Files\JetAudio\JetTrim.exe - ok
19:03:08.0567 3368 [ 4C034BBB87EA41D4C7AEBAA9C9D0ED42 ] C:\Program Files\JetAudio\JetLogo.exe
19:03:08.0567 3368 C:\Program Files\JetAudio\JetLogo.exe - ok
19:03:08.0571 3368 [ D0C74B53F8141E85AC1D2DD5D6646EA1 ] C:\Program Files\JetAudio\JetShell.exe
19:03:08.0571 3368 C:\Program Files\JetAudio\JetShell.exe - ok
19:03:08.0575 3368 [ 7F40DAC7DA28AB532D3EB8414D9B7203 ] C:\Program Files\JetAudio\JetLyric.exe
19:03:08.0575 3368 C:\Program Files\JetAudio\JetLyric.exe - ok
19:03:08.0578 3368 [ CB499F76CB97903E2DDC4B2B3F8E3E99 ] C:\Program Files\JetAudio\JetVidCnv.exe
19:03:08.0578 3368 C:\Program Files\JetAudio\JetVidCnv.exe - ok
19:03:08.0582 3368 [ 0B2C55E98A226B22865E806CCFDEB67F ] C:\Program Files\JetAudio\JetVidCopy.exe
19:03:08.0582 3368 C:\Program Files\JetAudio\JetVidCopy.exe - ok
19:03:08.0586 3368 [ 96C93AB890C1A1A766D8CB56012817D9 ] C:\Program Files\Defraggler\Defraggler.exe
19:03:08.0586 3368 C:\Program Files\Defraggler\Defraggler.exe - ok
19:03:08.0590 3368 [ 82D7D889C5966882DA023ED28C5F6D18 ] C:\Program Files\Defraggler\uninst.exe
19:03:08.0590 3368 C:\Program Files\Defraggler\uninst.exe - ok
19:03:08.0593 3368 [ CB291AF5CE4294498BB45C9BAB4C45FC ] C:\Program Files\Dell\Dell Welcome\welcome.exe
19:03:08.0593 3368 C:\Program Files\Dell\Dell Welcome\welcome.exe - ok
19:03:08.0598 3368 [ 0B0296FDC8A4AC5B395A7B0AF9059342 ] C:\Program Files\Dell\Music Photos Videos Launcher\Launcher.exe
19:03:08.0598 3368 C:\Program Files\Dell\Music Photos Videos Launcher\Launcher.exe - ok
19:03:08.0602 3368 [ 9CCB794687638796285CD0F12FE2AB93 ] C:\Program Files\Dell\Product Documentation Launcher\Launcher.exe
19:03:08.0602 3368 C:\Program Files\Dell\Product Documentation Launcher\Launcher.exe - ok
19:03:08.0606 3368 [ 0A87198FACE29466307AEC11AE1AFC6B ] C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
19:03:08.0606 3368 C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe - ok
19:03:08.0609 3368 [ BF15CE70E055955FAFD81A18EC1C0771 ] C:\Program Files\DVD Shrink\unins000.exe
19:03:08.0609 3368 C:\Program Files\DVD Shrink\unins000.exe - ok
19:03:08.0615 3368 [ 6306DAD374EACD2A6266D94BBF5B3A37 ] C:\Windows\System32\spool\drivers\w32x86\3\E_SAG4ST.EXE
19:03:08.0615 3368 C:\Windows\System32\spool\drivers\w32x86\3\E_SAG4ST.EXE - ok
19:03:08.0619 3368 [ 02F6BFECDFA45458E4661F27D863652E ] C:\Windows\twain_32\escndv\escfg.exe
19:03:08.0619 3368 C:\Windows\twain_32\escndv\escfg.exe - ok
19:03:08.0624 3368 [ B73F17DF5CA5A1C748C36CC63297C6E3 ] C:\Windows\twain_32\escndv\escndv.exe
19:03:08.0624 3368 C:\Windows\twain_32\escndv\escndv.exe - ok
19:03:08.0628 3368 [ 12BB67CF96B3D88FE1C5D5B591D811AF ] C:\Windows\System32\spool\drivers\w32x86\3\E_FARNGMA.EXE
19:03:08.0628 3368 C:\Windows\System32\spool\drivers\w32x86\3\E_FARNGMA.EXE - ok
19:03:08.0633 3368 [ 668748F25F5872153D0C586E34ACBD90 ] C:\Windows\System32\spool\drivers\w32x86\3\E_DUPA30.EXE
19:03:08.0633 3368 C:\Windows\System32\spool\drivers\w32x86\3\E_DUPA30.EXE - ok
19:03:08.0639 3368 [ 6052311B66D18EB3E4ECEF13D0F74680 ] C:\Windows\System32\spool\drivers\w32x86\3\E_FINSGMA.EXE
19:03:08.0639 3368 C:\Windows\System32\spool\drivers\w32x86\3\E_FINSGMA.EXE - ok
19:03:08.0642 3368 [ A84EA25D1A9D5D8169F0B041C698DEFA ] C:\Program Files\epson\guide\wf840_el\uninstall.exe
19:03:08.0642 3368 C:\Program Files\epson\guide\wf840_el\uninstall.exe - ok
19:03:08.0647 3368 [ 326347CFA78559622928E0BA3DFAF00A ] C:\Windows\System32\jsproxy.dll
19:03:08.0647 3368 C:\Windows\System32\jsproxy.dll - ok
19:03:08.0651 3368 [ DDF4AD3D747511F0A406CFE5B0D282B4 ] C:\Program Files\Epson Software\Event Manager\EProjManager.exe
19:03:08.0651 3368 C:\Program Files\Epson Software\Event Manager\EProjManager.exe - ok
19:03:08.0655 3368 [ 8CA1AD2EF010F9D030D90830145BDCDC ] C:\Program Files\Epson Software\FAX Utility\FUFAXCNT.exe
19:03:08.0655 3368 C:\Program Files\Epson Software\FAX Utility\FUFAXCNT.exe - ok
19:03:08.0659 3368 [ 626F198768F67A0FEB3AD909E638F551 ] C:\Windows\System32\WindowsAnytimeUpgrade.exe
19:03:08.0659 3368 C:\Windows\System32\WindowsAnytimeUpgrade.exe - ok
19:03:08.0662 3368 [ E6AD36F833B5722E1231AD8378FD3272 ] C:\Program Files\Free File Opener\FreeFileOpener.exe
19:03:08.0662 3368 C:\Program Files\Free File Opener\FreeFileOpener.exe - ok
19:03:08.0667 3368 [ 4304D04DFDAAE621171A2F955981016E ] C:\Program Files\Microsoft Games\Chess\Chess.exe
19:03:08.0667 3368 C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
19:03:08.0670 3368 [ 21AD332BE723EFE40D9F32AD97BA8376 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
19:03:08.0670 3368 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
19:03:08.0675 3368 [ 6ED28075D6D9E0C0464048A30432A142 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
19:03:08.0675 3368 C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
19:03:08.0679 3368 [ EFF7DBEE92519EB96F70E1E31FDE7098 ] C:\Program Files\Microsoft Games\inkball\inkball.exe
19:03:08.0679 3368 C:\Program Files\Microsoft Games\inkball\inkball.exe - ok
19:03:08.0684 3368 [ 7A88900F2F11882FFCE3BF3D4EAEFB4B ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
19:03:08.0684 3368 C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
19:03:08.0688 3368 [ C8C383E6AA546780B2AD3034D6F6ACEF ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
19:03:08.0688 3368 C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
19:03:08.0691 3368 [ 3F903BDD206EB3C688651048B5E304E1 ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
19:03:08.0692 3368 C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
19:03:08.0695 3368 [ 07302F014858D038CB93CC349505D0E6 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
19:03:08.0695 3368 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
19:03:08.0700 3368 [ 401A203AB058DEC44BD44AA81BF2CB64 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
19:03:08.0700 3368 C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
19:03:08.0704 3368 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:03:08.0704 3368 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe - ok
19:03:08.0708 3368 [ 91F67571DB8E365E848F78AB4D6580EA ] C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe
19:03:08.0708 3368 C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe - ok
19:03:08.0712 3368 [ 6C07C7F41B93C0393F5FA5DD42C3C4AA ] C:\Program Files\Google\Drive\googledrivesync.exe
19:03:08.0712 3368 C:\Program Files\Google\Drive\googledrivesync.exe - ok
19:03:08.0718 3368 [ CF583890E4D587A2412299794245775B ] C:\Program Files\Index.dat Analyzer\index.exe
19:03:08.0718 3368 C:\Program Files\Index.dat Analyzer\index.exe - ok
19:03:08.0721 3368 [ 8AB2A72D9AA5F21A4EF3B4E1DACAA7A6 ] C:\Program Files\Index.dat Analyzer\unins000.exe
19:03:08.0721 3368 C:\Program Files\Index.dat Analyzer\unins000.exe - ok
19:03:08.0724 3368 [ 3141224EEBA075BC085175E60CD14782 ] C:\Windows\System32\msra.exe
19:03:08.0724 3368 C:\Windows\System32\msra.exe - ok
19:03:08.0728 3368 [ 64AC3F7547F15FF76F6AA60239532BD5 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
19:03:08.0728 3368 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - ok
19:03:08.0733 3368 [ 479CE0DA958AFBE803D7D81869EDB5EA ] C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
19:03:08.0733 3368 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe - ok
