Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Trojan


  • This topic is locked This topic is locked
33 replies to this topic

#1 elbarney

elbarney

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 08 September 2012 - 07:17 PM

I am running Windows 7. A couple of days ago i started getting redirected in Google (to advertising sites) I've tried running Search & Destroy, AVG Anti Rootkit, and Malware Bytes. They each say all is well.

Based on another post from a few days ago on a similar issue, I downloaded and ran Security Check - however, given your warnings i'm not sure i should proceed as you instructed the other poster. The result of the check are below. FYI: my C drive is SSD. I disabled Adaware due to some conflicts, and I have updated my Java - but will try again.

What do you suggest i do next? Thank you for your attention!


Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware
Spybot - Search & Destroy
Sophos Anti-Rootkit 1.5.4
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 22
Java™ 6 Update 31
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



DDS LOG:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Evelyn at 21:14:16 on 2012-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4817 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVDA\nvda_service.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\tblmouse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe
C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Music Alarm Clock\mac.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunesHelper.exe
C:\Program Files (x86)\ThinkBuzan\iMindMap 5\iMindMap 5.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NoteTab Pro 6\NotePro.exe
C:\Windows\system32\atwtusb.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\BTGUARD\uTorrent.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
D:\SomeDownloads\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Homepage Print 2BHO: {efc91aca-519f-428d-8472-81e158609d25} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Ultra Recall: {c501607c-4a98-4f5e-b9af-425e6bbd5186} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
TB: Homepage Print 2: {c4fb9eec-5b29-486b-acd1-d93a4396e567} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe
uRun: [MusicManager] "C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Music Alarm Clock] C:\PROGRA~2\MUSICA~1\mac.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "J:\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Evelyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMINDM~1.LNK - C:\Users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe
StartupFolder: C:\Users\Evelyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send To &Ultra Recall (copy) - C:\Program Files (x86)\UltraRecall\Integration\StoreFromIE.html
IE: Send To Ultra &Recall (link) - C:\Program Files (x86)\UltraRecall\Integration\LinkFromIE.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - {7FAD4718-729A-4fea-AA4B-EC340A7C0841} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - J:\WinHTTrack\WinHTTrackIEBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - {60D7C798-8979-4560-AF4C-2FADE1075EF7} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8FE6B52D-B9D5-49B9-B139-722FF7DEDE99} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - No File
BHO-X64: TBSB01620 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO-X64: WinZip Courier BHO - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Homepage Print 2BHO: {EFC91ACA-519F-428D-8472-81E158609D25} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Ultra Recall: {C501607C-4A98-4f5e-B9AF-425E6BBD5186} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
TB-X64: Homepage Print 2: {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Music Alarm Clock] C:\PROGRA~2\MUSICA~1\mac.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [QuickTime Task] "J:\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: keyword.enabled - 1
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 2221c4bf0000000000001c659d51961c
FF - user.js: extensions.BabylonToolbar_i.hardId - 2221c4bf0000000000001c659d51961c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15393
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:22:28
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - 3322c47a-0c6a-4825-98bc-a6b9d1a7b9a2
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2012-9-3 31808]
R2 nvda;nvda;C:\Program Files (x86)\NVDA\nvda_service.exe [2011-8-5 37616]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-7-19 245760]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S1 aiptektp;Pen Pad;C:\Windows\system32\DRIVERS\aiptektp.sys --> C:\Windows\system32\DRIVERS\aiptektp.sys [?]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; [x]
S2 ASTSRV;Nalpeiron Licensing Service; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-14 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250568]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\753B.tmp --> C:\Windows\system32\753B.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-08 14:24:17 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6E69C21-BA80-4825-A47E-AF672FC22035}\mpengine.dll
2012-09-08 05:13:24 9310152 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 19:21:41 -------- d-----w- C:\Users\Evelyn\AppData\Roaming\AVG
2012-09-06 19:21:18 -------- d-----w- C:\ProgramData\AVG
2012-09-06 19:10:41 -------- d-----w- C:\Users\Evelyn\AppData\Local\AVG Secure Search
2012-09-06 19:10:38 -------- d-----w- C:\Users\Evelyn\AppData\Roaming\TuneUp Software
2012-09-06 19:10:37 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-09-06 19:10:31 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-06 19:10:30 -------- dc----w- C:\Program Files (x86)\AVG Secure Search
2012-09-06 19:09:55 -------- d--h--w- C:\$AVG
2012-09-06 19:09:55 -------- d-----w- C:\ProgramData\AVG2013
2012-09-06 19:09:34 -------- dc----w- C:\Program Files (x86)\AVG
2012-09-06 19:06:35 -------- d--h--w- C:\ProgramData\Common Files
2012-09-06 19:06:35 -------- d-----w- C:\Users\Evelyn\AppData\Local\MFAData
2012-09-06 19:06:35 -------- d-----w- C:\Users\Evelyn\AppData\Local\Avg2013
2012-09-06 19:06:35 -------- d-----w- C:\ProgramData\MFAData
2012-09-06 18:18:36 -------- d-----w- C:\$RECYCLE.BIN
2012-09-06 18:12:18 98816 ----a-w- C:\Windows\sed.exe
2012-09-06 18:12:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-06 18:12:18 256000 ----a-w- C:\Windows\PEV.exe
2012-09-06 18:12:18 208896 ----a-w- C:\Windows\MBR.exe
2012-09-06 18:12:16 -------- d-----w- C:\ComboFix
2012-09-03 22:07:04 -------- dc----w- C:\Program Files (x86)\Coupons
2012-08-31 22:53:26 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 17:54:34 -------- dc----w- C:\Program Files (x86)\Xenocode
2012-08-28 17:51:25 -------- d-----w- C:\Users\Evelyn\AppData\Local\{7A558ABB-8EE8-4AEE-B328-4706EE42C1EF}
2012-08-27 21:33:23 -------- d-----w- C:\Users\Evelyn\AppData\Roaming\RealNetworks
2012-08-26 14:58:40 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-08-26 14:58:38 -------- d-----w- C:\Users\Evelyn\AppData\Roaming\DAEMON Tools Lite
2012-08-26 14:57:19 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-08-22 01:38:02 -------- d-----w- C:\Users\Evelyn\AppData\Local\Programs
2012-08-19 06:12:13 -------- d-----w- C:\Users\Evelyn\AppData\Local\{18952B65-7CBF-48B8-AD66-8F911DCDFE5F}
2012-08-15 19:16:10 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 19:15:29 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 19:15:28 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 19:15:24 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 19:15:24 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 19:15:24 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 19:15:24 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 19:13:30 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 19:13:30 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 19:13:30 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 19:12:28 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-14 01:17:52 -------- d-----w- C:\Users\Evelyn\AppData\Roaming\jAlbum
2012-08-10 17:09:36 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-08-10 17:07:48 -------- d-----w- C:\Users\Evelyn\2EB282561D6649F1AF66691BF9A27C79.TMP
2012-08-10 16:54:03 -------- d-----w- C:\Users\Evelyn\C0E8FE43C35B451DB35FD4BD056D70E7.TMP
.
==================== Find3M ====================
.
2012-09-06 00:46:52 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-06 00:46:52 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-27 13:18:56 13379712 ----a-w- C:\Windows\SysWow64\csevalidator.dll
2012-07-25 01:17:48 0 --sh--r- C:\Windows\FFSSET.BIN
2012-07-06 17:34:47 27917930 ----a-w- C:\ProgramData\Y9Z6nCqJ.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-01 18:20:09 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-01 18:20:09 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-20 16:54:52 71104 ----a-w- C:\Windows\CouponPrinter.ocx
2012-06-07 23:33:24 293776 -c--a-w- C:\Program Files\iTunesOutlookAddIn.dll
2012-06-07 23:33:22 421776 -c--a-w- C:\Program Files\iTunesHelper.exe
2012-06-07 23:33:22 156560 -c--a-w- C:\Program Files\iTunesHelper.dll
2012-06-07 23:33:20 403344 -c--a-w- C:\Program Files\iTunesAdmin.dll
2012-06-07 23:33:12 9777040 -c--a-w- C:\Program Files\iTunes.exe
2012-06-07 23:33:08 21139344 -c--a-w- C:\Program Files\iTunes.dll
2012-06-07 23:33:04 776216 -c--a-w- C:\Program Files\gnsdk_sdkmanager.dll
2012-06-07 23:33:04 3008536 -c--a-w- C:\Program Files\gnsdk_dsp.dll
2012-06-07 23:33:04 262680 -c--a-w- C:\Program Files\gnsdk_submit.dll
2012-06-07 23:33:04 219672 -c--a-w- C:\Program Files\gnsdk_musicid.dll
2012-04-05 21:28:12 112488 -c--a-w- C:\Program Files\ITDetector.ocx
.
============= FINISH: 21:14:47.79 ===============


Edited by elbarney, 08 September 2012 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 09 September 2012 - 12:09 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 September 2012 - 03:46 PM

Okay, I'm a bit confused about the one at a time thing, do I post this and do the next, or . . . This is the check AFTER I killed MSE, guess i'll try going on and see how it goes.

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Sophos Anti-Rootkit 1.5.4
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 22
Java™ 6 Update 31
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


PS: In case you missed it last time, my OS drive is SSD.

Edited by elbarney, 09 September 2012 - 03:47 PM.


#4 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 September 2012 - 04:23 PM

Here is the Combofix log. Still have Google re-direct issues. I did have to reboot after the log appeared (combox rebooted before showing log) - I did get the illegal operation . . . key . . .marked for deletion" message.

ComboFix 12-09-09.02 - Evelyn 09/09/2012 17:08:42.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5859 [GMT -4:00]
Running from: d:\somedownloads\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 21:13 . 2012-09-09 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 17:45 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{963AD950-D420-4CB8-AF18-77CB1FC85F30}\mpengine.dll
2012-09-09 16:06 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 19:21 . 2012-09-06 19:21 -------- d-----w- c:\users\Evelyn\AppData\Roaming\AVG
2012-09-06 19:21 . 2012-09-06 19:22 -------- d-----w- c:\programdata\AVG
2012-09-06 19:10 . 2012-09-06 19:10 -------- d-----w- c:\users\Evelyn\AppData\Local\AVG Secure Search
2012-09-06 19:10 . 2012-09-06 19:10 -------- d-----w- c:\users\Evelyn\AppData\Roaming\TuneUp Software
2012-09-06 19:10 . 2012-09-06 19:10 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-06 19:10 . 2012-09-07 05:39 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-06 19:10 . 2012-09-07 05:39 -------- dc----w- c:\program files (x86)\AVG Secure Search
2012-09-06 19:09 . 2012-09-06 19:09 -------- d-----w- C:\$AVG
2012-09-06 19:09 . 2012-09-06 19:21 -------- dc----w- c:\program files (x86)\AVG
2012-09-06 19:06 . 2012-09-07 05:38 -------- d-----w- c:\programdata\MFAData
2012-09-06 19:06 . 2012-09-06 19:23 -------- d-----w- c:\users\Evelyn\AppData\Local\Avg2013
2012-09-06 19:06 . 2012-09-06 19:06 -------- d--h--w- c:\programdata\Common Files
2012-09-06 19:06 . 2012-09-06 19:06 -------- d-----w- c:\users\Evelyn\AppData\Local\MFAData
2012-09-03 22:07 . 2012-09-03 22:07 -------- dc----w- c:\program files (x86)\Coupons
2012-08-31 22:53 . 2012-08-31 22:53 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 17:54 . 2012-08-28 17:54 -------- dc----w- c:\program files (x86)\Xenocode
2012-08-27 21:33 . 2012-08-27 21:33 -------- d-----w- c:\users\Evelyn\AppData\Roaming\RealNetworks
2012-08-26 14:58 . 2012-08-26 14:59 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-26 14:58 . 2012-09-07 05:36 -------- d-----w- c:\users\Evelyn\AppData\Roaming\DAEMON Tools Lite
2012-08-26 14:57 . 2012-08-26 15:02 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-08-22 01:38 . 2012-09-07 05:36 -------- d-----w- c:\users\Evelyn\AppData\Local\Programs
2012-08-16 01:16 . 2012-06-29 03:40 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-15 19:16 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 19:15 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 19:15 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 19:15 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 19:15 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 19:15 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 19:15 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 19:13 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 19:13 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 19:13 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 19:13 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 19:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 01:17 . 2012-08-14 01:19 -------- d-----w- c:\users\Evelyn\AppData\Roaming\jAlbum
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 00:46 . 2012-04-07 02:24 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-06 00:46 . 2011-10-26 01:03 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 13:18 . 2012-02-24 16:33 13379712 ----a-w- c:\windows\SysWow64\csevalidator.dll
2012-08-16 01:13 . 2011-05-15 07:15 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 17:34 . 2012-07-06 17:34 27917930 ----a-w- c:\programdata\Y9Z6nCqJ.exe
2012-07-03 17:46 . 2011-12-20 02:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 18:20 . 2012-07-01 18:20 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-01 18:20 . 2012-07-01 18:20 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-20 16:54 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-07 23:33 . 2012-06-07 23:33 293776 -c--a-w- c:\program files\iTunesOutlookAddIn.dll
2012-06-07 23:33 . 2012-06-07 23:33 421776 -c--a-w- c:\program files\iTunesHelper.exe
2012-06-07 23:33 . 2012-06-07 23:33 156560 -c--a-w- c:\program files\iTunesHelper.dll
2012-06-07 23:33 . 2012-06-07 23:33 403344 -c--a-w- c:\program files\iTunesAdmin.dll
2012-06-07 23:33 . 2012-06-07 23:33 9777040 -c--a-w- c:\program files\iTunes.exe
2012-06-07 23:33 . 2012-06-07 23:33 21139344 -c--a-w- c:\program files\iTunes.dll
2012-06-07 23:33 . 2012-06-07 23:33 776216 -c--a-w- c:\program files\gnsdk_sdkmanager.dll
2012-06-07 23:33 . 2012-06-07 23:33 3008536 -c--a-w- c:\program files\gnsdk_dsp.dll
2012-06-07 23:33 . 2012-06-07 23:33 262680 -c--a-w- c:\program files\gnsdk_submit.dll
2012-06-07 23:33 . 2012-06-07 23:33 219672 -c--a-w- c:\program files\gnsdk_musicid.dll
2012-04-05 21:28 . 2012-04-05 21:28 112488 -c--a-w- c:\program files\ITDetector.ocx
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-06_18.18.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-14 22:40 . 2012-09-07 10:39 80822 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-07 10:39 91052 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-14 22:35 . 2012-09-07 10:39 13528 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3216082692-2938019425-415009823-1001_UserData.bin
+ 2012-09-07 05:44 . 2012-09-07 01:27 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-07-14 05:30 . 2012-08-26 14:59 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-07 22:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-15 01:28 . 2012-09-09 20:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-15 01:28 . 2012-09-06 17:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-15 01:28 . 2012-09-09 20:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-15 01:28 . 2012-09-06 17:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-06 17:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-09 20:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-06 19:11 . 2012-08-31 23:01 85008 c:\windows\system32\config\systemprofile\AppData\Local\Avg2013\update\backup\sc.dat
+ 2012-09-09 21:13 . 2012-09-09 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-06 18:18 . 2012-09-06 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-18 19:13 . 2012-09-09 15:34 645218 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:30 . 2012-09-07 22:51 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-26 14:59 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:38 . 2012-09-07 05:40 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2011-05-16 21:17 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:12 . 2012-09-07 10:40 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-09-06 17:11 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-09-06 19:11 . 2012-08-31 23:00 177496 c:\windows\system32\config\systemprofile\AppData\Local\Avg2013\update\backup\sb.dat
- 2009-07-14 05:01 . 2012-09-06 18:17 584268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-09 21:13 584268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-14 23:10 . 2012-09-06 18:17 4310172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3216082692-2938019425-415009823-1001-8192.dat
+ 2011-05-14 23:10 . 2012-09-09 21:13 4310172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3216082692-2938019425-415009823-1001-8192.dat
+ 2011-05-15 04:20 . 2012-09-09 21:13 1057156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3216082692-2938019425-415009823-1001-12288.dat
- 2011-05-15 04:20 . 2012-09-06 15:49 1057156 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3216082692-2938019425-415009823-1001-12288.dat
+ 2012-07-01 18:17 . 2012-09-07 05:41 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2012-07-01 18:17 . 2012-08-16 01:18 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EFC91ACA-519F-428D-8472-81E158609D25}]
2010-12-15 05:00 420184 -c--a-w- c:\progra~2\HOMEPA~1\IEBand.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C4FB9EEC-5B29-486B-ACD1-D93A4396E567}"= "c:\progra~2\HOMEPA~1\IEBand.dll" [2010-12-15 420184]
.
[HKEY_CLASSES_ROOT\clsid\{c4fb9eec-5b29-486b-acd1-d93a4396e567}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBSyncing]
@="{4d87b7a7-23f1-470c-aa45-96b25b9bd138}"
[HKEY_CLASSES_ROOT\CLSID\{4d87b7a7-23f1-470c-aa45-96b25b9bd138}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}"="c:\program files (x86)\Homepage Print 2\DeskCapture.exe" [2010-12-15 934744]
"MusicManager"="c:\users\Evelyn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-16 7316480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Music Alarm Clock"="c:\progra~2\MUSICA~1\mac.exe" [2009-03-02 971264]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-18 296056]
"iTunesHelper"="c:\program files\iTunesHelper.exe" [2012-06-07 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"QuickTime Task"="j:\quicktime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iMindMap Preloader.lnk - c:\users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe [2012-8-9 31232]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - j:\google calendar sync\GoogleCalendarSync.exe [2011-4-8 542264]
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2012-9-3 1732672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aiptektp;Pen Pad;c:\windows\system32\DRIVERS\aiptektp.sys [2007-07-26 29696]
R1 SBRE;SBRE; [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; [x]
R2 ASTSRV;Nalpeiron Licensing Service; [x]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe [2012-09-03 31808]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 250568]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\753B.tmp [2010-05-26 6144]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-15 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-26 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-26 237056]
S2 nvda;nvda;c:\program files (x86)\NVDA\nvda_service.exe [2011-08-05 37616]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944]
S2 WTService;WTService;c:\windows\System32\atwtusb.exe [2009-07-30 662248]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-26 11172864]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-26 339456]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 00:46]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3216082692-2938019425-415009823-1001Core.job
- c:\users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-12 02:02]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3216082692-2938019425-415009823-1001UA.job
- c:\users\Evelyn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-12 02:02]
.
2012-09-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-06 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBSyncing]
@="{4d87b7a7-23f1-470c-aa45-96b25b9bd138}"
[HKEY_CLASSES_ROOT\CLSID\{4d87b7a7-23f1-470c-aa45-96b25b9bd138}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TblMouse"="c:\windows\SysWOW64\TblMouse.exe" [2007-10-09 65184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-05-31 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send To &Ultra Recall (copy) - c:\program files (x86)\UltraRecall\Integration\StoreFromIE.html
IE: Send To Ultra &Recall (link) - c:\program files (x86)\UltraRecall\Integration\LinkFromIE.html
IE: {{24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - {7FAD4718-729A-4fea-AA4B-EC340A7C0841} - c:\program files (x86)\UltraRecall\Integration\IEToolbar.dll
IE: {{FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - {60D7C798-8979-4560-AF4C-2FADE1075EF7} - c:\program files (x86)\UltraRecall\Integration\IEToolbar.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8FE6B52D-B9D5-49B9-B139-722FF7DEDE99}: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: keyword.enabled - 1
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 2221c4bf0000000000001c659d51961c
FF - user.js: extensions.BabylonToolbar_i.hardId - 2221c4bf0000000000001c659d51961c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15393
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - 3322c47a-0c6a-4825-98bc-a6b9d1a7b9a2
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - (no file)
Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\753B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
.
**************************************************************************
.
Completion time: 2012-09-09 17:15:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 21:15
ComboFix2.txt 2012-09-06 18:20
.
Pre-Run: 6,899,630,080 bytes free
Post-Run: 6,795,063,296 bytes free
.
- - End Of File - - 42F223908F5A6FF079D729DB7DFC073C