19:03:08.0737 3368 [ A395A3B1D30E051DE3C97EB0EA033DB4 ] C:\Program Files\Microsoft Mathematics\MathApp.exe
19:03:08.0737 3368 C:\Program Files\Microsoft Mathematics\MathApp.exe - ok
19:03:08.0741 3368 [ 222EDB9234167E6793D488E1CD0E2CA1 ] C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
19:03:08.0741 3368 C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe - ok
19:03:08.0748 3368 [ B6384C99ED7472F39977B1A2663C2BE2 ] C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe
19:03:08.0748 3368 C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe - ok
19:03:08.0752 3368 [ FE01A9088D1E62B0A4A31084CC6E43FC ] C:\Program Files\Microsoft Works\WksSb.exe
19:03:08.0752 3368 C:\Program Files\Microsoft Works\WksSb.exe - ok
19:03:08.0755 3368 [ CE56C2B2D0EE4669F2C193147A83E6B7 ] C:\Program Files\Microsoft Works\wksss.exe
19:03:08.0755 3368 C:\Program Files\Microsoft Works\wksss.exe - ok
19:03:08.0759 3368 [ B11DC3D321AA003E6BEB770DC2911D2A ] C:\Program Files\Microsoft Works\WksWP.exe
19:03:08.0759 3368 C:\Program Files\Microsoft Works\WksWP.exe - ok
19:03:08.0764 3368 [ ABFF8530856CC92B29C85D21ED4D1E5F ] C:\Nexon\Combat Arms\CombatArms.exe
19:03:08.0764 3368 C:\Nexon\Combat Arms\CombatArms.exe - ok
19:03:08.0768 3368 [ 75F9914DDA891DEE8423366AFA466941 ] C:\Program Files\OpenOffice.org 3\program\smath.exe
19:03:08.0768 3368 C:\Program Files\OpenOffice.org 3\program\smath.exe - ok
19:03:08.0772 3368 [ 3CDE246DAF2AEF1B2086EEAC9271D92D ] C:\Program Files\OpenOffice.org 3\program\sdraw.exe
19:03:08.0772 3368 C:\Program Files\OpenOffice.org 3\program\sdraw.exe - ok
19:03:08.0775 3368 [ 55AC20F82DA311D68A07CE2810F0827E ] C:\Program Files\OpenOffice.org 3\program\soffice.exe
19:03:08.0775 3368 C:\Program Files\OpenOffice.org 3\program\soffice.exe - ok
19:03:08.0779 3368 [ DD2443725E5A7E4DAC16E729A9E2837E ] C:\Program Files\Real\RealPlayer\realconverter.exe
19:03:08.0779 3368 C:\Program Files\Real\RealPlayer\realconverter.exe - ok
19:03:08.0786 3368 [ 17755F45656BF6144B1968C0AEDA6D12 ] C:\Program Files\Real\RealPlayer\realtrimmer.exe
19:03:08.0787 3368 C:\Program Files\Real\RealPlayer\realtrimmer.exe - ok
19:03:08.0791 3368 [ 6CB49F640C31D8C27629B606E4EB1490 ] C:\Program Files\Real\RealPlayer\realplay.exe
19:03:08.0791 3368 C:\Program Files\Real\RealPlayer\realplay.exe - ok
19:03:08.0795 3368 [ 4AA8C5F571C92264479660C13B5628B7 ] C:\Program Files\Roblox\Versions\version-b3dc906c765c40b6\Roblox.exe
19:03:08.0795 3368 C:\Program Files\Roblox\Versions\version-b3dc906c765c40b6\Roblox.exe - ok
19:03:08.0800 3368 [ F354669460AF1397B7E54B374023655C ] C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe
19:03:08.0801 3368 C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe - ok
19:03:08.0805 3368 [ 4CD08EEAC08BA53A38E48AF4813E1968 ] C:\Program Files\Spybot - Search & Destroy\SDShred.exe
19:03:08.0805 3368 C:\Program Files\Spybot - Search & Destroy\SDShred.exe - ok
19:03:08.0808 3368 [ 0477C2F9171599CA5BC3307FDFBA8D89 ] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
19:03:08.0809 3368 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe - ok
19:03:08.0812 3368 [ 0BA1ACFEE0532249412F53EE6374EE93 ] C:\Program Files\Spybot - Search & Destroy\unins000.exe
19:03:08.0812 3368 C:\Program Files\Spybot - Search & Destroy\unins000.exe - ok
19:03:08.0818 3368 [ 7C616AD7AE8F75278A069641ECFCDC06 ] C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
19:03:08.0818 3368 C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe - ok
19:03:08.0822 3368 [ 338B84FF39371D78347234D3446C3838 ] C:\Program Files\THQ\Finding Nemo UWF\NemoUWF.exe
19:03:08.0822 3368 C:\Program Files\THQ\Finding Nemo UWF\NemoUWF.exe - ok
19:03:08.0826 3368 [ F6E015DA6BBF4F2036650C246F019F3C ] C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
19:03:08.0826 3368 C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe - ok
19:03:08.0832 3368 [ D284423B7D5DA40C712DEE45A25191D1 ] C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
19:03:08.0832 3368 C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll - ok
19:03:08.0836 3368 [ D95B37E3E9DC956905CDF45F960AD52B ] C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
19:03:08.0836 3368 C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll - ok
19:03:08.0840 3368 [ 717D2D0CFDF85A69754CE559E8C97DEF ] C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
19:03:08.0840 3368 C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll - ok
19:03:08.0844 3368 [ 25E83534F526974AC6228B0F46045EBC ] C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
19:03:08.0844 3368 C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll - ok
19:03:08.0850 3368 [ 0E08C168533B2D2A0ED292B025256E00 ] C:\Program Files\MyTomTom 3\MyTomTomSA.exe
19:03:08.0850 3368 C:\Program Files\MyTomTom 3\MyTomTomSA.exe - ok
19:03:08.0855 3368 [ 035E66F184A77648F2BE4B6CC9987598 ] C:\Program Files\MyTomTom 3\Uninstall MyTomTom3.exe
19:03:08.0855 3368 C:\Program Files\MyTomTom 3\Uninstall MyTomTom3.exe - ok
19:03:08.0858 3368 [ CB1051D6CB0A73C84F1449482990A4D5 ] C:\Program Files\TP-LINK\QSS\jswscapp.exe
19:03:08.0858 3368 C:\Program Files\TP-LINK\QSS\jswscapp.exe - ok
19:03:08.0861 3368 [ 3E79F5B4D9F87C41A1A3ED9C649538AA ] C:\Program Files\Ultimate Encoder 7 Free\UE.exe
19:03:08.0861 3368 C:\Program Files\Ultimate Encoder 7 Free\UE.exe - ok
19:03:08.0866 3368 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
19:03:08.0867 3368 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
19:03:08.0871 3368 [ BF8650D4FEFB972A4A6A5FFC1F41C38C ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
19:03:08.0871 3368 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
19:03:08.0874 3368 [ EA321E01AA3786DAA4256DA735A299A0 ] C:\Program Files\SetPoint\SetPointCOM.DLL
19:03:08.0874 3368 C:\Program Files\SetPoint\SetPointCOM.DLL - ok
19:03:08.0878 3368 [ FB4D016D7DAD8294D4297D4BE31E0A47 ] C:\Windows\System32\kemutb.dll
19:03:08.0878 3368 C:\Windows\System32\kemutb.dll - ok
19:03:08.0881 3368 ============================================================
19:03:08.0881 3368 Scan finished
19:03:08.0881 3368 ============================================================
19:03:08.0891 2728 Detected object count: 8
19:03:08.0891 2728 Actual detected object count: 8
19:04:15.0538 2728 AERTFilters ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0538 2728 AERTFilters ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:15.0538 2728 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0538 2728 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:15.0539 2728 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0539 2728 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:15.0539 2728 jswpbapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0539 2728 jswpbapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:15.0539 2728 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0539 2728 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:15.0539 2728 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0539 2728 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:15.0541 2728 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0541 2728 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:15.0541 2728 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:04:15.0541 2728 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:04:31.0517 3256 Deinitialize success

Also I attached the logs.

#27 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 31 August 2012 - 11:50 AM

Please, log in as Jared and not JT since it was in Jared's folder the trojan was found. Turn off all running programs before running RogueKiller again. Paste the log into your answer.

#28 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 31 August 2012 - 11:38 PM

Log:
RogueKiller V8.0.1 [08/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Jared [Admin rights]
Mode : Scan -- Date : 08/31/2012 17:37:00
¤¤¤ Bad processes : 7 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH] SansaDispatch.exe -- C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-215613564-3252992321-3342676906-1011[...]\Run : SansaDispatch (C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4667 : wscript.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++
--- User ---
[MBR] 25eb30350c9e160deb561013fb9d3a61
[BSP] 67d6a64b04885546efc8a525e5a0cb5d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 466651 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#29 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 01 September 2012 - 10:25 PM

Perform everything from the Jared account.

1.
Please, follow the instructions on http://www.bleepingc...to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.
If ComboFix displays a message, for example that a rootkit was found, write it down as detailed as possible.

2.
Please, also run DDS and paste DDS.txt.

#30 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 03 September 2012 - 06:27 AM

Log:
ComboFix 12-09-01.01 - Jared 09/02/2012 21:06:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1948 [GMT -5:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Microsoft
c:\program files\Object
c:\program files\Object\config.ini
c:\program files\SGPSA
c:\programdata\30400248
c:\users\Jared\g2mdlhlpx.exe
c:\users\Jared\Mabinogi .lnk
c:\users\JT\AppData\Roaming\adaware-installer-reboot-required.tmp
c:\users\Public\Favorites\Mabinogi.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\912302e72feb4daf.fb
c:\windows\system32\Cache\a73a4c6506b67c11.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\ff30fd7744a0c9b3.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 02:16 . 2012-09-03 02:17 -------- d-----w- c:\users\Jared\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\JT\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Elly\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-03 02:16 . 2012-09-03 02:16 -------- d-----w- c:\users\Zach\AppData\Local\temp
2012-09-02 18:04 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9ED34764-E327-4073-BF31-701BACEE7BE8}\gapaengine.dll
2012-09-02 17:55 . 2012-09-02 17:55 -------- d-----w- C:\adawarebp
2012-09-02 17:51 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55C03909-67B2-43DA-8591-C9395FC4D665}\gapaengine.dll
2012-08-31 23:31 . 2012-08-31 23:31 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\adawarebp
2012-08-31 23:12 . 2012-08-31 23:12 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-08-31 22:54 . 2012-08-31 22:54 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Logitech
2012-08-31 22:42 . 2012-08-31 22:42 -------- d-----w- c:\program files\adawaretb
2012-08-31 22:40 . 2012-08-23 05:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF52525-2499-4BFA-8258-31E4D10C9C5B}\mpengine.dll
2012-08-31 01:22 . 2012-08-28 06:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51D34A3-9DC5-43A9-9787-436465C6F488}\mpengine.dll
2012-08-31 00:56 . 2012-09-02 18:09 -------- d-----w- c:\users\JT.Jared-PC\Tracing
2012-08-31 00:53 . 2012-08-31 00:53 -------- d-----w- c:\windows\en
2012-08-31 00:52 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-31 00:50 . 2012-08-31 00:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-31 00:46 . 2012-08-31 00:54 -------- d-----w- c:\program files\Windows Live
2012-08-31 00:42 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-08-31 00:41 . 2012-08-31 01:17 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Windows Live
2012-08-31 00:41 . 2012-08-31 00:41 -------- d-----w- c:\program files\Common Files\Windows Live
2012-08-29 23:17 . 2012-08-29 23:17 -------- d-----w- c:\users\Elly\AppData\Local\Free File Opener
2012-08-29 23:10 . 2012-08-29 23:10 -------- d-----w- c:\users\Elly\AppData\Local\Unity
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Roaming\Logitech
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Local\SupportSoft
2012-08-28 23:33 . 2012-08-28 23:33 -------- d-----w- c:\users\Elly\AppData\Roaming\Logitech
2012-08-28 19:49 . 2012-08-28 20:21 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\adaware
2012-08-28 19:47 . 2011-12-19 17:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47 . 2012-08-28 19:47 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 19:39 . 2012-08-28 19:39 -------- d-----w- c:\programdata\Lavasoft
2012-08-28 19:38 . 2012-08-28 19:50 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
2012-08-28 19:09 . 2012-08-28 19:09 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Logitech
2012-08-28 18:49 . 2006-11-16 18:44 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49 . 2006-11-16 18:44 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49 . 2006-11-16 18:44 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:49 . 2006-11-16 18:44 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:48 . 2012-08-28 18:48 -------- d-----w- c:\programdata\Logitech
2012-08-28 18:48 . 2012-08-28 18:53 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48 . 2012-08-28 18:49 -------- d-----w- c:\program files\Common Files\Logitech
2012-08-28 18:48 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-08-28 18:48 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-08-28 18:48 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-08-28 18:48 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-08-28 18:48 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-08-28 18:48 . 2012-08-28 18:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-08-28 18:48 . 2012-08-28 18:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\AVS4YOU
2012-08-20 01:06 . 2012-03-24 00:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06 . 2012-08-20 01:07 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-08-20 01:06 . 2012-03-24 00:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\Perion
2012-08-19 22:35 . 2012-08-19 22:35 448 ----a-w- C:\user.js
2012-08-19 21:35 . 2012-08-19 21:35 -------- d-----w- c:\users\JT\AppData\Local\Apps
2012-08-15 02:32 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43 . 2012-08-14 02:43 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42 . 2012-08-14 02:42 -------- d-----w- c:\program files\Common Files\supportsoft
2012-08-14 02:41 . 2012-08-14 02:41 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41 . 2007-07-26 22:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11 . 2012-08-13 22:11 -------- d-----w- c:\program files\Evoluent
2012-08-09 18:13 . 2012-08-09 18:13 -------- d-----w- c:\users\Zach\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 16:59 . 2012-08-06 16:59 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 14:17 . 2012-08-06 14:17 -------- d-----w- c:\users\Elly\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 02:44 . 2012-08-06 02:44 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Downloaded Installations
2012-08-05 00:06 . 2012-08-05 00:06 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 00:46 . 2009-08-18 17:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-31 00:41 . 2012-04-02 12:09 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 00:41 . 2011-12-02 22:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 05:15 . 2012-06-01 17:27 7022536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-08-23 05:15 . 2012-03-02 23:38 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-14 02:41 . 2011-12-12 22:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-02 19:51 . 2012-08-02 19:51 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-06-05 16:47 . 2012-07-13 01:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-13 01:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-25 02:01 . 2012-08-31 00:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-05-12 23:09 . 2012-05-12 23:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-10-11 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evoluent Mouse Manager.lnk - c:\windows\Installer\{A3A814AD-E978-4B68-A548-AC9C560C1B9D}\_A6095E4D62E53F7667CEA7.exe [2012-8-13 4286]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2012-8-28 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 840 Series]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2012-05-12 23:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-04 20:57 136176 ----atw- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2012-05-18 09:04 434168 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-03 21:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 840(Network)]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:41]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001Core.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001UA.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003Core.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003UA.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011Core.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011UA.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-02 c:\windows\Tasks\User_Feed_Synchronization-{064C70C4-A09A-458F-8141-F53A9022B020}.job
- c:\windows\system32\msfeedssync.exe [2011-06-09 16:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.11.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\y88i8nh3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - prefs.js: browser.startup.homepage - about:home
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-50559665.sys
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 21:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-02 21:19:20
ComboFix-quarantined-files.txt 2012-09-03 02:19
.
Pre-Run: 305,993,748,480 bytes free
Post-Run: 310,135,627,776 bytes free
.
- - End Of File - - 1A77B3384DE4B8FBB453120D5A87F566