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 09 September 2012 - 05:28 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 September 2012 - 05:59 PM

Okay, did that. BTW, did /i tell you i have been unable to update Java since this began? Not even manually. It tells me there is a corrupt .dll and then just gives up. TDSS says all is well, but still have the problem.

TDSS part 1: (forum says post is too long)


18:40:55.0988 3812 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:40:56.0284 3812 ============================================================
18:40:56.0284 3812 Current date / time: 2012/09/09 18:40:56.0284
18:40:56.0284 3812 SystemInfo:
18:40:56.0284 3812
18:40:56.0284 3812 OS Version: 6.1.7601 ServicePack: 1.0
18:40:56.0284 3812 Product type: Workstation
18:40:56.0284 3812 ComputerName: ELBARNEY
18:40:56.0284 3812 UserName: Evelyn
18:40:56.0284 3812 Windows directory: C:\Windows
18:40:56.0284 3812 System windows directory: C:\Windows
18:40:56.0284 3812 Running under WOW64
18:40:56.0284 3812 Processor architecture: Intel x64
18:40:56.0284 3812 Number of processors: 6
18:40:56.0284 3812 Page size: 0x1000
18:40:56.0284 3812 Boot type: Normal boot
18:40:56.0284 3812 ============================================================
18:40:56.0674 3812 BG loaded
18:40:56.0908 3812 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:40:56.0924 3812 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:40:56.0955 3812 ============================================================
18:40:56.0955 3812 \Device\Harddisk0\DR0:
18:40:56.0955 3812 MBR partitions:
18:40:56.0955 3812 \Device\Harddisk1\DR1:
18:40:56.0955 3812 MBR partitions:
18:40:56.0955 3812 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E3B4
18:40:56.0955 3812 ============================================================
18:40:56.0970 3812 C: <-> \Device\Harddisk1\DR1\Partition1
18:40:56.0970 3812 ============================================================
18:40:56.0970 3812 Initialize success
18:40:56.0970 3812 ============================================================
18:41:00.0637 4480 ============================================================
18:41:00.0637 4480 Scan started
18:41:00.0637 4480 Mode: Manual;
18:41:00.0637 4480 ============================================================
18:41:00.0967 4480 ================ Scan system memory ========================
18:41:00.0967 4480 System memory - ok
18:41:00.0967 4480 ================ Scan services =============================
18:41:01.0097 4480 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:41:01.0097 4480 1394ohci - ok
18:41:01.0107 4480 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:41:01.0107 4480 ACPI - ok
18:41:01.0117 4480 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:41:01.0117 4480 AcpiPmi - ok
18:41:01.0117 4480 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
18:41:01.0117 4480 adfs - ok
18:41:01.0137 4480 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:41:01.0137 4480 AdobeARMservice - ok
18:41:01.0227 4480 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:41:01.0237 4480 AdobeFlashPlayerUpdateSvc - ok
18:41:01.0247 4480 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:41:01.0247 4480 adp94xx - ok
18:41:01.0257 4480 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:41:01.0267 4480 adpahci - ok
18:41:01.0267 4480 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:41:01.0277 4480 adpu320 - ok
18:41:01.0287 4480 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:41:01.0287 4480 AeLookupSvc - ok
18:41:01.0297 4480 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:41:01.0297 4480 AFD - ok
18:41:01.0307 4480 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:41:01.0307 4480 agp440 - ok
18:41:01.0307 4480 [ C74E17A274E4DF797D743B500582906A ] aiptektp C:\Windows\system32\DRIVERS\aiptektp.sys
18:41:01.0307 4480 aiptektp - ok
18:41:01.0317 4480 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:41:01.0317 4480 ALG - ok
18:41:01.0317 4480 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:41:01.0317 4480 aliide - ok
18:41:01.0327 4480 [ C9A5A02CB76B35A78404F6D4101163F9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:41:01.0327 4480 AMD External Events Utility - ok
18:41:01.0337 4480 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:41:01.0337 4480 amdide - ok
18:41:01.0347 4480 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:41:01.0347 4480 AmdK8 - ok
18:41:01.0517 4480 [ 5F62E6CFD4FEA8D19110BDEB423BF510 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:41:01.0567 4480 amdkmdag - ok
18:41:01.0587 4480 [ D93655EC3CA48FCBFFD9D4E6DF63737F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:41:01.0587 4480 amdkmdap - ok
18:41:01.0587 4480 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:41:01.0587 4480 AmdPPM - ok
18:41:01.0597 4480 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
18:41:01.0597 4480 amdsata - ok
18:41:01.0607 4480 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:41:01.0607 4480 amdsbs - ok
18:41:01.0607 4480 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
18:41:01.0617 4480 amdxata - ok
18:41:01.0617 4480 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:41:01.0617 4480 AppID - ok
18:41:01.0627 4480 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:41:01.0627 4480 AppIDSvc - ok
18:41:01.0627 4480 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:41:01.0627 4480 Appinfo - ok
18:41:01.0647 4480 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:01.0647 4480 Apple Mobile Device - ok
18:41:01.0657 4480 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:41:01.0657 4480 arc - ok
18:41:01.0657 4480 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:41:01.0667 4480 arcsas - ok
18:41:01.0697 4480 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:41:01.0707 4480 aspnet_state - ok
18:41:01.0717 4480 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:01.0717 4480 AsyncMac - ok
18:41:01.0727 4480 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:41:01.0727 4480 atapi - ok
18:41:01.0747 4480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:41:01.0747 4480 AudioEndpointBuilder - ok
18:41:01.0757 4480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:41:01.0767 4480 AudioSrv - ok
18:41:01.0767 4480 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:41:01.0767 4480 AxInstSV - ok
18:41:01.0777 4480 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:41:01.0787 4480 b06bdrv - ok
18:41:01.0797 4480 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:41:01.0797 4480 b57nd60a - ok
18:41:01.0807 4480 [ 13D045D3317D5CC579FBB14BF2AD662C ] BackupStack C:\Program Files (x86)\MyPC Backup\BackupStack.exe
18:41:01.0807 4480 BackupStack - ok
18:41:01.0817 4480 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:41:01.0817 4480 BDESVC - ok
18:41:01.0817 4480 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:41:01.0817 4480 Beep - ok
18:41:01.0837 4480 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:41:01.0837 4480 BFE - ok
18:41:01.0857 4480 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:41:01.0867 4480 BITS - ok
18:41:01.0877 4480 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:41:01.0877 4480 blbdrive - ok
18:41:01.0897 4480 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:41:01.0897 4480 Bonjour Service - ok
18:41:01.0907 4480 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:41:01.0907 4480 bowser - ok
18:41:01.0907 4480 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:41:01.0907 4480 BrFiltLo - ok
18:41:01.0917 4480 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:41:01.0917 4480 BrFiltUp - ok
18:41:01.0927 4480 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:41:01.0927 4480 BridgeMP - ok
18:41:01.0937 4480 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:41:01.0937 4480 Browser - ok
18:41:01.0947 4480 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:41:01.0947 4480 Brserid - ok
18:41:01.0957 4480 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:41:01.0957 4480 BrSerWdm - ok
18:41:01.0957 4480 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:41:01.0957 4480 BrUsbMdm - ok
18:41:01.0967 4480 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:41:01.0967 4480 BrUsbSer - ok
18:41:01.0977 4480 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
18:41:01.0977 4480 BrYNSvc - ok
18:41:01.0977 4480 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:41:01.0987 4480 BTHMODEM - ok
18:41:01.0987 4480 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:41:01.0987 4480 bthserv - ok
18:41:01.0997 4480 catchme - ok
18:41:02.0007 4480 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:41:02.0007 4480 cdfs - ok
18:41:02.0017 4480 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:41:02.0017 4480 cdrom - ok
18:41:02.0017 4480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:41:02.0017 4480 CertPropSvc - ok
18:41:02.0027 4480 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:41:02.0027 4480 circlass - ok
18:41:02.0037 4480 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:41:02.0037 4480 CLFS - ok
18:41:02.0057 4480 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:02.0057 4480 clr_optimization_v2.0.50727_32 - ok
18:41:02.0077 4480 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:41:02.0077 4480 clr_optimization_v2.0.50727_64 - ok
18:41:02.0107 4480 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:41:02.0147 4480 clr_optimization_v4.0.30319_32 - ok
18:41:02.0157 4480 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:41:02.0167 4480 clr_optimization_v4.0.30319_64 - ok
18:41:02.0167 4480 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:41:02.0167 4480 CmBatt - ok
18:41:02.0177 4480 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:41:02.0177 4480 cmdide - ok
18:41:02.0187 4480 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:41:02.0197 4480 CNG - ok
18:41:02.0197 4480 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:41:02.0197 4480 Compbatt - ok
18:41:02.0207 4480 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:41:02.0207 4480 CompositeBus - ok
18:41:02.0207 4480 COMSysApp - ok
18:41:02.0217 4480 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:41:02.0217 4480 crcdisk - ok
18:41:02.0227 4480 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:41:02.0227 4480 CryptSvc - ok
18:41:02.0237 4480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:41:02.0247 4480 DcomLaunch - ok
18:41:02.0247 4480 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:41:02.0257 4480 defragsvc - ok
18:41:02.0257 4480 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:41:02.0267 4480 DfsC - ok
18:41:02.0267 4480 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:41:02.0277 4480 Dhcp - ok
18:41:02.0277 4480 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:41:02.0277 4480 discache - ok
18:41:02.0287 4480 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:41:02.0287 4480 Disk - ok
18:41:02.0297 4480 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:41:02.0297 4480 Dnscache - ok
18:41:02.0297 4480 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:41:02.0307 4480 dot3svc - ok
18:41:02.0307 4480 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:41:02.0307 4480 DPS - ok
18:41:02.0317 4480 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:41:02.0317 4480 drmkaud - ok
18:41:02.0327 4480 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:41:02.0327 4480 dtsoftbus01 - ok
18:41:02.0347 4480 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:41:02.0357 4480 DXGKrnl - ok
18:41:02.0377 4480 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:41:02.0377 4480 EapHost - ok
18:41:02.0427 4480 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:41:02.0458 4480 ebdrv - ok
18:41:02.0458 4480 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:41:02.0458 4480 EFS - ok
18:41:02.0474 4480 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:41:02.0474 4480 ehRecvr - ok
18:41:02.0489 4480 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:41:02.0489 4480 ehSched - ok
18:41:02.0489 4480 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
18:41:02.0489 4480 ElbyCDIO - ok
18:41:02.0505 4480 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:41:02.0505 4480 elxstor - ok
18:41:02.0505 4480 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:41:02.0505 4480 ErrDev - ok
18:41:02.0520 4480 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:41:02.0520 4480 EventSystem - ok
18:41:02.0536 4480 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:41:02.0536 4480 exfat - ok
18:41:02.0536 4480 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:41:02.0552 4480 fastfat - ok
18:41:02.0552 4480 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:41:02.0567 4480 Fax - ok
18:41:02.0567 4480 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:41:02.0567 4480 fdc - ok
18:41:02.0583 4480 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:41:02.0583 4480 fdPHost - ok
18:41:02.0583 4480 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:41:02.0583 4480 FDResPub - ok
18:41:02.0583 4480 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:41:02.0583 4480 FileInfo - ok
18:41:02.0598 4480 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:41:02.0598 4480 Filetrace - ok
18:41:02.0598 4480 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:41:02.0598 4480 flpydisk - ok
18:41:02.0598 4480 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:41:02.0614 4480 FltMgr - ok
18:41:02.0630 4480 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:41:02.0630 4480 FontCache - ok
18:41:02.0645 4480 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:41:02.0645 4480 FontCache3.0.0.0 - ok
18:41:02.0645 4480 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:41:02.0645 4480 FsDepends - ok
18:41:02.0645 4480 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:41:02.0645 4480 fssfltr - ok
18:41:02.0676 4480 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:41:02.0692 4480 fsssvc - ok
18:41:02.0692 4480 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:41:02.0692 4480 Fs_Rec - ok
18:41:02.0708 4480 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:41:02.0708 4480 fvevol - ok
18:41:02.0708 4480 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:41:02.0708 4480 gagp30kx - ok
18:41:02.0723 4480 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:41:02.0723 4480 GEARAspiWDM - ok
18:41:02.0739 4480 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:41:02.0739 4480 gpsvc - ok
18:41:02.0739 4480 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:41:02.0739 4480 hcw85cir - ok
18:41:02.0754 4480 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:41:02.0754 4480 HdAudAddService - ok
18:41:02.0754 4480 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:41:02.0754 4480 HDAudBus - ok
18:41:02.0770 4480 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:41:02.0770 4480 HidBatt - ok
18:41:02.0770 4480 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:41:02.0770 4480 HidBth - ok
18:41:02.0786 4480 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:41:02.0786 4480 HidIr - ok
18:41:02.0786 4480 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:41:02.0786 4480 hidserv - ok
18:41:02.0786 4480 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:41:02.0786 4480 HidUsb - ok
18:41:02.0786 4480 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:41:02.0801 4480 hkmsvc - ok
18:41:02.0801 4480 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:41:02.0801 4480 HomeGroupListener - ok
18:41:02.0817 4480 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:41:02.0817 4480 HomeGroupProvider - ok
18:41:02.0817 4480 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:41:02.0817 4480 HpSAMD - ok
18:41:02.0832 4480 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:41:02.0832 4480 HTTP - ok
18:41:02.0848 4480 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:41:02.0848 4480 hwpolicy - ok
18:41:02.0848 4480 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:41:02.0848 4480 i8042prt - ok
18:41:02.0864 4480 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:41:02.0864 4480 iaStorV - ok
18:41:02.0879 4480 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:41:02.0879 4480 IDriverT - ok
18:41:02.0910 4480 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:41:02.0910 4480 idsvc - ok
18:41:02.0926 4480 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:41:02.0926 4480 iirsp - ok
18:41:02.0942 4480 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:41:02.0942 4480 IKEEXT - ok
18:41:03.0004 4480 [ 88798B4381FD58FAE2DA07880C177C5C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:41:03.0020 4480 IntcAzAudAddService - ok
18:41:03.0020 4480 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:41:03.0020 4480 intelide - ok
18:41:03.0020 4480 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:41:03.0035 4480 intelppm - ok
18:41:03.0035 4480 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:41:03.0035 4480 IPBusEnum - ok
18:41:03.0035 4480 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:03.0051 4480 IpFilterDriver - ok
18:41:03.0051 4480 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:41:03.0066 4480 iphlpsvc - ok
18:41:03.0066 4480 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:41:03.0066 4480 IPMIDRV - ok
18:41:03.0066 4480 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:41:03.0082 4480 IPNAT - ok