DDS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Jared at 0:25:42 on 2012-09-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1445 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\TP-LINK\QSS\jswpbapi.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll"
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a3a814ad-e978-4b68-a548-ac9c560c1b9d}\_A6095E4D62E53F7667CEA7.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C2D91CE7-F628-489E-876F-72B5EEE71D4B} : DhcpNameServer = 192.168.11.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-7-21 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-2-16 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-2-16 121856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-26 21504]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\tp-link\qss\jswpbapi.exe [2012-7-21 188416]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-10 1153368]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-14 2666880]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-7-21 1387008]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-1 45288]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2012-8-2 20024]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-12-26 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-10-9 19968]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-28 95232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250568]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-8-26 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\tp-link\qss\jswpsapi.exe [2012-7-21 954368]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-30 114144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-28 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-09-03 02:19:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-03 02:19:27 -------- d-sh--w- \$RECYCLE.BIN
2012-09-03 02:19:22 -------- d-----w- c:\users\jt\appdata\local\temp
2012-09-03 02:00:54 98816 ----a-w- c:\windows\sed.exe
2012-09-03 02:00:54 518144 ----a-w- c:\windows\SWREG.exe
2012-09-03 02:00:54 256000 ----a-w- c:\windows\PEV.exe
2012-09-03 02:00:54 208896 ----a-w- c:\windows\MBR.exe
2012-09-03 02:00:50 -------- d-----w- C:\ComboFix
2012-09-03 02:00:50 -------- d-----w- \ComboFix
2012-09-03 01:59:40 -------- d-----w- \Qoobox
2012-09-02 18:04:20 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9ed34764-e327-4073-bf31-701bacee7be8}\gapaengine.dll
2012-09-02 17:55:04 -------- d-----w- C:\adawarebp
2012-09-02 17:55:04 -------- d-----w- \adawarebp
2012-09-02 17:51:09 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{55c03909-67b2-43da-8591-c9395fc4d665}\gapaengine.dll
2012-08-31 23:12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-08-31 22:42:35 -------- d-----w- c:\program files\adawaretb
2012-08-31 22:40:14 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{aaf52525-2499-4bfa-8258-31e4d10c9c5b}\mpengine.dll
2012-08-31 01:22:04 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e51d34a3-9dc5-43a9-9787-436465c6f488}\mpengine.dll
2012-08-31 00:53:47 -------- d-----w- c:\windows\en
2012-08-31 00:52:28 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-31 00:50:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-31 00:42:55 754688 ----a-w- c:\windows\system32\webservices.dll
2012-08-31 00:41:47 15712 ----a-w- c:\program files\common files\windows live\.cache\66e8ca011cd871105\MeshBetaRemover.exe
2012-08-31 00:41:43 89944 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\DSETUP.dll
2012-08-31 00:41:43 537432 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\DXSETUP.exe
2012-08-31 00:41:43 1801048 ----a-w- c:\program files\common files\windows live\.cache\64186bf11cd871104\dsetup32.dll
2012-08-31 00:41:38 94040 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\DSETUP.dll
2012-08-31 00:41:38 525656 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\DXSETUP.exe
2012-08-31 00:41:38 1691480 ----a-w- c:\program files\common files\windows live\.cache\6098bb111cd871103\dsetup32.dll
2012-08-31 00:41:03 -------- d-----w- c:\program files\common files\Windows Live
2012-08-28 19:47:29 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47:18 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 18:49:04 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49:04 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49:04 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:49:04 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:48:45 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48:24 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-08-28 18:48:24 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-08-28 18:48:24 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-08-28 18:48:23 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-08-28 18:48:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-08-28 18:48:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-08-28 18:48:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-08-20 01:06:10 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06:02 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-20 01:06:02 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06:02 -------- d-----w- c:\program files\common files\AVSMedia
2012-08-20 01:06:02 -------- d-----w- c:\program files\AVS4YOU
2012-08-19 22:35:46 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35:25 -------- d-----w- c:\program files\Perion
2012-08-19 21:35:46 -------- d-----w- c:\users\jt\appdata\local\Apps
2012-08-15 02:32:59 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53:20 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04:46 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43:58 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42:01 -------- d-----w- c:\program files\common files\supportsoft
2012-08-14 02:41:19 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41:18 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11:08 -------- d-----w- c:\program files\Evoluent
2012-08-05 00:06:35 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2012-08-31 00:41:08 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 00:41:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 02:41:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-02 19:51:40 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH: 0:26:12.14 ===============

#31 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 03 September 2012 - 11:02 AM

Good, several bad files were removed!

Please, uninstall Java™ 7 Update 4 since it is an old version with many vulnerabilities. It is now very easy to infect the computer from a web page. It is very important to keep, for example, Java updated.

Copy all lines in the box:
Killall::
ClearJavaCache::
DDS::
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uURLSearchHooks: H - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
SecCenter::
{108DAC43-C256-20B7-BB05-914135DA5160}
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.



#32 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 04 September 2012 - 12:07 AM

Log:



ComboFix 12-09-03.07 - Jared 09/03/2012 17:56:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1284 [GMT -5:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Jared\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Zach\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\JT\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Elly\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Colleen\AppData\Local\temp
2012-09-03 23:04 . 2012-09-03 23:04 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\temp
2012-09-03 20:40 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6935E9C7-45F6-47D5-8CB1-72723C157E5B}\gapaengine.dll
2012-09-02 18:04 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9ED34764-E327-4073-BF31-701BACEE7BE8}\gapaengine.dll
2012-09-02 17:55 . 2012-09-02 17:55 -------- d-----w- C:\adawarebp
2012-08-31 23:31 . 2012-08-31 23:31 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\adawarebp
2012-08-31 23:12 . 2012-08-31 23:12 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-08-31 22:54 . 2012-08-31 22:54 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Logitech
2012-08-31 22:42 . 2012-08-31 22:42 -------- d-----w- c:\program files\adawaretb
2012-08-31 22:40 . 2012-08-23 05:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF52525-2499-4BFA-8258-31E4D10C9C5B}\mpengine.dll
2012-08-31 01:22 . 2012-08-28 06:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51D34A3-9DC5-43A9-9787-436465C6F488}\mpengine.dll
2012-08-31 00:56 . 2012-09-03 22:16 -------- d-----w- c:\users\JT.Jared-PC\Tracing
2012-08-31 00:53 . 2012-08-31 00:53 -------- d-----w- c:\windows\en
2012-08-31 00:52 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-31 00:50 . 2012-08-31 00:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-31 00:46 . 2012-08-31 00:54 -------- d-----w- c:\program files\Windows Live
2012-08-31 00:42 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-08-31 00:41 . 2012-09-03 05:53 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Windows Live
2012-08-31 00:41 . 2012-08-31 00:41 -------- d-----w- c:\program files\Common Files\Windows Live
2012-08-29 23:17 . 2012-08-29 23:17 -------- d-----w- c:\users\Elly\AppData\Local\Free File Opener
2012-08-29 23:10 . 2012-08-29 23:10 -------- d-----w- c:\users\Elly\AppData\Local\Unity
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Roaming\Logitech
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Local\SupportSoft
2012-08-28 23:33 . 2012-08-28 23:33 -------- d-----w- c:\users\Elly\AppData\Roaming\Logitech
2012-08-28 19:49 . 2012-08-28 20:21 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\adaware
2012-08-28 19:47 . 2011-12-19 17:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47 . 2012-08-28 19:47 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 19:39 . 2012-08-28 19:39 -------- d-----w- c:\programdata\Lavasoft
2012-08-28 19:38 . 2012-08-28 19:50 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
2012-08-28 19:09 . 2012-08-28 19:09 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Logitech
2012-08-28 18:49 . 2006-11-16 18:44 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49 . 2006-11-16 18:44 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49 . 2006-11-16 18:44 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:49 . 2006-11-16 18:44 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:48 . 2012-08-28 18:48 -------- d-----w- c:\programdata\Logitech
2012-08-28 18:48 . 2012-08-28 18:53 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48 . 2012-08-28 18:49 -------- d-----w- c:\program files\Common Files\Logitech
2012-08-28 18:48 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-08-28 18:48 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-08-28 18:48 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-08-28 18:48 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-08-28 18:48 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-08-28 18:48 . 2012-08-28 18:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-08-28 18:48 . 2012-08-28 18:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\AVS4YOU
2012-08-20 01:06 . 2012-03-24 00:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06 . 2012-08-20 01:07 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-08-20 01:06 . 2012-03-24 00:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\Perion
2012-08-19 22:35 . 2012-08-19 22:35 448 ----a-w- C:\user.js
2012-08-19 21:35 . 2012-08-19 21:35 -------- d-----w- c:\users\JT\AppData\Local\Apps
2012-08-15 02:32 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43 . 2012-08-14 02:43 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42 . 2012-08-14 02:42 -------- d-----w- c:\program files\Common Files\supportsoft
2012-08-14 02:41 . 2012-08-14 02:41 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41 . 2007-07-26 22:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11 . 2012-08-13 22:11 -------- d-----w- c:\program files\Evoluent
2012-08-09 18:13 . 2012-08-09 18:13 -------- d-----w- c:\users\Zach\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 16:59 . 2012-08-06 16:59 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 14:17 . 2012-08-06 14:17 -------- d-----w- c:\users\Elly\AppData\Roaming\Ad-Aware Antivirus
2012-08-06 02:44 . 2012-08-06 02:44 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Downloaded Installations
2012-08-05 00:06 . 2012-08-05 00:06 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 00:46 . 2009-08-18 17:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-31 00:41 . 2012-04-02 12:09 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 00:41 . 2011-12-02 22:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 05:15 . 2012-06-01 17:27 7022536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-08-23 05:15 . 2012-03-02 23:38 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-14 02:41 . 2011-12-12 22:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-02 19:51 . 2012-08-02 19:51 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-08-25 02:01 . 2012-08-31 00:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-05-12 23:09 . 2012-05-12 23:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-10-11 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evoluent Mouse Manager.lnk - c:\windows\Installer\{A3A814AD-E978-4B68-A548-AC9C560C1B9D}\_A6095E4D62E53F7667CEA7.exe [2012-8-13 4286]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2012-8-28 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 840 Series]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2012-05-12 23:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-04 20:57 136176 ----atw- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2012-05-18 09:04 434168 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-03 21:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 840(Network)]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:41]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001Core.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001UA.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003Core.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003UA.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011Core.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011UA.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-03 c:\windows\Tasks\User_Feed_Synchronization-{064C70C4-A09A-458F-8141-F53A9022B020}.job
- c:\windows\system32\msfeedssync.exe [2011-06-09 16:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.11.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\y88i8nh3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - prefs.js: browser.startup.homepage - about:home
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 18:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-03 18:06:16
ComboFix-quarantined-files.txt 2012-09-03 23:06
ComboFix2.txt 2012-09-03 02:19
.
Pre-Run: 309,481,877,504 bytes free
Post-Run: 309,421,096,960 bytes free
.
- - End Of File - - 43CAC06BA22ED25C34E260AA85BB2DB6

#33 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 04 September 2012 - 12:23 AM

ComboFix didn't notice that you dropped CFScript on top of it. Please, try again.