18:41:03.0098 4480 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:41:03.0098 4480 iPod Service - ok
18:41:03.0113 4480 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:41:03.0113 4480 IRENUM - ok
18:41:03.0113 4480 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:41:03.0113 4480 isapnp - ok
18:41:03.0129 4480 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:41:03.0144 4480 iScsiPrt - ok
18:41:03.0144 4480 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:03.0144 4480 kbdclass - ok
18:41:03.0144 4480 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:41:03.0160 4480 kbdhid - ok
18:41:03.0160 4480 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:41:03.0160 4480 KeyIso - ok
18:41:03.0160 4480 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:41:03.0176 4480 KSecDD - ok
18:41:03.0176 4480 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:41:03.0191 4480 KSecPkg - ok
18:41:03.0191 4480 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:41:03.0207 4480 ksthunk - ok
18:41:03.0222 4480 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:41:03.0550 4480 KtmRm - ok
18:41:03.0566 4480 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:41:03.0581 4480 LanmanServer - ok
18:41:03.0597 4480 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:41:03.0597 4480 LanmanWorkstation - ok
18:41:03.0612 4480 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:41:03.0612 4480 lltdio - ok
18:41:03.0644 4480 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:41:03.0659 4480 lltdsvc - ok
18:41:03.0659 4480 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:41:03.0659 4480 lmhosts - ok
18:41:03.0675 4480 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:41:03.0675 4480 LSI_FC - ok
18:41:03.0675 4480 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:41:03.0690 4480 LSI_SAS - ok
18:41:03.0690 4480 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:41:03.0690 4480 LSI_SAS2 - ok
18:41:03.0690 4480 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:41:03.0706 4480 LSI_SCSI - ok
18:41:03.0706 4480 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:41:03.0706 4480 luafv - ok
18:41:03.0706 4480 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
18:41:03.0706 4480 ManyCam - ok
18:41:03.0722 4480 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
18:41:03.0722 4480 mcdbus - ok
18:41:03.0737 4480 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:41:03.0737 4480 Mcx2Svc - ok
18:41:03.0737 4480 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:41:03.0753 4480 megasas - ok
18:41:03.0753 4480 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:41:03.0753 4480 MegaSR - ok
18:41:03.0768 4480 [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2 C:\Windows\system32\753B.tmp
18:41:03.0768 4480 MEMSWEEP2 - ok
18:41:03.0800 4480 Microsoft SharePoint Workspace Audit Service - ok
18:41:03.0815 4480 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:41:03.0815 4480 MMCSS - ok
18:41:03.0815 4480 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:41:03.0815 4480 Modem - ok
18:41:03.0831 4480 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:41:03.0831 4480 monitor - ok
18:41:03.0831 4480 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:41:03.0831 4480 mouclass - ok
18:41:03.0831 4480 [ 21B7ACEA1BB49C3371DD5427BF309D6A ] moufiltr C:\Windows\system32\DRIVERS\moufiltr.sys
18:41:03.0831 4480 moufiltr - ok
18:41:03.0846 4480 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:41:03.0846 4480 mouhid - ok
18:41:03.0846 4480 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:41:03.0846 4480 mountmgr - ok
18:41:03.0862 4480 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:41:03.0862 4480 MozillaMaintenance - ok
18:41:03.0878 4480 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:41:03.0878 4480 MpFilter - ok
18:41:03.0878 4480 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:41:03.0893 4480 mpio - ok
18:41:03.0893 4480 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:41:03.0893 4480 mpsdrv - ok
18:41:03.0909 4480 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:41:03.0924 4480 MpsSvc - ok
18:41:03.0924 4480 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:41:03.0940 4480 MRxDAV - ok
18:41:03.0956 4480 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:03.0956 4480 mrxsmb - ok
18:41:03.0971 4480 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:03.0971 4480 mrxsmb10 - ok
18:41:03.0971 4480 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:03.0971 4480 mrxsmb20 - ok
18:41:03.0987 4480 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:41:03.0987 4480 msahci - ok
18:41:04.0002 4480 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:41:04.0002 4480 msdsm - ok
18:41:04.0002 4480 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:41:04.0018 4480 MSDTC - ok
18:41:04.0018 4480 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:41:04.0018 4480 Msfs - ok
18:41:04.0034 4480 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:41:04.0034 4480 mshidkmdf - ok
18:41:04.0034 4480 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:41:04.0034 4480 msisadrv - ok
18:41:04.0049 4480 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:41:04.0049 4480 MSiSCSI - ok
18:41:04.0065 4480 msiserver - ok
18:41:04.0065 4480 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:41:04.0065 4480 MSKSSRV - ok
18:41:04.0080 4480 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:41:04.0080 4480 MsMpSvc - ok
18:41:04.0080 4480 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:04.0080 4480 MSPCLOCK - ok
18:41:04.0096 4480 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:41:04.0096 4480 MSPQM - ok
18:41:04.0112 4480 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:41:04.0112 4480 MsRPC - ok
18:41:04.0112 4480 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:41:04.0112 4480 mssmbios - ok
18:41:04.0127 4480 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:41:04.0127 4480 MSTEE - ok
18:41:04.0127 4480 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:41:04.0127 4480 MTConfig - ok
18:41:04.0143 4480 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:41:04.0143 4480 Mup - ok
18:41:04.0143 4480 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:41:04.0158 4480 napagent - ok
18:41:04.0158 4480 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:41:04.0158 4480 NativeWifiP - ok
18:41:04.0190 4480 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:41:04.0190 4480 NDIS - ok
18:41:04.0205 4480 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:41:04.0205 4480 NdisCap - ok
18:41:04.0205 4480 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:04.0205 4480 NdisTapi - ok
18:41:04.0205 4480 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:04.0205 4480 Ndisuio - ok
18:41:04.0221 4480 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:04.0221 4480 NdisWan - ok
18:41:04.0236 4480 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:41:04.0236 4480 NDProxy - ok
18:41:04.0236 4480 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:41:04.0236 4480 NetBIOS - ok
18:41:04.0236 4480 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:41:04.0252 4480 NetBT - ok
18:41:04.0252 4480 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:41:04.0252 4480 Netlogon - ok
18:41:04.0252 4480 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:41:04.0268 4480 Netman - ok
18:41:04.0268 4480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:04.0283 4480 NetMsmqActivator - ok
18:41:04.0283 4480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:04.0283 4480 NetPipeActivator - ok
18:41:04.0299 4480 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:41:04.0299 4480 netprofm - ok
18:41:04.0314 4480 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
18:41:04.0314 4480 netr28x - ok
18:41:04.0314 4480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:04.0314 4480 NetTcpActivator - ok
18:41:04.0330 4480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:41:04.0330 4480 NetTcpPortSharing - ok
18:41:04.0330 4480 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:41:04.0346 4480 nfrd960 - ok
18:41:04.0346 4480 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:41:04.0346 4480 NisDrv - ok
18:41:04.0361 4480 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:41:04.0361 4480 NisSrv - ok
18:41:04.0377 4480 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:41:04.0377 4480 NlaSvc - ok
18:41:04.0377 4480 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:41:04.0377 4480 Npfs - ok
18:41:04.0392 4480 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:41:04.0392 4480 nsi - ok
18:41:04.0392 4480 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:41:04.0392 4480 nsiproxy - ok
18:41:04.0424 4480 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:41:04.0439 4480 Ntfs - ok
18:41:04.0439 4480 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:41:04.0439 4480 Null - ok
18:41:04.0455 4480 [ FE39D90FDD855B5FE68DB99237417465 ] nvda C:\Program Files (x86)\NVDA\nvda_service.exe
18:41:04.0455 4480 nvda - ok
18:41:04.0455 4480 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:41:04.0470 4480 nvraid - ok
18:41:04.0470 4480 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:41:04.0470 4480 nvstor - ok
18:41:04.0486 4480 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:41:04.0486 4480 nv_agp - ok
18:41:04.0486 4480 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:41:04.0486 4480 ohci1394 - ok
18:41:04.0502 4480 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:41:04.0502 4480 ose - ok
18:41:04.0595 4480 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:41:04.0658 4480 osppsvc - ok
18:41:04.0704 4480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:41:04.0704 4480 p2pimsvc - ok
18:41:04.0720 4480 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:41:04.0720 4480 p2psvc - ok
18:41:04.0720 4480 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:41:04.0720 4480 Parport - ok
18:41:04.0736 4480 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:41:04.0736 4480 partmgr - ok
18:41:04.0736 4480 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:41:04.0736 4480 PcaSvc - ok
18:41:04.0751 4480 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:41:04.0751 4480 pci - ok
18:41:04.0751 4480 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:41:04.0751 4480 pciide - ok
18:41:04.0767 4480 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:41:04.0767 4480 pcmcia - ok
18:41:04.0782 4480 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:41:04.0782 4480 pcw - ok
18:41:04.0985 4480 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
18:41:04.0985 4480 PDFProFiltSrvPP - ok
18:41:05.0001 4480 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:41:05.0001 4480 PEAUTH - ok
18:41:05.0126 4480 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:41:05.0126 4480 PerfHost - ok
18:41:05.0172 4480 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:41:05.0172 4480 pla - ok
18:41:05.0188 4480 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:41:05.0188 4480 PlugPlay - ok
18:41:05.0204 4480 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:41:05.0204 4480 PNRPAutoReg - ok
18:41:05.0204 4480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:41:05.0219 4480 PNRPsvc - ok
18:41:05.0219 4480 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:41:05.0219 4480 PolicyAgent - ok
18:41:05.0235 4480 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:41:05.0235 4480 Power - ok
18:41:05.0235 4480 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:41:05.0250 4480 PptpMiniport - ok
18:41:05.0250 4480 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:41:05.0250 4480 Processor - ok
18:41:05.0250 4480 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:41:05.0266 4480 ProfSvc - ok
18:41:05.0266 4480 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:41:05.0266 4480 ProtectedStorage - ok
18:41:05.0266 4480 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:41:05.0266 4480 Psched - ok
18:41:05.0297 4480 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:41:05.0313 4480 ql2300 - ok
18:41:05.0313 4480 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:41:05.0328 4480 ql40xx - ok
18:41:05.0328 4480 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:41:05.0328 4480 QWAVE - ok
18:41:05.0344 4480 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:41:05.0344 4480 QWAVEdrv - ok
18:41:05.0344 4480 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:41:05.0344 4480 RasAcd - ok
18:41:05.0344 4480 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:41:05.0344 4480 RasAgileVpn - ok
18:41:05.0360 4480 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:41:05.0360 4480 RasAuto - ok
18:41:05.0360 4480 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:41:05.0360 4480 Rasl2tp - ok
18:41:05.0375 4480 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:41:05.0375 4480 RasMan - ok
18:41:05.0375 4480 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:41:05.0375 4480 RasPppoe - ok
18:41:05.0391 4480 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:41:05.0391 4480 RasSstp - ok
18:41:05.0406 4480 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:41:05.0406 4480 rdbss - ok
18:41:05.0406 4480 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:41:05.0406 4480 rdpbus - ok
18:41:05.0406 4480 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:41:05.0406 4480 RDPCDD - ok
18:41:05.0422 4480 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:41:05.0422 4480 RDPENCDD - ok
18:41:05.0422 4480 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:41:05.0422 4480 RDPREFMP - ok
18:41:05.0438 4480 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:41:05.0438 4480 RDPWD - ok
18:41:05.0438 4480 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:41:05.0438 4480 rdyboost - ok
18:41:05.0453 4480 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:41:05.0453 4480 RemoteAccess - ok
18:41:05.0453 4480 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:41:05.0469 4480 RemoteRegistry - ok
18:41:05.0469 4480 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:41:05.0469 4480 RpcEptMapper - ok
18:41:05.0469 4480 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:41:05.0484 4480 RpcLocator - ok
18:41:05.0484 4480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:41:05.0484 4480 RpcSs - ok
18:41:05.0500 4480 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:41:05.0500 4480 rspndr - ok
18:41:05.0500 4480 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:41:05.0500 4480 SamSs - ok
18:41:05.0516 4480 [ 152EE68830FFB13F0B1FEC6C9B99644F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
18:41:05.0516 4480 SbieDrv - ok
18:41:05.0516 4480 [ FD0287131D91352F225EBB5CD3527952 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
18:41:05.0516 4480 SbieSvc - ok
18:41:05.0531 4480 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:41:05.0531 4480 sbp2port - ok
18:41:05.0531 4480 SBRE - ok
18:41:05.0531 4480 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:41:05.0547 4480 SCardSvr - ok
18:41:05.0547 4480 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:41:05.0547 4480 scfilter - ok
18:41:05.0562 4480 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:41:05.0578 4480 Schedule - ok
18:41:05.0578 4480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:41:05.0578 4480 SCPolicySvc - ok
18:41:05.0594 4480 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:41:05.0594 4480 SDRSVC - ok
18:41:05.0594 4480 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:41:05.0594 4480 secdrv - ok
18:41:05.0594 4480 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:41:05.0609 4480 seclogon - ok
18:41:05.0609 4480 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:41:05.0609 4480 SENS - ok
18:41:05.0609 4480 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:41:05.0609 4480 SensrSvc - ok
18:41:05.0625 4480 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:41:05.0625 4480 Serenum - ok
18:41:05.0625 4480 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:41:05.0625 4480 Serial - ok
18:41:05.0640 4480 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:41:05.0640 4480 sermouse - ok
18:41:05.0640 4480 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:41:05.0656 4480 SessionEnv - ok
18:41:05.0656 4480 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:41:05.0656 4480 sffdisk - ok
18:41:05.0656 4480 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:41:05.0656 4480 sffp_mmc - ok
18:41:05.0672 4480 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:41:05.0672 4480 sffp_sd - ok
18:41:05.0672 4480 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:41:05.0672 4480 sfloppy - ok
18:41:05.0687 4480 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:41:05.0687 4480 SharedAccess - ok
18:41:05.0703 4480 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:41:05.0703 4480 ShellHWDetection - ok
18:41:05.0703 4480 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:41:05.0703 4480 SiSRaid2 - ok
18:41:05.0718 4480 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:41:05.0718 4480 SiSRaid4 - ok
18:41:05.0718 4480 [ EF3B592545676301CDEB7C2609EED7BF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:41:05.0718 4480 SkypeUpdate - ok
18:41:05.0734 4480 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
18:41:05.0734 4480 SmartDefragDriver - ok
18:41:05.0734 4480 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:41:05.0734 4480 Smb - ok