#34 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 06 September 2012 - 04:35 AM

log:

ComboFix 12-09-03.07 - Jared 09/05/2012 22:17:00.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1673 [GMT -5:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
Command switches used :: c:\users\Jared\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 03:26 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBE5C96A-523B-4ABF-B113-306CB3D2D934}\gapaengine.dll
2012-09-06 03:24 . 2012-09-06 03:27 -------- d-----w- c:\users\Jared\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\Zach\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\JT\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\Elly\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\Colleen\AppData\Local\temp
2012-09-06 03:24 . 2012-09-06 03:24 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\temp
2012-09-05 20:50 . 2012-09-05 20:50 -------- d-----w- c:\program files\Common Files\Java
2012-09-05 20:49 . 2012-09-05 20:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 20:35 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C1AF2F8-920F-4729-9F3A-9EA9F439CA16}\gapaengine.dll
2012-09-02 17:55 . 2012-09-02 17:55 -------- d-----w- C:\adawarebp
2012-08-31 23:31 . 2012-08-31 23:31 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Local\adawarebp
2012-08-31 23:12 . 2012-08-31 23:12 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-08-31 22:54 . 2012-08-31 22:54 -------- d-----w- c:\users\Colleen.Jared-PC\AppData\Roaming\Logitech
2012-08-31 22:42 . 2012-08-31 22:42 -------- d-----w- c:\program files\adawaretb
2012-08-31 22:40 . 2012-08-23 05:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAF52525-2499-4BFA-8258-31E4D10C9C5B}\mpengine.dll
2012-08-31 01:22 . 2012-08-28 06:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E51D34A3-9DC5-43A9-9787-436465C6F488}\mpengine.dll
2012-08-31 00:56 . 2012-09-05 20:38 -------- d-----w- c:\users\JT.Jared-PC\Tracing
2012-08-31 00:53 . 2012-08-31 00:53 -------- d-----w- c:\windows\en
2012-08-31 00:52 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-08-31 00:50 . 2012-08-31 00:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-31 00:46 . 2012-08-31 00:54 -------- d-----w- c:\program files\Windows Live
2012-08-31 00:42 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-08-31 00:41 . 2012-09-03 05:53 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\Windows Live
2012-08-31 00:41 . 2012-08-31 00:41 -------- d-----w- c:\program files\Common Files\Windows Live
2012-08-29 23:17 . 2012-08-29 23:17 -------- d-----w- c:\users\Elly\AppData\Local\Free File Opener
2012-08-29 23:10 . 2012-08-29 23:10 -------- d-----w- c:\users\Elly\AppData\Local\Unity
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Roaming\Logitech
2012-08-28 23:38 . 2012-08-28 23:38 -------- d-----w- c:\users\Zach\AppData\Local\SupportSoft
2012-08-28 23:33 . 2012-08-28 23:33 -------- d-----w- c:\users\Elly\AppData\Roaming\Logitech
2012-08-28 19:49 . 2012-08-28 20:21 -------- d-----w- c:\users\JT.Jared-PC\AppData\Local\adaware
2012-08-28 19:47 . 2011-12-19 17:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-28 19:47 . 2012-08-28 19:47 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-28 19:39 . 2012-08-28 19:39 -------- d-----w- c:\programdata\Lavasoft
2012-08-28 19:38 . 2012-08-28 19:50 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
2012-08-28 19:09 . 2012-08-28 19:09 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\Logitech
2012-08-28 18:49 . 2006-11-16 18:44 69632 ----a-w- c:\windows\system32\KemXML.dll
2012-08-28 18:49 . 2006-11-16 18:44 163840 ----a-w- c:\windows\system32\kemutb.dll
2012-08-28 18:49 . 2006-11-16 18:44 110592 ----a-w- c:\windows\system32\KemWnd.dll
2012-08-28 18:49 . 2006-11-16 18:44 131072 ----a-w- c:\windows\system32\KemUtil.dll
2012-08-28 18:48 . 2012-08-28 18:48 -------- d-----w- c:\programdata\Logitech
2012-08-28 18:48 . 2012-08-28 18:53 -------- d-----w- c:\program files\SetPoint
2012-08-28 18:48 . 2012-08-28 18:49 -------- d-----w- c:\program files\Common Files\Logitech
2012-08-28 18:48 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-08-28 18:48 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-08-28 18:48 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-08-28 18:48 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-08-28 18:48 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-08-28 18:48 . 2012-08-28 18:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-08-28 18:48 . 2012-08-28 18:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-08-20 01:07 . 2012-08-20 01:07 -------- d-----w- c:\users\JT.Jared-PC\AppData\Roaming\AVS4YOU
2012-08-20 01:06 . 2012-03-24 00:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-08-20 01:06 . 2012-08-20 01:07 -------- d-----w- c:\programdata\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\AVS4YOU
2012-08-20 01:06 . 2012-08-20 01:06 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-08-20 01:06 . 2012-03-24 00:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\DVD Shrink
2012-08-19 22:35 . 2012-08-19 22:35 -------- d-----w- c:\program files\Perion
2012-08-19 22:35 . 2012-08-19 22:35 448 ----a-w- C:\user.js
2012-08-19 21:35 . 2012-08-19 21:35 -------- d-----w- c:\users\JT\AppData\Local\Apps
2012-08-15 02:32 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:53 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-08-14 02:43 . 2012-08-14 02:43 -------- d-----w- c:\programdata\PC-Doctor
2012-08-14 02:42 . 2012-08-14 02:42 -------- d-----w- c:\program files\Common Files\supportsoft
2012-08-14 02:41 . 2012-08-14 02:41 315392 ----a-w- c:\windows\HideWin.exe
2012-08-14 02:41 . 2007-07-26 22:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2012-08-13 22:11 . 2012-08-13 22:11 -------- d-----w- c:\program files\Evoluent
2012-08-09 18:13 . 2012-08-09 18:13 -------- d-----w- c:\users\Zach\AppData\Roaming\Ad-Aware Antivirus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 20:49 . 2012-05-13 00:06 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 20:49 . 2010-10-11 22:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 00:46 . 2009-08-18 17:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-31 00:41 . 2012-04-02 12:09 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 00:41 . 2011-12-02 22:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 05:15 . 2012-06-01 17:27 7022536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2012-08-23 05:15 . 2012-03-02 23:38 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-14 02:41 . 2011-12-12 22:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-02 19:51 . 2012-08-02 19:51 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
2012-08-25 02:01 . 2012-08-31 00:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-05-12 23:09 . 2012-05-12 23:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-26 206064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-10-11 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evoluent Mouse Manager.lnk - c:\windows\Installer\{A3A814AD-E978-4B68-A548-AC9C560C1B9D}\_A6095E4D62E53F7667CEA7.exe [2012-8-13 4286]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2012-8-28 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 840 Series]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2012-05-12 23:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-04 20:57 136176 ----atw- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2012-05-18 09:04 434168 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-03 21:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 840(Network)]
2010-01-12 13:01 201216 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGMA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:41]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:14]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001Core.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001UA.job
- c:\users\JT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 21:53]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003Core.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003UA.job
- c:\users\Elly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-20 14:58]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011Core.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011UA.job
- c:\users\JT.Jared-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 20:57]
.
2012-09-06 c:\windows\Tasks\User_Feed_Synchronization-{064C70C4-A09A-458F-8141-F53A9022B020}.job
- c:\windows\system32\msfeedssync.exe [2011-06-09 16:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{D4FEE6C0-F1EF-473F-8111-958608E34C7B}
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.11.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\y88i8nh3.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - prefs.js: browser.startup.homepage - about:home
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-05 22:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3484)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\program files\TP-LINK\QSS\jswpbapi.exe
c:\progra~1\mcafee\SITEAD~1\mcsacore.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Ad-Aware Antivirus\SBAMSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-05 22:32:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 03:32
ComboFix2.txt 2012-09-03 23:06
ComboFix3.txt 2012-09-03 02:19
.
Pre-Run: 309,137,735,680 bytes free
Post-Run: 309,186,871,296 bytes free
.
- - End Of File - - 147056E931E0C034CBBA4B9A59E21C6E

#35 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 06 September 2012 - 12:31 PM

ComboFix noticed that you dropped CFScript on it, but it didn't understand its content.

Let us use another program. Save OTL on the Desktop. http://oldtimer.geekstogo.com/OTL.exe
Close all programs.
Double-click OTL to run it.

Click on Quick Scan and do not use the computer while the program runs.

When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Reply Options" ).

#36 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 07 September 2012 - 03:46 AM

The link seems to be broken. Additionally, McAfee toolbar says it's a bad site. (I dont have mcafee installed, just the toolbar) Here's what happens:

#37 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 07 September 2012 - 03:47 AM

Nevermind, I got it.

Edited by HelpMe12345, 07 September 2012 - 03:47 AM.


#38 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 07 September 2012 - 03:57 AM

Thanks very much for your help, you've been very patient with my computer skills :)
Log:


OTL logfile created on: 9/6/2012 9:47:05 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\JT.Jared-PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.92% Memory free
6.20 Gb Paging File | 4.70 Gb Available in Paging File | 75.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 286.31 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.89% Space Free | Partition Type: NTFS

Computer Name: JTSDESKTOPCOMPU | User Name: JT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 21:46:16 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\JT.Jared-PC\Downloads\OTL (1).exe
PRC - [2012/08/24 21:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/08/02 14:51:42 | 000,206,336 | ---- | M] (Evoluent) -- C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/15 19:07:20 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/05/29 19:52:57 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2012/05/09 11:53:46 | 000,201,112 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/03/19 06:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 06:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2009/09/21 10:48:10 | 000,188,416 | ---- | M] (Wireless) -- C:\Program Files\TP-LINK\QSS\jswpbapi.exe
PRC - [2009/09/14 06:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 06:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/04/11 01:28:04 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 15:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/11/16 13:51:46 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/11 11:32:34 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/24 21:00:41 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/10 03:19:45 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:18:31 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:18:25 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/30 19:41:08 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 21:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/21 10:48:10 | 000,954,368 | ---- | M] (Wireless) [On_Demand | Stopped] -- C:\Program Files\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi)
SRV - [2009/09/21 10:48:10 | 000,188,416 | ---- | M] (Wireless) [Auto | Running] -- C:\Program Files\TP-LINK\QSS\jswpbapi.exe -- (jswpbapi)
SRV - [2009/09/14 06:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 06:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/02 14:51:40 | 000,020,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/12/19 12:44:24 | 000,072,312 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbwtis.sys -- (sbwtis)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/01/05 05:54:52 | 001,387,008 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2009/09/21 10:48:12 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/18 18:21:46 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...1-958608E34C7B}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=09-02-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=1080221
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.huskermax.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BA172A60-E0CE-43BC-94AC-5105F79744E8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=09-02-2012
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{73ccfd25-abe2-4bdf-ac5d-28a470a4d234}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-31 22:27:36&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{BA172A60-E0CE-43BC-94AC-5105F79744E8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "www.bing.com"
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\JT.Jared-PC\AppData\Local\Roblox\Versions\version-eecd9135a67340ab\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JT.Jared-PC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JT.Jared-PC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/28 13:43:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/31 17:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/30 19:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JT\AppData\Roaming\Mozilla\Extensions
[2012/09/03 00:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JT.Jared-PC\AppData\Roaming\mozilla\Firefox\Profiles\h72pgx9o.default\extensions
[2012/08/31 17:42:44 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JT.Jared-PC\AppData\Roaming\mozilla\Firefox\Profiles\h72pgx9o.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/08/31 17:39:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\JT.Jared-PC\AppData\Roaming\mozilla\Firefox\Profiles\h72pgx9o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/09/03 00:53:34 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\JT.Jared-PC\AppData\Roaming\mozilla\Firefox\Profiles\h72pgx9o.default\extensions\DefaultManager@Microsoft
[2012/08/31 17:42:49 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JT.Jared-PC\AppData\Roaming\mozilla\Firefox\Profiles\h72pgx9o.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/08/30 19:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/28 13:43:49 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/08/24 21:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/11 09:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/05/31 22:27:31 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/24 21:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/28 20:42:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/08/24 21:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft\\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\JT.Jared-PC\AppData\Local\Roblox\Versions\version-76ed5b3c6cb0467f\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Gmail = C:\Users\JT.Jared-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/05 22:26:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [EPSON WorkForce 840 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGMA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://nxcache.nexon...b.2010.5.03.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2D91CE7-F628-489E-876F-72B5EEE71D4B}: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00c11bdd-1845-11df-bf4f-001d09895282}\Shell - "" = AutoRun
O33 - MountPoints2\{00c11bdd-1845-11df-bf4f-001d09895282}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e8d5bb2f-dfe7-11dc-ab38-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8d5bb2f-dfe7-11dc-ab38-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 21:37:08 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{8CD0BF75-4C5A-4323-9210-02DA87C3E70D}
[2012/09/05 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\temp
[2012/09/05 22:27:37 | 000,000,000 | ---D | C] -- C:\Microsoft
[2012/09/05 22:26:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/05 22:24:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/05 22:14:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/05 15:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/05 15:37:51 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{D09C5C95-A125-4A58-848D-13F1E9A2E9D2}
[2012/09/03 17:15:29 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{16E9C20E-62C1-4B65-8317-63E77FF7B65A}
[2012/09/03 00:53:20 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{49CC9928-E563-4B94-8138-C0C02F276093}
[2012/09/03 00:53:19 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{FB5AE823-F161-45C0-AF8C-9E1B38EA917B}
[2012/09/02 21:00:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/02 21:00:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/02 21:00:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/02 21:00:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/02 20:59:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/02 12:55:04 | 000,000,000 | ---D | C] -- C:\adawarebp
[2012/09/02 12:52:56 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{90A28330-B062-4466-9A08-80E11060E0EA}
[2012/08/31 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{5B0A22E4-C761-4C0C-8387-139598F9EEF7}
[2012/08/31 18:40:27 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\adawarebp
[2012/08/31 18:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/08/31 18:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/08/31 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/08/30 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\{9E8367D4-1E8B-4000-9749-F5A5D1D42725}
[2012/08/30 19:56:56 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\Tracing
[2012/08/30 19:53:47 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/08/30 19:51:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/08/30 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/08/30 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/08/30 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\Windows Live
[2012/08/30 19:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/08/30 19:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/30 16:39:40 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JT.Jared-PC\Documents\tdsskiller.exe
[2012/08/30 16:17:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JT.Jared-PC\Documents\aswMBR.exe
[2012/08/28 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\Documents\RK_Quarantine
[2012/08/28 15:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/28 14:49:35 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Local\adaware
[2012/08/28 14:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/08/28 14:47:29 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/08/28 14:47:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/08/28 14:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/08/28 14:38:52 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
[2012/08/28 14:09:03 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Roaming\Logitech
[2012/08/28 13:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SetPoint
[2012/08/28 13:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/08/28 13:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\SetPoint
[2012/08/28 13:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/08/27 01:03:48 | 000,000,000 | -H-D | C] -- C:\Users\JT.Jared-PC\Documents\Xbox360
[2012/08/19 20:07:58 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Roaming\AVS4YOU
[2012/08/19 20:06:47 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/08/19 20:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/08/19 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2012/08/19 20:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/08/19 20:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012/08/19 18:41:02 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\Documents\DVDs
[2012/08/19 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2012/08/19 17:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2012/08/19 17:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/08/13 22:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/08/13 22:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/08/13 21:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/13 21:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor
[2012/08/13 21:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/08/13 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\JT.Jared-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2012/08/13 17:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evoluent Mouse Manager
[2012/08/13 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Evoluent
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/06 21:53:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003UA.job
[2012/09/06 21:49:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{064C70C4-A09A-458F-8141-F53A9022B020}.job
[2012/09/06 21:40:35 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 21:40:35 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 21:37:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011UA.job
[2012/09/06 21:36:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 21:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 21:26:59 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001UA.job
[2012/09/06 21:12:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 17:26:59 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1001Core.job
[2012/09/06 15:40:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/05 22:26:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/05 15:40:10 | 000,002,076 | ---- | M] () -- C:\Users\JT.Jared-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/01 01:37:00 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1011Core.job
[2012/08/30 16:39:42 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JT.Jared-PC\Documents\tdsskiller.exe
[2012/08/30 16:39:15 | 000,000,512 | ---- | M] () -- C:\Users\JT.Jared-PC\Documents\MBR.dat
[2012/08/30 16:28:02 | 002,902,528 | ---- | M] () -- C:\Users\JT.Jared-PC\Documents\T-MX5HAUSC.exe
[2012/08/30 16:17:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JT.Jared-PC\Documents\aswMBR.exe
[2012/08/30 16:15:17 | 001,372,672 | ---- | M] () -- C:\Users\JT.Jared-PC\Documents\RogueKiller.exe
[2012/08/30 09:53:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-215613564-3252992321-3342676906-1003Core.job
[2012/08/29 18:16:13 | 000,000,766 | ---- | M] () -- C:\Users\JT.Jared-PC\Documents\CCleaner.lnk
[2012/08/28 13:49:02 | 000,001,451 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk
[2012/08/19 20:54:32 | 000,615,370 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/19 20:54:32 | 000,109,228 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/19 17:35:22 | 000,000,448 | ---- | M] () -- C:\user.js
[2012/08/13 21:54:00 | 000,016,064 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/08/13 17:11:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_EvoMouseDriverMini_01009.Wdf
[2012/08/13 17:11:08 | 000,001,906 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
[2012/08/12 12:30:52 | 000,006,825 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 21:00:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/02 21:00:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/02 21:00:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/02 21:00:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/02 21:00:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/30 19:50:55 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/08/30 19:50:33 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/08/30 19:49:29 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/08/30 19:48:34 | 000,001,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/08/30 19:33:05 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/30 16:39:15 | 000,000,512 | ---- | C] () -- C:\Users\JT.Jared-PC\Documents\MBR.dat
[2012/08/30 16:27:55 | 002,902,528 | ---- | C] () -- C:\Users\JT.Jared-PC\Documents\T-MX5HAUSC.exe
[2012/08/30 16:15:13 | 001,372,672 | ---- | C] () -- C:\Users\JT.Jared-PC\Documents\RogueKiller.exe
[2012/08/29 18:16:13 | 000,000,766 | ---- | C] () -- C:\Users\JT.Jared-PC\Documents\CCleaner.lnk
[2012/08/28 13:49:02 | 000,001,451 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk
[2012/08/19 17:35:21 | 000,000,448 | ---- | C] () -- C:\user.js
[2012/08/13 21:54:00 | 000,016,064 | ---- | C] () -- C:\Windows\System32\results.xml
[2012/08/13 17:11:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_EvoMouseDriverMini_01009.Wdf
[2012/08/13 17:11:08 | 000,001,906 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evoluent Mouse Manager.lnk
[2012/08/02 14:51:40 | 000,020,024 | ---- | C] () -- C:\Windows\System32\drivers\EvoMouseDriverMini.sys
[2012/05/17 16:40:06 | 000,000,000 | ---- | C] () -- C:\Users\JT.Jared-PC\AppData\Roaming\wklnhst.dat
[2012/02/29 07:58:14 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/22 13:22:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/01/21 18:10:58 | 000,000,751 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012/01/21 18:10:58 | 000,000,028 | ---- | C] () -- C:\Windows\Msdevctl.ini
[2011/12/22 17:49:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2011/12/22 17:09:18 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/11/24 19:01:54 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/09/08 10:10:07 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/09/08 10:10:07 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/20 13:03:13 | 000,039,424 | ---- | C] () -- C:\Users\JT.Jared-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 20:20:18 | 000,000,680 | ---- | C] () -- C:\Users\JT.Jared-PC\AppData\Local\d3d9caps.dat
[2011/07/26 22:14:15 | 000,000,079 | ---- | C] () -- C:\Windows\EWF840.ini
[2011/07/12 11:17:47 | 000,001,226 | RHS- | C] () -- C:\Users\JT.Jared-PC\ntuser.pol
[2011/06/16 17:42:24 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~30400248r
[2010/10/11 09:29:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/10 16:14:08 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/10/09 11:15:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/10/09 11:15:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/14 16:46:16 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2010/09/14 16:46:12 | 000,000,715 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/14 16:46:10 | 000,001,101 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== LOP Check ==========