18:41:05.0750 4480 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:41:05.0750 4480 SNMPTRAP - ok
18:41:05.0750 4480 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:41:05.0781 4480 spldr - ok
18:41:05.0828 4480 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:41:05.0828 4480 Spooler - ok
18:41:05.0952 4480 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:41:05.0984 4480 sppsvc - ok
18:41:05.0999 4480 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:41:05.0999 4480 sppuinotify - ok
18:41:06.0046 4480 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:41:06.0046 4480 srv - ok
18:41:06.0062 4480 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:41:06.0077 4480 srv2 - ok
18:41:06.0108 4480 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:41:06.0108 4480 srvnet - ok
18:41:06.0140 4480 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
18:41:06.0155 4480 sscdbus - ok
18:41:06.0171 4480 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:41:06.0218 4480 sscdmdfl - ok
18:41:06.0218 4480 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
18:41:06.0233 4480 sscdmdm - ok
18:41:06.0233 4480 [ 05FFA552F578E27AB2D41B6828DB477F ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
18:41:06.0233 4480 sscdserd - ok
18:41:06.0249 4480 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:41:06.0249 4480 SSDPSRV - ok
18:41:06.0249 4480 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:41:06.0249 4480 SstpSvc - ok
18:41:06.0264 4480 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:41:06.0264 4480 stexstor - ok
18:41:06.0264 4480 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:41:06.0264 4480 StillCam - ok
18:41:06.0280 4480 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:41:06.0280 4480 stisvc - ok
18:41:06.0296 4480 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:41:06.0296 4480 swenum - ok
18:41:06.0296 4480 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:41:06.0311 4480 SwitchBoard - ok
18:41:06.0311 4480 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:41:06.0327 4480 swprv - ok
18:41:06.0420 4480 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:41:06.0436 4480 SysMain - ok
18:41:06.0483 4480 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:41:06.0483 4480 TabletInputService - ok
18:41:06.0498 4480 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:41:06.0498 4480 TapiSrv - ok
18:41:06.0498 4480 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:41:06.0530 4480 TBS - ok
18:41:06.0592 4480 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:41:06.0608 4480 Tcpip - ok
18:41:06.0670 4480 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:41:06.0670 4480 TCPIP6 - ok
18:41:06.0701 4480 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:41:06.0701 4480 tcpipreg - ok
18:41:06.0717 4480 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:41:06.0717 4480 TDPIPE - ok
18:41:06.0717 4480 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:41:06.0717 4480 TDTCP - ok
18:41:06.0717 4480 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:41:06.0717 4480 tdx - ok
18:41:06.0732 4480 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:41:06.0732 4480 TermDD - ok
18:41:06.0748 4480 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:41:06.0748 4480 TermService - ok
18:41:06.0764 4480 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:41:06.0764 4480 Themes - ok
18:41:06.0764 4480 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:41:06.0764 4480 THREADORDER - ok
18:41:06.0779 4480 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:41:06.0779 4480 TrkWks - ok
18:41:06.0779 4480 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:41:06.0795 4480 TrustedInstaller - ok
18:41:06.0842 4480 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:41:06.0842 4480 tssecsrv - ok
18:41:06.0857 4480 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:41:06.0857 4480 TsUsbFlt - ok
18:41:06.0873 4480 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:41:06.0873 4480 tunnel - ok
18:41:06.0873 4480 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:41:06.0873 4480 uagp35 - ok
18:41:06.0888 4480 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:41:06.0888 4480 udfs - ok
18:41:06.0904 4480 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:41:06.0904 4480 UI0Detect - ok
18:41:06.0904 4480 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:41:06.0904 4480 uliagpkx - ok
18:41:06.0920 4480 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:41:06.0920 4480 umbus - ok
18:41:06.0920 4480 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:41:06.0920 4480 UmPass - ok
18:41:06.0935 4480 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:41:06.0935 4480 upnphost - ok
18:41:06.0935 4480 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:41:06.0935 4480 usbaudio - ok
18:41:06.0951 4480 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:41:06.0951 4480 usbccgp - ok
18:41:06.0951 4480 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:41:06.0951 4480 usbcir - ok
18:41:06.0966 4480 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:41:06.0966 4480 usbehci - ok
18:41:06.0966 4480 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
18:41:06.0966 4480 UsbFltr - ok
18:41:06.0982 4480 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:41:06.0982 4480 usbhub - ok
18:41:06.0982 4480 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:41:06.0982 4480 usbohci - ok
18:41:06.0982 4480 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:41:06.0982 4480 usbprint - ok
18:41:06.0998 4480 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:41:06.0998 4480 usbscan - ok
18:41:06.0998 4480 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:41:06.0998 4480 USBSTOR - ok
18:41:06.0998 4480 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:41:06.0998 4480 usbuhci - ok
18:41:07.0013 4480 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:41:07.0013 4480 UxSms - ok
18:41:07.0013 4480 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:41:07.0013 4480 VaultSvc - ok
18:41:07.0013 4480 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
18:41:07.0013 4480 VClone - ok
18:41:07.0029 4480 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:41:07.0029 4480 vdrvroot - ok
18:41:07.0044 4480 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:41:07.0044 4480 vds - ok
18:41:07.0044 4480 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:41:07.0044 4480 vga - ok
18:41:07.0060 4480 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:41:07.0060 4480 VgaSave - ok
18:41:07.0060 4480 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:41:07.0076 4480 vhdmp - ok
18:41:07.0076 4480 [ 68F6A83C8848875AD027D038637A5BE0 ] vhidmini C:\Windows\system32\DRIVERS\walvhid.sys
18:41:07.0076 4480 vhidmini - ok
18:41:07.0076 4480 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:41:07.0076 4480 viaide - ok
18:41:07.0076 4480 [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
18:41:07.0076 4480 VKbms - ok
18:41:07.0091 4480 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:41:07.0091 4480 volmgr - ok
18:41:07.0091 4480 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:41:07.0107 4480 volmgrx - ok
18:41:07.0107 4480 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:41:07.0107 4480 volsnap - ok
18:41:07.0122 4480 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:41:07.0122 4480 vsmraid - ok
18:41:07.0138 4480 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:41:07.0169 4480 VSS - ok
18:41:07.0169 4480 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:41:07.0169 4480 vwifibus - ok
18:41:07.0169 4480 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:41:07.0169 4480 vwififlt - ok
18:41:07.0185 4480 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:41:07.0185 4480 W32Time - ok
18:41:07.0185 4480 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:41:07.0185 4480 WacomPen - ok
18:41:07.0200 4480 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:41:07.0200 4480 WANARP - ok
18:41:07.0200 4480 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:41:07.0200 4480 Wanarpv6 - ok
18:41:07.0232 4480 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:41:07.0247 4480 WatAdminSvc - ok
18:41:07.0263 4480 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:41:07.0278 4480 wbengine - ok
18:41:07.0294 4480 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:41:07.0294 4480 WbioSrvc - ok
18:41:07.0310 4480 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:41:07.0310 4480 wcncsvc - ok
18:41:07.0310 4480 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:41:07.0310 4480 WcsPlugInService - ok
18:41:07.0325 4480 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:41:07.0325 4480 Wd - ok
18:41:07.0325 4480 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:41:07.0325 4480 WDC_SAM - ok
18:41:07.0341 4480 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:41:07.0341 4480 Wdf01000 - ok
18:41:07.0356 4480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:41:07.0356 4480 WdiServiceHost - ok
18:41:07.0356 4480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:41:07.0356 4480 WdiSystemHost - ok
18:41:07.0372 4480 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:41:07.0372 4480 WebClient - ok
18:41:07.0372 4480 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:41:07.0372 4480 Wecsvc - ok
18:41:07.0388 4480 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:41:07.0388 4480 wercplsupport - ok
18:41:07.0388 4480 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:41:07.0403 4480 WerSvc - ok
18:41:07.0403 4480 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:41:07.0403 4480 WfpLwf - ok
18:41:07.0403 4480 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:41:07.0403 4480 WIMMount - ok
18:41:07.0403 4480 WinDefend - ok
18:41:07.0419 4480 WinHttpAutoProxySvc - ok
18:41:07.0434 4480 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:41:07.0434 4480 Winmgmt - ok
18:41:07.0466 4480 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:41:07.0481 4480 WinRM - ok
18:41:07.0497 4480 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:41:07.0497 4480 WinUsb - ok
18:41:07.0512 4480 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:41:07.0512 4480 Wlansvc - ok
18:41:07.0528 4480 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:41:07.0528 4480 wlcrasvc - ok
18:41:07.0559 4480 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:41:07.0575 4480 wlidsvc - ok
18:41:07.0575 4480 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:41:07.0575 4480 WmiAcpi - ok
18:41:07.0606 4480 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:41:07.0637 4480 wmiApSrv - ok
18:41:07.0637 4480 WMPNetworkSvc - ok
18:41:07.0637 4480 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:41:07.0637 4480 WPCSvc - ok
18:41:07.0653 4480 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:41:07.0653 4480 WPDBusEnum - ok
18:41:07.0653 4480 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:41:07.0653 4480 ws2ifsl - ok
18:41:07.0653 4480 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:41:07.0653 4480 wscsvc - ok
18:41:07.0668 4480 WSearch - ok
18:41:07.0668 4480 WTService - ok
18:41:07.0700 4480 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:41:07.0731 4480 wuauserv - ok
18:41:07.0731 4480 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:41:07.0731 4480 WudfPf - ok
18:41:07.0731 4480 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:41:07.0746 4480 WUDFRd - ok
18:41:07.0746 4480 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:41:07.0746 4480 wudfsvc - ok
18:41:07.0746 4480 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:41:07.0762 4480 WwanSvc - ok
18:41:07.0762 4480 ================ Scan global ===============================
18:41:07.0762 4480 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:41:07.0778 4480 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:41:07.0778 4480 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:41:07.0778 4480 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:41:07.0793 4480 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:41:07.0793 4480 [Global] - ok
18:41:07.0793 4480 ================ Scan MBR ==================================
18:41:07.0824 4480 [ 79962654681138340E36218534F1BFF5 ] \Device\Harddisk0\DR0
18:41:08.0027 4480 \Device\Harddisk0\DR0 - ok
18:41:08.0027 4480 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:41:08.0246 4480 \Device\Harddisk1\DR1 - ok
18:41:08.0246 4480 ================ Scan VBR ==================================
18:41:08.0246 4480 [ 0833439FFAEF4A94889A562C3FF2D899 ] \Device\Harddisk1\DR1\Partition1
18:41:08.0246 4480 \Device\Harddisk1\DR1\Partition1 - ok
18:41:08.0246 4480 ================ Scan active images ========================
18:41:08.0246 4480 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
18:41:08.0246 4480 C:\Windows\System32\drivers\crashdmp.sys - ok
18:41:08.0246 4480 [ F747497A0EE5498F79B207F215B3D2D8 ] C:\Windows\System32\drivers\amdsata.sys
18:41:08.0246 4480 C:\Windows\System32\drivers\amdsata.sys - ok
18:41:08.0246 4480 [ 9BBD8B5855BC6578957F82341F9CDE5A ] C:\Windows\System32\drivers\Diskdump.sys
18:41:08.0246 4480 C:\Windows\System32\drivers\Diskdump.sys - ok
18:41:08.0261 4480 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
18:41:08.0261 4480 C:\Windows\System32\drivers\dumpfve.sys - ok
18:41:08.0261 4480 [ 46571ED73AE84469DCA53081D33CF3C8 ] C:\Windows\System32\drivers\dtsoftbus01.sys
18:41:08.0261 4480 C:\Windows\System32\drivers\dtsoftbus01.sys - ok
18:41:08.0261 4480 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
18:41:08.0261 4480 C:\Windows\System32\drivers\beep.sys - ok
18:41:08.0261 4480 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
18:41:08.0261 4480 C:\Windows\System32\drivers\cdrom.sys - ok
18:41:08.0277 4480 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
18:41:08.0277 4480 C:\Windows\System32\drivers\null.sys - ok
18:41:08.0277 4480 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
18:41:08.0277 4480 C:\Windows\System32\drivers\vga.sys - ok
18:41:08.0277 4480 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
18:41:08.0277 4480 C:\Windows\System32\drivers\videoprt.sys - ok
18:41:08.0277 4480 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
18:41:08.0277 4480 C:\Windows\System32\drivers\watchdog.sys - ok
18:41:08.0277 4480 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
18:41:08.0277 4480 C:\Windows\System32\drivers\msfs.sys - ok
18:41:08.0292 4480 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
18:41:08.0292 4480 C:\Windows\System32\drivers\RDPCDD.sys - ok
18:41:08.0292 4480 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
18:41:08.0292 4480 C:\Windows\System32\drivers\RDPENCDD.sys - ok
18:41:08.0292 4480 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
18:41:08.0292 4480 C:\Windows\System32\drivers\RDPREFMP.sys - ok
18:41:08.0292 4480 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
18:41:08.0292 4480 C:\Windows\System32\drivers\npfs.sys - ok
18:41:08.0308 4480 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
18:41:08.0308 4480 C:\Windows\System32\drivers\tdi.sys - ok
18:41:08.0308 4480 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
18:41:08.0308 4480 C:\Windows\System32\drivers\tdx.sys - ok
18:41:08.0308 4480 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
18:41:08.0308 4480 C:\Windows\System32\drivers\afd.sys - ok
18:41:08.0308 4480 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
18:41:08.0308 4480 C:\Windows\System32\drivers\netbt.sys - ok
18:41:08.0308 4480 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
18:41:08.0308 4480 C:\Windows\System32\drivers\pacer.sys - ok
18:41:08.0324 4480 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
18:41:08.0324 4480 C:\Windows\System32\drivers\wfplwf.sys - ok
18:41:08.0324 4480 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
18:41:08.0324 4480 C:\Windows\System32\drivers\ws2ifsl.sys - ok
18:41:08.0324 4480 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
18:41:08.0324 4480 C:\Windows\System32\drivers\vwififlt.sys - ok
18:41:08.0324 4480 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
18:41:08.0324 4480 C:\Windows\System32\drivers\hidclass.sys - ok
18:41:08.0339 4480 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
18:41:08.0339 4480 C:\Windows\System32\drivers\hidparse.sys - ok
18:41:08.0339 4480 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
18:41:08.0339 4480 C:\Windows\System32\drivers\netbios.sys - ok
18:41:08.0339 4480 [ C74E17A274E4DF797D743B500582906A ] C:\Windows\System32\drivers\aiptektp.sys
18:41:08.0339 4480 C:\Windows\System32\drivers\aiptektp.sys - ok
18:41:08.0339 4480 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
18:41:08.0339 4480 C:\Windows\System32\drivers\termdd.sys - ok
18:41:08.0339 4480 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
18:41:08.0339 4480 C:\Windows\System32\drivers\usbd.sys - ok
18:41:08.0355 4480 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
18:41:08.0355 4480 C:\Windows\System32\drivers\wanarp.sys - ok
18:41:08.0355 4480 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
18:41:08.0355 4480 C:\Windows\System32\drivers\mssmbios.sys - ok
18:41:08.0355 4480 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
18:41:08.0355 4480 C:\Windows\System32\drivers\nsiproxy.sys - ok
18:41:08.0355 4480 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