[2012/08/28 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\Ad-Aware Antivirus
[2012/02/23 17:59:50 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\AnvSoft
[2012/02/04 16:28:33 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\Audacity
[2012/05/09 06:46:57 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\Auslogics
[2012/04/27 13:59:35 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\AVG
[2012/05/25 21:35:43 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\COWON
[2011/12/22 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\DVD-Cloner
[2011/08/09 10:23:25 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\Epson
[2012/09/02 14:14:55 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\foobar2000
[2012/03/23 11:48:54 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\GlarySoft
[2012/05/08 18:44:52 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\IObit
[2011/07/28 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\Leader Technologies
[2012/05/16 21:17:09 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\OpenOffice.org
[2012/02/28 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\PDF Tablet
[2012/05/29 19:52:44 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\SanDisk
[2012/02/27 19:40:21 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\Smart PC Cleaner
[2012/06/01 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\StreamTorrent
[2012/03/13 19:50:09 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\SystemRequirementsLab
[2012/05/14 19:30:13 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\TeamViewer
[2012/05/17 16:40:20 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\Template
[2012/04/22 13:23:29 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\TuneUp Software
[2012/01/12 19:18:28 | 000,000,000 | ---D | M] -- C:\Users\JT.Jared-PC\AppData\Roaming\ViGlance
[2012/09/05 22:39:33 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/06 21:49:59 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{064C70C4-A09A-458F-8141-F53A9022B020}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:7C017FB1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:38673444
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F8342E7B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2542A415
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5239FCB7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F68280D1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#39 HelpMe12345

HelpMe12345

    Advanced Member

  • Members
  • PipPipPip
  • 36 posts

Posted 07 September 2012 - 04:00 AM

Oops, forgot to attach extras :rolleyes:

Attached Files



#40 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7233 posts

Posted 07 September 2012 - 02:16 PM

Don't know what happened with the link :(

1.
Upload C:\Users\JT.Jared-PC\AppData\Local\Temp\97AD0711-5F99-4F04-BC38-3ACD11B0D24D.exe to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:

2.
Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.
How? See http://www.bleepingc...opic114351.html

Start the program OTL.
Copy all the lines in the box:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...1-958608E34C7B}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O33 - MountPoints2\{00c11bdd-1845-11df-bf4f-001d09895282}\Shell - "" = AutoRun
O33 - MountPoints2\{00c11bdd-1845-11df-bf4f-001d09895282}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e8d5bb2f-dfe7-11dc-ab38-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8d5bb2f-dfe7-11dc-ab38-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
[2011/06/16 17:42:24 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~30400248r
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:7C017FB1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:38673444
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F8342E7B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2542A415
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5239FCB7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F68280D1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Reg
:Files
ipconfig /flushdns /c
:Commands
[CREATERESTOREPOINT]
[REBOOT]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

3.
Run OTL as you did the first time and paste OTL.txt (Extras.txt will not be created).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users