18:41:08.0355 4480 C:\Windows\System32\drivers\rdbss.sys - ok
18:41:08.0355 4480 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
18:41:08.0355 4480 C:\Windows\System32\drivers\blbdrive.sys - ok
18:41:08.0370 4480 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
18:41:08.0370 4480 C:\Windows\System32\drivers\dfsc.sys - ok
18:41:08.0370 4480 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
18:41:08.0370 4480 C:\Windows\System32\drivers\discache.sys - ok
18:41:08.0370 4480 [ A05FC7ECA0966EBB70E4D17B855A853B ] C:\Windows\System32\drivers\ElbyCDIO.sys
18:41:08.0370 4480 C:\Windows\System32\drivers\ElbyCDIO.sys - ok
18:41:08.0370 4480 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
18:41:08.0370 4480 C:\Windows\System32\drivers\amdppm.sys - ok
18:41:08.0370 4480 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
18:41:08.0370 4480 C:\Windows\System32\drivers\tunnel.sys - ok
18:41:08.0386 4480 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
18:41:08.0386 4480 C:\Windows\System32\ntdll.dll - ok
18:41:08.0386 4480 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
18:41:08.0386 4480 C:\Windows\System32\smss.exe - ok
18:41:08.0386 4480 [ D93655EC3CA48FCBFFD9D4E6DF63737F ] C:\Windows\System32\drivers\atikmpag.sys
18:41:08.0386 4480 C:\Windows\System32\drivers\atikmpag.sys - ok
18:41:08.0386 4480 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
18:41:08.0386 4480 C:\Windows\System32\imagehlp.dll - ok
18:41:08.0402 4480 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
18:41:08.0402 4480 C:\Windows\System32\msvcrt.dll - ok
18:41:08.0402 4480 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
18:41:08.0402 4480 C:\Windows\System32\shell32.dll - ok
18:41:08.0402 4480 [ 5F62E6CFD4FEA8D19110BDEB423BF510 ] C:\Windows\System32\drivers\atikmdag.sys
18:41:08.0402 4480 C:\Windows\System32\drivers\atikmdag.sys - ok
18:41:08.0402 4480 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
18:41:08.0402 4480 C:\Windows\System32\psapi.dll - ok
18:41:08.0402 4480 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
18:41:08.0402 4480 C:\Windows\System32\user32.dll - ok
18:41:08.0417 4480 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
18:41:08.0417 4480 C:\Windows\System32\ws2_32.dll - ok
18:41:08.0417 4480 [ 8EA68FD3780DDDD5072F8CB830B3CB3D ] C:\Windows\System32\wininet.dll
18:41:08.0417 4480 C:\Windows\System32\wininet.dll - ok
18:41:08.0417 4480 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
18:41:08.0417 4480 C:\Windows\System32\ole32.dll - ok
18:41:08.0417 4480 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
18:41:08.0417 4480 C:\Windows\System32\difxapi.dll - ok
18:41:08.0417 4480 [ 7F7FE11DF2D67B36DFE5013881619A94 ] C:\Windows\System32\urlmon.dll
18:41:08.0417 4480 C:\Windows\System32\urlmon.dll - ok
18:41:08.0433 4480 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
18:41:08.0433 4480 C:\Windows\System32\msctf.dll - ok
18:41:08.0433 4480 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
18:41:08.0433 4480 C:\Windows\System32\normaliz.dll - ok
18:41:08.0433 4480 [ B9B42A302325537D7B9DC52D47F33A73 ] C:\Windows\System32\kernel32.dll
18:41:08.0433 4480 C:\Windows\System32\kernel32.dll - ok
18:41:08.0433 4480 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
18:41:08.0433 4480 C:\Windows\System32\lpk.dll - ok
18:41:08.0433 4480 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
18:41:08.0433 4480 C:\Windows\System32\comdlg32.dll - ok
18:41:08.0448 4480 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
18:41:08.0448 4480 C:\Windows\System32\Wldap32.dll - ok
18:41:08.0448 4480 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
18:41:08.0448 4480 C:\Windows\System32\gdi32.dll - ok
18:41:08.0448 4480 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
18:41:08.0448 4480 C:\Windows\System32\imm32.dll - ok
18:41:08.0448 4480 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
18:41:08.0448 4480 C:\Windows\System32\sechost.dll - ok
18:41:08.0448 4480 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
18:41:08.0448 4480 C:\Windows\System32\usp10.dll - ok
18:41:08.0464 4480 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
18:41:08.0464 4480 C:\Windows\System32\drivers\dxgkrnl.sys - ok
18:41:08.0464 4480 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
18:41:08.0464 4480 C:\Windows\System32\drivers\dxgmms1.sys - ok
18:41:08.0464 4480 [ E10A0704318A6F7E52787D09717D7C2C ] C:\Windows\System32\iertutil.dll
18:41:08.0464 4480 C:\Windows\System32\iertutil.dll - ok
18:41:08.0464 4480 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
18:41:08.0464 4480 C:\Windows\System32\shlwapi.dll - ok
18:41:08.0464 4480 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
18:41:08.0464 4480 C:\Windows\System32\drivers\hdaudbus.sys - ok
18:41:08.0464 4480 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
18:41:08.0464 4480 C:\Windows\System32\clbcatq.dll - ok
18:41:08.0480 4480 [ B72BB9496A126FCFC7FC5945DED9B411 ] C:\Windows\System32\drivers\netr28x.sys
18:41:08.0480 4480 C:\Windows\System32\drivers\netr28x.sys - ok
18:41:08.0480 4480 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
18:41:08.0480 4480 C:\Windows\System32\advapi32.dll - ok
18:41:08.0480 4480 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
18:41:08.0480 4480 C:\Windows\System32\drivers\vwifibus.sys - ok
18:41:08.0480 4480 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
18:41:08.0480 4480 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
18:41:08.0480 4480 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
18:41:08.0480 4480 C:\Windows\System32\rpcrt4.dll - ok
18:41:08.0495 4480 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
18:41:08.0495 4480 C:\Windows\System32\drivers\usbohci.sys - ok
18:41:08.0495 4480 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
18:41:08.0495 4480 C:\Windows\System32\drivers\usbport.sys - ok
18:41:08.0495 4480 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
18:41:08.0495 4480 C:\Windows\System32\setupapi.dll - ok
18:41:08.0495 4480 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
18:41:08.0495 4480 C:\Windows\System32\drivers\usbehci.sys - ok
18:41:08.0495 4480 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
18:41:08.0495 4480 C:\Windows\System32\drivers\wmiacpi.sys - ok
18:41:08.0495 4480 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
18:41:08.0495 4480 C:\Windows\System32\drivers\CompositeBus.sys - ok
18:41:08.0511 4480 [ DECACB6921DED1A38642642685D77DAC ] C:\Windows\System32\drivers\serscan.sys
18:41:08.0511 4480 C:\Windows\System32\drivers\serscan.sys - ok
18:41:08.0511 4480 [ 68F6A83C8848875AD027D038637A5BE0 ] C:\Windows\System32\drivers\walvhid.sys
18:41:08.0511 4480 C:\Windows\System32\drivers\walvhid.sys - ok
18:41:08.0511 4480 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
18:41:08.0511 4480 C:\Windows\System32\drivers\ks.sys - ok
18:41:08.0511 4480 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
18:41:08.0511 4480 C:\Windows\System32\drivers\ksthunk.sys - ok
18:41:08.0511 4480 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
18:41:08.0511 4480 C:\Windows\System32\nsi.dll - ok
18:41:08.0526 4480 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
18:41:08.0526 4480 C:\Windows\System32\oleaut32.dll - ok
18:41:08.0526 4480 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
18:41:08.0526 4480 C:\Windows\System32\cfgmgr32.dll - ok
18:41:08.0526 4480 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
18:41:08.0526 4480 C:\Windows\System32\drivers\agilevpn.sys - ok
18:41:08.0526 4480 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
18:41:08.0526 4480 C:\Windows\System32\drivers\rasl2tp.sys - ok
18:41:08.0526 4480 [ 6B5174702343BD955E174FDFEFA2A1A3 ] C:\Windows\System32\KernelBase.dll
18:41:08.0526 4480 C:\Windows\System32\KernelBase.dll - ok
18:41:08.0542 4480 [ 53238D99636BBA85F491C3E8FD22AB00 ] C:\Windows\System32\wintrust.dll
18:41:08.0542 4480 C:\Windows\System32\wintrust.dll - ok
18:41:08.0542 4480 [ FAF1BA660F84789CCCE747CE6F9D055A ] C:\Windows\System32\crypt32.dll
18:41:08.0542 4480 C:\Windows\System32\crypt32.dll - ok
18:41:08.0542 4480 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
18:41:08.0542 4480 C:\Windows\System32\devobj.dll - ok
18:41:08.0542 4480 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
18:41:08.0542 4480 C:\Windows\System32\drivers\ndistapi.sys - ok
18:41:08.0542 4480 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
18:41:08.0542 4480 C:\Windows\System32\drivers\ndiswan.sys - ok
18:41:08.0542 4480 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
18:41:08.0542 4480 C:\Windows\System32\drivers\raspppoe.sys - ok
18:41:08.0558 4480 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
18:41:08.0558 4480 C:\Windows\System32\comctl32.dll - ok
18:41:08.0558 4480 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
18:41:08.0558 4480 C:\Windows\System32\drivers\raspptp.sys - ok
18:41:08.0558 4480 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
18:41:08.0558 4480 C:\Windows\System32\drivers\kbdclass.sys - ok
18:41:08.0558 4480 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
18:41:08.0558 4480 C:\Windows\System32\drivers\rassstp.sys - ok
18:41:08.0573 4480 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
18:41:08.0573 4480 C:\Windows\System32\msasn1.dll - ok
18:41:08.0573 4480 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
18:41:08.0573 4480 C:\Windows\System32\drivers\mouclass.sys - ok
18:41:08.0573 4480 [ 1B1E264203D4EF9D3DA1987AD70355AB ] C:\Windows\System32\drivers\scsiport.sys
18:41:08.0573 4480 C:\Windows\System32\drivers\scsiport.sys - ok
18:41:08.0573 4480 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
18:41:08.0573 4480 C:\Windows\System32\drivers\swenum.sys - ok
18:41:08.0573 4480 [ FD911873C0BB6945FA38C16E9A2B58F9 ] C:\Windows\System32\drivers\VClone.sys
18:41:08.0573 4480 C:\Windows\System32\drivers\VClone.sys - ok
18:41:08.0589 4480 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
18:41:08.0589 4480 C:\Windows\System32\drivers\umbus.sys - ok
18:41:08.0589 4480 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
18:41:08.0589 4480 C:\Windows\SysWOW64\normaliz.dll - ok
18:41:08.0589 4480 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
18:41:08.0589 4480 C:\Windows\System32\drivers\usbhub.sys - ok
18:41:08.0589 4480 [ 21B7ACEA1BB49C3371DD5427BF309D6A ] C:\Windows\System32\drivers\moufiltr.sys
18:41:08.0589 4480 C:\Windows\System32\drivers\moufiltr.sys - ok
18:41:08.0604 4480 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
18:41:08.0604 4480 C:\Windows\System32\drivers\mouhid.sys - ok
18:41:08.0604 4480 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
18:41:08.0604 4480 C:\Windows\System32\drivers\ndproxy.sys - ok
18:41:08.0604 4480 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
18:41:08.0604 4480 C:\Windows\System32\drivers\drmk.sys - ok
18:41:08.0604 4480 [ 975761C778E33CD22498059B91E7373A ] C:\Windows\System32\drivers\HdAudio.sys
18:41:08.0604 4480 C:\Windows\System32\drivers\HdAudio.sys - ok
18:41:08.0620 4480 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
18:41:08.0620 4480 C:\Windows\System32\drivers\portcls.sys - ok
18:41:08.0620 4480 [ 88798B4381FD58FAE2DA07880C177C5C ] C:\Windows\System32\drivers\RTKVHD64.sys
18:41:08.0620 4480 C:\Windows\System32\drivers\RTKVHD64.sys - ok
18:41:08.0620 4480 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
18:41:08.0620 4480 C:\Windows\System32\drivers\dxapi.sys - ok
18:41:08.0620 4480 [ F0D6864A7D52CE137E0A9D24795C3F0E ] C:\Windows\System32\win32k.sys
18:41:08.0620 4480 C:\Windows\System32\win32k.sys - ok
18:41:08.0620 4480 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
18:41:08.0620 4480 C:\Windows\System32\csrsrv.dll - ok
18:41:08.0636 4480 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
18:41:08.0636 4480 C:\Windows\System32\csrss.exe - ok
18:41:08.0636 4480 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
18:41:08.0636 4480 C:\Windows\System32\basesrv.dll - ok
18:41:08.0636 4480 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\System32\winsrv.dll
18:41:08.0636 4480 C:\Windows\System32\winsrv.dll - ok
18:41:08.0636 4480 [ B8BD2BB284668C84865658C77574381A ] C:\Windows\System32\drivers\cdfs.sys
18:41:08.0636 4480 C:\Windows\System32\drivers\cdfs.sys - ok
18:41:08.0636 4480 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
18:41:08.0636 4480 C:\Windows\System32\drivers\usbccgp.sys - ok
18:41:08.0651 4480 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
18:41:08.0651 4480 C:\Windows\System32\drivers\hidusb.sys - ok
18:41:08.0651 4480 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] C:\Windows\System32\drivers\USBAUDIO.sys
18:41:08.0651 4480 C:\Windows\System32\drivers\USBAUDIO.sys - ok
18:41:08.0651 4480 [ 68BAD03835873D4BBBDE95CBB135A395 ] C:\Windows\System32\drivers\UsbFltr.sys
18:41:08.0651 4480 C:\Windows\System32\drivers\UsbFltr.sys - ok
18:41:08.0651 4480 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
18:41:08.0651 4480 C:\Windows\System32\drivers\kbdhid.sys - ok
18:41:08.0651 4480 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
18:41:08.0651 4480 C:\Windows\System32\drivers\monitor.sys - ok
18:41:08.0667 4480 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
18:41:08.0667 4480 C:\Windows\System32\tsddd.dll - ok
18:41:08.0667 4480 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
18:41:08.0667 4480 C:\Windows\System32\sxssrv.dll - ok
18:41:08.0667 4480 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
18:41:08.0667 4480 C:\Windows\System32\wininit.exe - ok
18:41:08.0667 4480 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
18:41:08.0667 4480 C:\Windows\System32\cdd.dll - ok
18:41:08.0667 4480 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
18:41:08.0667 4480 C:\Windows\System32\profapi.dll - ok
18:41:08.0682 4480 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
18:41:08.0682 4480 C:\Windows\System32\KBDUS.DLL - ok
18:41:08.0682 4480 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
18:41:08.0682 4480 C:\Windows\System32\RpcRtRemote.dll - ok
18:41:08.0682 4480 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
18:41:08.0682 4480 C:\Windows\System32\drivers\USBSTOR.SYS - ok
18:41:08.0682 4480 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
18:41:08.0682 4480 C:\Windows\System32\apphelp.dll - ok
18:41:08.0682 4480 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
18:41:08.0682 4480 C:\Windows\System32\services.exe - ok
18:41:08.0698 4480 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
18:41:08.0698 4480 C:\Windows\System32\WlS0WndH.dll - ok
18:41:08.0698 4480 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
18:41:08.0698 4480 C:\Windows\System32\sxs.dll - ok
18:41:08.0698 4480 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
18:41:08.0698 4480 C:\Windows\System32\winlogon.exe - ok
18:41:08.0698 4480 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
18:41:08.0698 4480 C:\Windows\System32\winsta.dll - ok
18:41:08.0698 4480 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
18:41:08.0698 4480 C:\Windows\System32\cryptbase.dll - ok
18:41:08.0714 4480 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
18:41:08.0714 4480 C:\Windows\System32\lsass.exe - ok
18:41:08.0714 4480 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
18:41:08.0714 4480 C:\Windows\System32\lsasrv.dll - ok
18:41:08.0714 4480 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
18:41:08.0714 4480 C:\Windows\System32\lsm.exe - ok
18:41:08.0714 4480 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
18:41:08.0714 4480 C:\Windows\System32\scesrv.dll - ok
18:41:08.0714 4480 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
18:41:08.0714 4480 C:\Windows\System32\scext.dll - ok
18:41:08.0714 4480 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
18:41:08.0714 4480 C:\Windows\System32\secur32.dll - ok
18:41:08.0729 4480 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
18:41:08.0729 4480 C:\Windows\System32\sspicli.dll - ok
18:41:08.0729 4480 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
18:41:08.0729 4480 C:\Windows\System32\sspisrv.dll - ok
18:41:08.0729 4480 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
18:41:08.0729 4480 C:\Windows\System32\sysntfy.dll - ok
18:41:08.0729 4480 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
18:41:08.0729 4480 C:\Windows\System32\srvcli.dll - ok
18:41:08.0729 4480 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
18:41:08.0729 4480 C:\Windows\System32\wmsgapi.dll - ok
18:41:08.0745 4480 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
18:41:08.0745 4480 C:\Windows\System32\samsrv.dll - ok
18:41:08.0745 4480 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
18:41:08.0745 4480 C:\Windows\System32\cryptdll.dll - ok
18:41:08.0745 4480 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
18:41:08.0745 4480 C:\Windows\System32\wevtapi.dll - ok
18:41:08.0745 4480 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
18:41:08.0745 4480 C:\Windows\System32\authz.dll - ok
18:41:08.0745 4480 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
18:41:08.0745 4480 C:\Windows\System32\cngaudit.dll - ok
18:41:08.0760 4480 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
18:41:08.0760 4480 C:\Windows\System32\ncrypt.dll - ok
18:41:08.0760 4480 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
18:41:08.0760 4480 C:\Windows\System32\bcrypt.dll - ok
18:41:08.0760 4480 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
18:41:08.0760 4480 C:\Windows\System32\msprivs.dll - ok
18:41:08.0760 4480 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
18:41:08.0760 4480 C:\Windows\System32\netjoin.dll - ok
18:41:08.0760 4480 [ 16ECE8BD6734CC170B9AE74176E89A9B ] C:\Windows\System32\kerberos.dll
18:41:08.0760 4480 C:\Windows\System32\kerberos.dll - ok
18:41:08.0776 4480 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
18:41:08.0776 4480 C:\Windows\System32\negoexts.dll - ok
18:41:08.0776 4480 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
18:41:08.0776 4480 C:\Windows\System32\cryptsp.dll - ok
18:41:08.0776 4480 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
18:41:08.0776 4480 C:\Windows\System32\mswsock.dll - ok
18:41:08.0776 4480 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
18:41:08.0776 4480 C:\Windows\System32\msv1_0.dll - ok
18:41:08.0776 4480 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
18:41:08.0776 4480 C:\Windows\System32\netlogon.dll - ok
18:41:08.0792 4480 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
18:41:08.0792 4480 C:\Windows\System32\wship6.dll - ok
18:41:08.0792 4480 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
18:41:08.0792 4480 C:\Windows\System32\dnsapi.dll - ok
18:41:08.0792 4480 [ 4AC74A462F3A0506B929F599B5E1B1FB ] C:\Windows\System32\atmfd.dll
18:41:08.0792 4480 C:\Windows\System32\atmfd.dll - ok
18:41:08.0792 4480 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
18:41:08.0792 4480 C:\Windows\System32\logoncli.dll - ok
18:41:08.0792 4480 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
18:41:08.0792 4480 C:\Windows\System32\schannel.dll - ok
18:41:08.0807 4480 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
18:41:08.0807 4480 C:\Windows\System32\wdigest.dll - ok
18:41:08.0807 4480 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
18:41:08.0807 4480 C:\Windows\System32\LIVESSP.DLL - ok
18:41:08.0807 4480 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
18:41:08.0807 4480 C:\Windows\System32\pku2u.dll - ok
18:41:08.0807 4480 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
18:41:08.0807 4480 C:\Windows\System32\rsaenh.dll - ok
18:41:08.0807 4480 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
18:41:08.0807 4480 C:\Windows\System32\TSpkg.dll - ok
18:41:08.0807 4480 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
18:41:08.0807 4480 C:\Windows\System32\bcryptprimitives.dll - ok
18:41:08.0823 4480 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
18:41:08.0823 4480 C:\Windows\System32\efslsaext.dll - ok
18:41:08.0823 4480 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
18:41:08.0823 4480 C:\Windows\System32\credssp.dll - ok
18:41:08.0823 4480 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
18:41:08.0823 4480 C:\Windows\System32\scecli.dll - ok
18:41:08.0823 4480 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
18:41:08.0823 4480 C:\Windows\System32\ubpm.dll - ok
18:41:08.0823 4480 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
18:41:08.0823 4480 C:\Windows\System32\svchost.exe - ok
18:41:08.0838 4480 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
18:41:08.0838 4480 C:\Windows\System32\umpnpmgr.dll - ok
18:41:08.0838 4480 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
18:41:08.0838 4480 C:\Windows\System32\devrtl.dll - ok
18:41:08.0838 4480 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
18:41:08.0838 4480 C:\Windows\System32\gpapi.dll - ok
18:41:08.0838 4480 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
18:41:08.0838 4480 C:\Windows\System32\SPInf.dll - ok
18:41:08.0838 4480 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
18:41:08.0838 4480 C:\Windows\System32\userenv.dll - ok
18:41:08.0838 4480 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
18:41:08.0838 4480 C:\Windows\System32\pcwum.dll - ok
18:41:08.0854 4480 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
18:41:08.0854 4480 C:\Windows\System32\umpo.dll - ok
18:41:08.0854 4480 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
18:41:08.0854 4480 C:\Windows\System32\powrprof.dll - ok
18:41:08.0854 4480 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
18:41:08.0854 4480 C:\Windows\System32\drivers\luafv.sys - ok
18:41:08.0854 4480 [ D3381DC54C34D79B22CEE0D65BA91B7C ] C:\Windows\System32\drivers\WUDFPf.sys
18:41:08.0854 4480 C:\Windows\System32\drivers\WUDFPf.sys - ok
18:41:08.0870 4480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
18:41:08.0870 4480 C:\Windows\System32\rpcss.dll - ok
18:41:08.0870 4480 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
18:41:08.0870 4480 C:\Windows\System32\RpcEpMap.dll - ok
18:41:08.0870 4480 [ 59FAAF2C83C8169EA20F9E335E418907 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:41:08.0870 4480 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
18:41:08.0870 4480 [ 6055F2812C4E4658D772074AEF132098 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
18:41:08.0870 4480 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
18:41:08.0870 4480 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
18:41:08.0870 4480 C:\Windows\System32\FirewallAPI.dll - ok
18:41:08.0870 4480 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
18:41:08.0870 4480 C:\Windows\System32\wshqos.dll - ok
18:41:08.0885 4480 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
18:41:08.0885 4480 C:\Windows\System32\WSHTCPIP.DLL - ok
18:41:08.0885 4480 [ 267DE30D38FBB8ABB40DA0A395280215 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
18:41:08.0885 4480 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
18:41:08.0885 4480 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
18:41:08.0885 4480 C:\Windows\System32\LogonUI.exe - ok
18:41:08.0885 4480 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
18:41:08.0885 4480 C:\Windows\System32\version.dll - ok
18:41:08.0901 4480 [ 27CE807EE1E61A30D136D2C59D4B1627 ] C:\Program Files\Microsoft Security Client\MpClient.dll
18:41:08.0901 4480 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
18:41:08.0901 4480 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
18:41:08.0901 4480 C:\Windows\System32\authui.dll - ok
18:41:08.0901 4480 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
18:41:08.0901 4480 C:\Windows\System32\wtsapi32.dll - ok
18:41:08.0901 4480 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
18:41:08.0901 4480 C:\Windows\System32\cryptui.dll - ok
18:41:08.0901 4480 [ 948BF310B8AE0DA1821175FF027B3391 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
18:41:08.0901 4480 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
18:41:08.0901 4480 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
18:41:08.0901 4480 C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
18:41:08.0916 4480 [ C9A5A02CB76B35A78404F6D4101163F9 ] C:\Windows\System32\atiesrxx.exe
18:41:08.0916 4480 C:\Windows\System32\atiesrxx.exe - ok
18:41:08.0916 4480 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
18:41:08.0916 4480 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
18:41:08.0916 4480 [ 658744929D634AA782DD0DF17004C3AA ] C:\Program Files\Microsoft Security Client\MpRTP.dll
18:41:08.0916 4480 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
18:41:08.0916 4480 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
18:41:08.0916 4480 C:\Windows\System32\ntmarta.dll - ok
18:41:08.0916 4480 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
18:41:08.0916 4480 C:\Windows\System32\propsys.dll - ok
18:41:08.0932 4480 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
18:41:08.0932 4480 C:\Windows\System32\samlib.dll - ok
18:41:08.0932 4480 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
18:41:08.0932 4480 C:\Windows\System32\shacct.dll - ok
18:41:08.0932 4480 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
18:41:08.0932 4480 C:\Windows\System32\wevtsvc.dll - ok
18:41:08.0932 4480 [ 077567CE3D35E129A984D707928D70F1 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
18:41:08.0932 4480 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
18:41:08.0932 4480 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
18:41:08.0932 4480 C:\Windows\System32\fltLib.dll - ok
18:41:08.0948 4480 [ 2E3FF871D8208A4D0C0020B97BC4C961 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
18:41:08.0948 4480 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
18:41:08.0948 4480 [ 94C66EDEDCDB6A126880472F9A704D8E ] C:\Windows\System32\drivers\MpFilter.sys
18:41:08.0948 4480 C:\Windows\System32\drivers\MpFilter.sys - ok
18:41:08.0948 4480 [ 4D7CD1EA9562B93780423956C84ABA1F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BF43888-2024-4879-B973-AD0C06DCFCE4}\mpengine.dll
18:41:08.0948 4480 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BF43888-2024-4879-B973-AD0C06DCFCE4}\mpengine.dll - ok
18:41:08.0948 4480 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
18:41:08.0948 4480 C:\Windows\System32\uxtheme.dll - ok
18:41:08.0948 4480 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
18:41:08.0948 4480 C:\Windows\System32\audiosrv.dll - ok
18:41:08.0963 4480 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
18:41:08.0963 4480 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
18:41:08.0963 4480 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
18:41:08.0963 4480 C:\Windows\System32\avrt.dll - ok
18:41:08.0963 4480 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
18:41:08.0963 4480 C:\Windows\System32\mmcss.dll - ok
18:41:08.0963 4480 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
18:41:08.0963 4480 C:\Windows\System32\wlansvc.dll - ok
18:41:08.0963 4480 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
18:41:08.0963 4480 C:\Windows\System32\MMDevAPI.dll - ok
18:41:08.0979 4480 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
18:41:08.0979 4480 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
18:41:08.0979 4480 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
18:41:08.0979 4480 C:\Windows\System32\dui70.dll - ok
18:41:08.0979 4480 [ 80E69670BDA10F32A941BA7358E33012 ] C:\Windows\System32\WUDFPlatform.dll
18:41:08.0979 4480 C:\Windows\System32\WUDFPlatform.dll - ok
18:41:08.0979 4480 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
18:41:08.0979 4480 C:\Windows\System32\drivers\fltMgr.sys - ok
18:41:08.0979 4480 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
18:41:08.0979 4480 C:\Windows\System32\PSHED.DLL - ok
18:41:08.0994 4480 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
18:41:08.0994 4480 C:\Windows\System32\duser.dll - ok
18:41:08.0994 4480 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
18:41:08.0994 4480 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
18:41:08.0994 4480 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
18:41:08.0994 4480 C:\Windows\System32\dwmapi.dll - ok
18:41:08.0994 4480 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
18:41:08.0994 4480 C:\Windows\System32\hid.dll - ok
18:41:08.0994 4480 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
18:41:08.0994 4480 C:\Windows\System32\SndVolSSO.dll - ok
18:41:08.0994 4480 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
18:41:08.0994 4480 C:\Windows\System32\xmllite.dll - ok
18:41:09.0010 4480 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
18:41:09.0010 4480 C:\Windows\System32\WindowsCodecs.dll - ok
18:41:09.0010 4480 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
18:41:09.0010 4480 C:\Windows\System32\audiodg.exe - ok
18:41:09.0010 4480 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
18:41:09.0010 4480 C:\Windows\System32\gpsvc.dll - ok
18:41:09.0010 4480 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
18:41:09.0010 4480 C:\Windows\System32\atl.dll - ok
18:41:09.0010 4480 [ 2DF36F15B2BC1571A6A542A3C2107920 ] C:\Windows\System32\nlaapi.dll
18:41:09.0010 4480 C:\Windows\System32\nlaapi.dll - ok
18:41:09.0026 4480 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
18:41:09.0026 4480 C:\Windows\System32\profsvc.dll - ok
18:41:09.0026 4480 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
18:41:09.0026 4480 C:\Windows\System32\dsrole.dll - ok
18:41:09.0026 4480 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
18:41:09.0026 4480 C:\Windows\System32\slc.dll - ok
18:41:09.0026 4480 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
18:41:09.0026 4480 C:\Windows\System32\themeservice.dll - ok
18:41:09.0026 4480 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
18:41:09.0026 4480 C:\Windows\System32\es.dll - ok
18:41:09.0041 4480 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
18:41:09.0041 4480 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
18:41:09.0041 4480 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
18:41:09.0041 4480 C:\Windows\System32\VaultCredProvider.dll - ok
18:41:09.0041 4480 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
18:41:09.0041 4480 C:\Windows\System32\winbrand.dll - ok
18:41:09.0041 4480 [ FD0287131D91352F225EBB5CD3527952 ] C:\Program Files\Sandboxie\SbieSvc.exe
18:41:09.0041 4480 C:\Program Files\Sandboxie\SbieSvc.exe - ok
18:41:09.0041 4480 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
18:41:09.0041 4480 C:\Windows\System32\BioCredProv.dll - ok
18:41:09.0041 4480 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
18:41:09.0041 4480 C:\Windows\System32\comres.dll - ok
18:41:09.0057 4480 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
18:41:09.0057 4480 C:\Windows\System32\Sens.dll - ok
18:41:09.0057 4480 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
18:41:09.0057 4480 C:\Windows\System32\winbio.dll - ok
18:41:09.0057 4480 [ 933E66F203AD9085C48F1A946154CA08 ] C:\Program Files\Sandboxie\SbieDll.dll
18:41:09.0057 4480 C:\Program Files\Sandboxie\SbieDll.dll - ok
18:41:09.0057 4480 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
18:41:09.0057 4480 C:\Windows\System32\credui.dll - ok
18:41:09.0057 4480 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
18:41:09.0057 4480 C:\Windows\System32\netapi32.dll - ok
18:41:09.0072 4480 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
18:41:09.0072 4480 C:\Windows\System32\netutils.dll - ok
18:41:09.0072 4480 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
18:41:09.0072 4480 C:\Windows\System32\vaultcli.dll - ok
18:41:09.0072 4480 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
18:41:09.0072 4480 C:\Windows\System32\certCredProvider.dll - ok
18:41:09.0072 4480 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
18:41:09.0072 4480 C:\Windows\System32\IPHLPAPI.DLL - ok
18:41:09.0072 4480 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
18:41:09.0072 4480 C:\Windows\System32\samcli.dll - ok
18:41:09.0072 4480 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] C:\Windows\System32\TabSvc.dll
18:41:09.0072 4480 C:\Windows\System32\TabSvc.dll - ok
18:41:09.0088 4480 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
18:41:09.0088 4480 C:\Windows\System32\uxsms.dll - ok
18:41:09.0088 4480 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
18:41:09.0088 4480 C:\Windows\System32\winnsi.dll - ok
18:41:09.0088 4480 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
18:41:09.0088 4480 C:\Windows\System32\wkscli.dll - ok
18:41:09.0088 4480 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
18:41:09.0088 4480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
18:41:09.0088 4480 [ 152EE68830FFB13F0B1FEC6C9B99644F ] C:\Program Files\Sandboxie\SbieDrv.sys
18:41:09.0088 4480 C:\Program Files\Sandboxie\SbieDrv.sys - ok
18:41:09.0104 4480 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
18:41:09.0104 4480 C:\Windows\System32\rasplap.dll - ok
18:41:09.0104 4480 [ 7A95C95B6C4CF292D689106BCAE49543 ] C:\Windows\System32\WUDFSvc.dll
18:41:09.0104 4480 C:\Windows\System32\WUDFSvc.dll - ok
18:41:09.0104 4480 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
18:41:09.0104 4480 C:\Windows\System32\rasapi32.dll - ok
18:41:09.0104 4480 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
18:41:09.0104 4480 C:\Windows\System32\rasman.dll - ok
18:41:09.0104 4480 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
18:41:09.0104 4480 C:\Windows\System32\rtutils.dll - ok
18:41:09.0119 4480 [ 611953C3DF4DE469A9AA76F92C0D76FD ] C:\Windows\System32\atieclxx.exe
18:41:09.0119 4480 C:\Windows\System32\atieclxx.exe - ok
18:41:09.0119 4480 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
18:41:09.0119 4480 C:\Windows\System32\UXInit.dll - ok
18:41:09.0119 4480 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
18:41:09.0119 4480 C:\Windows\System32\drivers\lltdio.sys - ok
18:41:09.0119 4480 [ A2120C9FCF181CEA10143A5650FB1569 ] C:\Windows\System32\atiadlxx.dll
18:41:09.0119 4480 C:\Windows\System32\atiadlxx.dll - ok
18:41:09.0119 4480 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
18:41:09.0119 4480 C:\Windows\System32\drivers\nwifi.sys - ok
18:41:09.0135 4480 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
18:41:09.0135 4480 C:\Windows\System32\drivers\ndisuio.sys - ok
18:41:09.0135 4480 [ 02E20372D9D6D28E37BA9704EDC90B67 ] C:\Windows\System32\wisptis.exe
18:41:09.0135 4480 C:\Windows\System32\wisptis.exe - ok
18:41:09.0135 4480 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
18:41:09.0135 4480 C:\Windows\System32\dhcpcore.dll - ok
18:41:09.0135 4480 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
18:41:09.0135 4480 C:\Windows\System32\drivers\rspndr.sys - ok
18:41:09.0150 4480 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
18:41:09.0150 4480 C:\Windows\System32\lmhsvc.dll - ok
18:41:09.0150 4480 [ DF6737304C458AFB28AA214AEB7D7ECD ] C:\Windows\System32\Magnification.dll
18:41:09.0150 4480 C:\Windows\System32\Magnification.dll - ok
18:41:09.0150 4480 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
18:41:09.0150 4480 C:\Windows\System32\nrpsrv.dll - ok
18:41:09.0150 4480 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
18:41:09.0150 4480 C:\Windows\System32\nsisvc.dll - ok
18:41:09.0150 4480 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
18:41:09.0150 4480 C:\Windows\System32\oleacc.dll - ok
18:41:09.0150 4480 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
18:41:09.0150 4480 C:\Windows\System32\UIAutomationCore.dll - ok
18:41:09.0166 4480 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
18:41:09.0166 4480 C:\Windows\System32\d3d9.dll - ok
18:41:09.0166 4480 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
18:41:09.0166 4480 C:\Windows\System32\dhcpcore6.dll - ok
18:41:09.0166 4480 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
18:41:09.0166 4480 C:\Windows\System32\dnsrslvr.dll - ok
18:41:09.0166 4480 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
18:41:09.0166 4480 C:\Windows\System32\keyiso.dll - ok
18:41:09.0166 4480 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
18:41:09.0166 4480 C:\Windows\System32\eapphost.dll - ok
18:41:09.0182 4480 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
18:41:09.0182 4480 C:\Windows\System32\eapsvc.dll - ok
18:41:09.0182 4480 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
18:41:09.0182 4480 C:\Windows\System32\FWPUCLNT.DLL - ok
18:41:09.0182 4480 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
18:41:09.0182 4480 C:\Windows\System32\d3d8thk.dll - ok
18:41:09.0182 4480 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
18:41:09.0182 4480 C:\Windows\System32\dhcpcsvc.dll - ok
18:41:09.0182 4480 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
18:41:09.0182 4480 C:\Windows\System32\dhcpcsvc6.dll - ok
18:41:09.0182 4480 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
18:41:09.0182 4480 C:\Windows\System32\dnsext.dll - ok
18:41:09.0197 4480 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
18:41:09.0197 4480 C:\Windows\System32\umb.dll - ok
18:41:09.0197 4480 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
18:41:09.0197 4480 C:\Windows\System32\wlanmsm.dll - ok
18:41:09.0197 4480 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
18:41:09.0197 4480 C:\Windows\System32\eappprxy.dll - ok
18:41:09.0197 4480 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
18:41:09.0197 4480 C:\Windows\System32\onex.dll - ok
18:41:09.0197 4480 [ DAF3E300311D2B78174AE52B231981BD ] C:\Windows\System32\Tabbtn.dll
18:41:09.0197 4480 C:\Windows\System32\Tabbtn.dll - ok
18:41:09.0213 4480 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
18:41:09.0213 4480 C:\Windows\System32\wlansec.dll - ok
18:41:09.0213 4480 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
18:41:09.0213 4480 C:\Windows\System32\eappcfg.dll - ok
18:41:09.0213 4480 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
18:41:09.0213 4480 C:\Windows\System32\l2gpstore.dll - ok
18:41:09.0213 4480 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
18:41:09.0213 4480 C:\Windows\System32\WinSCard.dll - ok
18:41:09.0213 4480 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
18:41:09.0213 4480 C:\Windows\System32\wlanutil.dll - ok
18:41:09.0228 4480 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
18:41:09.0228 4480 C:\Windows\System32\wlgpclnt.dll - ok
18:41:09.0228 4480 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
18:41:09.0228 4480 C:\Windows\System32\msxml6.dll - ok
18:41:09.0228 4480 [ 448BF22538F1DFCB3412AE2B1CF123A9 ] C:\Windows\System32\conhost.exe
18:41:09.0228 4480 C:\Windows\System32\conhost.exe - ok
18:41:09.0228 4480 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
18:41:09.0228 4480 C:\Windows\System32\schedsvc.dll - ok
18:41:09.0228 4480 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
18:41:09.0228 4480 C:\Windows\System32\shsvcs.dll - ok
18:41:09.0228 4480 [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
18:41:09.0228 4480 C:\Windows\System32\wlanext.exe - ok
18:41:09.0244 4480 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
18:41:09.0244 4480 C:\Windows\System32\ktmw32.dll - ok
18:41:09.0244 4480 [ F8627DFC1F36A156C6F5ED6D1C550C6C ] C:\Windows\System32\RAIHV.dll
18:41:09.0244 4480 C:\Windows\System32\RAIHV.dll - ok
18:41:09.0244 4480 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
18:41:09.0244 4480 C:\Windows\System32\dbghelp.dll - ok
18:41:09.0244 4480 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
18:41:09.0244 4480 C:\Windows\System32\wlanapi.dll - ok
18:41:09.0244 4480 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
18:41:09.0244 4480 C:\Windows\System32\imageres.dll - ok
18:41:09.0260 4480 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
18:41:09.0260 4480 C:\Windows\System32\taskcomp.dll - ok
18:41:09.0260 4480 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
18:41:09.0260 4480 C:\Windows\System32\netcfgx.dll - ok
18:41:09.0260 4480 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
18:41:09.0260 4480 C:\Windows\System32\fveapi.dll - ok
18:41:09.0260 4480 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
18:41:09.0260 4480 C:\Windows\System32\drivers\http.sys - ok
18:41:09.0260 4480 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
18:41:09.0260 4480 C:\Windows\System32\fvecerts.dll - ok
18:41:09.0260 4480 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
18:41:09.0260 4480 C:\Windows\System32\tbs.dll - ok
18:41:09.0275 4480 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
18:41:09.0275 4480 C:\Windows\System32\spoolsv.exe - ok
18:41:09.0275 4480 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
18:41:09.0275 4480 C:\Windows\System32\BFE.DLL - ok
18:41:09.0275 4480 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
18:41:09.0275 4480 C:\Windows\System32\wiarpc.dll - ok
18:41:09.0275 4480 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
18:41:09.0275 4480 C:\Windows\System32\drivers\bowser.sys - ok
18:41:09.0275 4480 [ B6DD2A245268D961CC163C21457201D4 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
18:41:09.0275 4480 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
18:41:09.0291 4480 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
18:41:09.0291 4480 C:\Windows\System32\drivers\mpsdrv.sys - ok
18:41:09.0291 4480 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
18:41:09.0291 4480 C:\Windows\System32\MPSSVC.dll - ok
18:41:09.0291 4480 [ 623FEE8BDC376E48A6F161F82FF6279E ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
18:41:09.0291 4480 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
18:41:09.0291 4480 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
18:41:09.0291 4480 C:\Windows\System32\drivers\mrxsmb.sys - ok
18:41:09.0291 4480 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
18:41:09.0291 4480 C:\Windows\System32\adtschema.dll - ok
18:41:09.0291 4480 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
18:41:09.0291 4480 C:\Windows\System32\cabinet.dll - ok
18:41:09.0306 4480 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
18:41:09.0306 4480 C:\Windows\System32\wscapi.dll - ok
18:41:09.0306 4480 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
18:41:09.0306 4480 C:\Windows\System32\drivers\mrxsmb10.sys - ok
18:41:09.0306 4480 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
18:41:09.0306 4480 C:\Windows\System32\wscisvif.dll - ok
18:41:09.0306 4480 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
18:41:09.0306 4480 C:\Windows\System32\drivers\mrxsmb20.sys - ok
18:41:09.0306 4480 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
18:41:09.0306 4480 C:\Windows\System32\wfapigp.dll - ok
18:41:09.0322 4480 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
18:41:09.0322 4480 C:\Windows\System32\wkssvc.dll - ok
18:41:09.0322 4480 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
18:41:09.0322 4480 C:\Windows\System32\wscproxystub.dll - ok
18:41:09.0322 4480 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] C:\Windows\System32\drivers\adfs.sys
18:41:09.0322 4480 C:\Windows\System32\drivers\adfs.sys - ok
18:41:09.0322 4480 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
18:41:09.0322 4480 C:\Windows\System32\p2pcollab.dll - ok
18:41:09.0322 4480 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
18:41:09.0322 4480 C:\Windows\System32\QAGENTRT.DLL - ok
18:41:09.0338 4480 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
18:41:09.0338 4480 C:\Windows\System32\mscms.dll - ok
18:41:09.0338 4480 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:41:09.0338 4480 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
18:41:09.0338 4480 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
18:41:09.0338 4480 C:\Windows\System32\fveui.dll - ok
18:41:09.0338 4480 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
18:41:09.0338 4480 C:\Windows\System32\pcasvc.dll - ok
18:41:09.0338 4480 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
18:41:09.0338 4480 C:\Windows\System32\snmptrap.exe - ok
18:41:09.0338 4480 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
18:41:09.0338 4480 C:\Windows\SysWOW64\ntdll.dll - ok
18:41:09.0353 4480 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
18:41:09.0353 4480 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
18:41:09.0353 4480 [ B1E3772FFA96AC5AEE89BF202AF8E348 ] C:\Windows\System32\wow64.dll
18:41:09.0353 4480 C:\Windows\System32\wow64.dll - ok
18:41:09.0353 4480 [ AA0D2571A4348838B8DD49FD0043826A ] C:\Windows\System32\wow64cpu.dll
18:41:09.0353 4480 C:\Windows\System32\wow64cpu.dll - ok
18:41:09.0353 4480 [ FC5A43FA257F546F8F2B96B5529857E1 ] C:\Windows\System32\wow64win.dll
18:41:09.0353 4480 C:\Windows\System32\wow64win.dll - ok
18:41:09.0353 4480 [ 187A29743880CE49D6A2AF372AEFC7DE ] C:\Program Files\Microsoft Security Client\MsseWat.dll
18:41:09.0353 4480 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
18:41:09.0369 4480 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
18:41:09.0369 4480 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
18:41:09.0369 4480 [ 33FD2D719594DC9F49B80CE125D4B433 ] C:\Windows\System32\pstorec.dll
18:41:09.0369 4480 C:\Windows\System32\pstorec.dll - ok
18:41:09.0369 4480 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
18:41:09.0369 4480 C:\Windows\System32\slwga.dll - ok
18:41:09.0369 4480 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
18:41:09.0369 4480 C:\Windows\System32\sppc.dll - ok
18:41:09.0369 4480 [ 99C3F8E9CC59D95666EB8D8A8B4C2BEB ] C:\Windows\SysWOW64\kernel32.dll
18:41:09.0369 4480 C:\Windows\SysWOW64\kernel32.dll - ok
18:41:09.0384 4480 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
18:41:09.0384 4480 C:\Windows\System32\provsvc.dll - ok
18:41:09.0384 4480 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
18:41:09.0384 4480 C:\Windows\System32\sstpsvc.dll - ok
18:41:09.0384 4480 [ 5C2D21C9B6B6175B89BC5D7E3CB979E1 ] C:\Windows\SysWOW64\KernelBase.dll
18:41:09.0384 4480 C:\Windows\SysWOW64\KernelBase.dll - ok
18:41:09.0384 4480 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
18:41:09.0384 4480 C:\Windows\SysWOW64\user32.dll - ok
18:41:09.0384 4480 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
18:41:09.0384 4480 C:\Windows\SysWOW64\gdi32.dll - ok
18:41:09.0384 4480 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
18:41:09.0384 4480 C:\Windows\SysWOW64\lpk.dll - ok
18:41:09.0400 4480 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
18:41:09.0400 4480 C:\Windows\SysWOW64\msvcrt.dll - ok
18:41:09.0400 4480 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
18:41:09.0400 4480 C:\Windows\SysWOW64\usp10.dll - ok
18:41:09.0400 4480 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
18:41:09.0400 4480 C:\Windows\SysWOW64\advapi32.dll - ok
18:41:09.0400 4480 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
18:41:09.0400 4480 C:\Windows\SysWOW64\rpcrt4.dll - ok
18:41:09.0400 4480 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
18:41:09.0400 4480 C:\Windows\SysWOW64\sechost.dll - ok
18:41:09.0416 4480 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
18:41:09.0416 4480 C:\Windows\SysWOW64\cryptbase.dll - ok
18:41:09.0416 4480 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
18:41:09.0416 4480 C:\Windows\SysWOW64\shell32.dll - ok
18:41:09.0416 4480 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
18:41:09.0416 4480 C:\Windows\SysWOW64\sspicli.dll - ok
18:41:09.0416 4480 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
18:41:09.0416 4480 C:\Windows\SysWOW64\ole32.dll - ok
18:41:09.0416 4480 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
18:41:09.0416 4480 C:\Windows\SysWOW64\shlwapi.dll - ok
18:41:09.0431 4480 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
18:41:09.0431 4480 C:\Windows\SysWOW64\oleaut32.dll - ok
18:41:09.0431 4480 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
18:41:09.0431 4480 C:\Windows\System32\dllhost.exe - ok
18:41:09.0431 4480 [ 1295338CFE6F249823EF9BC8D4368A84 ] C:\Windows\SysWOW64\crypt32.dll
18:41:09.0431 4480 C:\Windows\SysWOW64\crypt32.dll - ok
18:41:09.0431 4480 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
18:41:09.0431 4480 C:\Windows\SysWOW64\imm32.dll - ok
18:41:09.0431 4480 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
18:41:09.0431 4480 C:\Windows\SysWOW64\msasn1.dll - ok
18:41:09.0431 4480 [ A7D79E9F660340AB20CD73F12910985F ] C:\Windows\SysWOW64\wintrust.dll
18:41:09.0431 4480 C:\Windows\SysWOW64\wintrust.dll - ok
18:41:09.0447 4480 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
18:41:09.0447 4480 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
18:41:09.0447 4480 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
18:41:09.0447 4480 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
18:41:09.0447 4480 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
18:41:09.0447 4480 C:\Windows\SysWOW64\msctf.dll - ok
18:41:09.0447 4480 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
18:41:09.0447 4480 C:\Windows\System32\IDStore.dll - ok
18:41:09.0462 4480 [ F401929EE0CC92BFE7F15161CA535383 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:41:09.0462 4480 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
18:41:09.0462 4480 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
18:41:09.0462 4480 C:\Windows\System32\taskhost.exe - ok
18:41:09.0462 4480 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
18:41:09.0462 4480 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
18:41:09.0462 4480 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
18:41:09.0462 4480 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
18:41:09.0462 4480 [ 60C079CB2150760263D1FE5FF6218961 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
18:41:09.0462 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
18:41:09.0478 4480 [ 53A6FFB9FFF5C3E64B64E9B68C31D4E5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
18:41:09.0478 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
18:41:09.0478 4480 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
18:41:09.0478 4480 C:\Windows\System32\taskeng.exe - ok
18:41:09.0478 4480 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
18:41:09.0478 4480 C:\Windows\SysWOW64\version.dll - ok
18:41:09.0478 4480 [ 67B539D844F804EBAC7A1E3828FDE709 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
18:41:09.0478 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
18:41:09.0478 4480 [ F9D908DE6B166DAC9B89BF62FA291CE8 ] C:\Program Files\Bonjour\mdnsNSP.dll
18:41:09.0478 4480 C:\Program Files\Bonjour\mdnsNSP.dll - ok
18:41:09.0494 4480 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
18:41:09.0494 4480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
18:41:09.0494 4480 [ DF1C1CD0C7EE95CC00D71E9E415E7BCD ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
18:41:09.0494 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
18:41:09.0494 4480 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
18:41:09.0494 4480 C:\Windows\System32\localspl.dll - ok
18:41:09.0494 4480 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
18:41:09.0494 4480 C:\Windows\System32\rasadhlp.dll - ok
18:41:09.0494 4480 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
18:41:09.0494 4480 C:\Windows\SysWOW64\nsi.dll - ok
18:41:09.0494 4480 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
18:41:09.0494 4480 C:\Windows\SysWOW64\ws2_32.dll - ok
18:41:09.0509 4480 [ 3BDE52411DF2FE4252C9289F51CB0F7E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
18:41:09.0509 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
18:41:09.0509 4480 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
18:41:09.0509 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
18:41:09.0509 4480 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
18:41:09.0509 4480 C:\Windows\System32\spoolss.dll - ok
18:41:09.0509 4480 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
18:41:09.0509 4480 C:\Windows\System32\winspool.drv - ok
18:41:09.0509 4480 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
18:41:09.0509 4480 C:\Windows\SysWOW64\winmm.dll - ok
18:41:09.0525 4480 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
18:41:09.0525 4480 C:\Windows\SysWOW64\wsock32.dll - ok
18:41:09.0525 4480 [ FD86C605FD7AD4A41C01EC7A4A1E1C5D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll



#7 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 September 2012 - 06:00 PM

TDSS Part 2:

18:41:09.0525 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
18:41:09.0525 4480 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
18:41:09.0525 4480 C:\Windows\System32\PrintIsolationProxy.dll - ok
18:41:09.0525 4480 [ D38E5A781E4F4763387AFE0B866DFEE2 ] C:\Windows\System32\AdobePDF.dll
18:41:09.0525 4480 C:\Windows\System32\AdobePDF.dll - ok
18:41:09.0525 4480 [ EC98366AD462383659681BDFFD384CED ] C:\Windows\System32\CNBLM4.DLL
18:41:09.0525 4480 C:\Windows\System32\CNBLM4.DLL - ok
18:41:09.0540 4480 [ 1F345057E850B8CA3FF8B4EDC7120E29 ] C:\Windows\System32\CNMLM8S.DLL
18:41:09.0540 4480 C:\Windows\System32\CNMLM8S.DLL - ok
18:41:09.0540 4480 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
18:41:09.0540 4480 C:\Windows\System32\MsCtfMonitor.dll - ok
18:41:09.0540 4480 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
18:41:09.0540 4480 C:\Windows\System32\msutb.dll - ok
18:41:09.0540 4480 [ 2ABFB305022FA93E87273E2A21E4B30A ] C:\Windows\System32\TabbtnEx.dll
18:41:09.0540 4480 C:\Windows\System32\TabbtnEx.dll - ok
18:41:09.0540 4480 [ A3609397EF273B03295DBB10274BE12C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
18:41:09.0540 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
18:41:09.0556 4480 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
18:41:09.0556 4480 C:\Windows\System32\FXSMON.dll - ok
18:41:09.0556 4480 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
18:41:09.0556 4480 C:\Windows\System32\snmpapi.dll - ok
18:41:09.0556 4480 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
18:41:09.0556 4480 C:\Windows\System32\tcpmon.dll - ok
18:41:09.0556 4480 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
18:41:09.0556 4480 C:\Windows\System32\wsnmp32.dll - ok
18:41:09.0556 4480 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
18:41:09.0556 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
18:41:09.0556 4480 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
18:41:09.0556 4480 C:\Windows\System32\usbmon.dll - ok
18:41:09.0572 4480 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
18:41:09.0572 4480 C:\Windows\System32\WSDApi.dll - ok
18:41:09.0572 4480 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
18:41:09.0572 4480 C:\Windows\System32\WSDMon.dll - ok
18:41:09.0572 4480 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
18:41:09.0572 4480 C:\Windows\System32\webservices.dll - ok
18:41:09.0572 4480 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
18:41:09.0572 4480 C:\Windows\System32\fdPnp.dll - ok
18:41:09.0572 4480 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
18:41:09.0572 4480 C:\Windows\System32\fundisc.dll - ok
18:41:09.0587 4480 [ 389B0EEE1FFB490D76A556F04C0B268E ] C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL
18:41:09.0587 4480 C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL - ok
18:41:09.0587 4480 [ F2961438BBE96CA9030F361F91BE312B ] C:\Windows\System32\spool\prtprocs\x64\CNMPD8S.DLL
18:41:09.0587 4480 C:\Windows\System32\spool\prtprocs\x64\CNMPD8S.DLL - ok
18:41:09.0587 4480 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
18:41:09.0587 4480 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
18:41:09.0587 4480 [ B2742EA6ED844D747E2348A504E491CB ] C:\Windows\System32\dxva2.dll
18:41:09.0587 4480 C:\Windows\System32\dxva2.dll - ok
18:41:09.0587 4480 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
18:41:09.0587 4480 C:\Windows\System32\HotStartUserAgent.dll - ok
18:41:09.0603 4480 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
18:41:09.0603 4480 C:\Windows\System32\PlaySndSrv.dll - ok
18:41:09.0603 4480 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
18:41:09.0603 4480 C:\Windows\System32\TSChannel.dll - ok
18:41:09.0603 4480 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
18:41:09.0603 4480 C:\Windows\System32\win32spl.dll - ok
18:41:09.0603 4480 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
18:41:09.0603 4480 C:\Windows\System32\inetpp.dll - ok
18:41:09.0603 4480 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
18:41:09.0603 4480 C:\Windows\System32\winmm.dll - ok
18:41:09.0603 4480 [ D412AC27FE3C9F8BC19741DAC0E0329D ] C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
18:41:09.0603 4480 C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe - ok
18:41:09.0618 4480 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
18:41:09.0618 4480 C:\Windows\System32\cscapi.dll - ok
18:41:09.0618 4480 [ 438A725C407591F85A1585E00F7E9089 ] C:\Windows\System32\spool\drivers\x64\3\BRUFXA5C.dll
18:41:09.0618 4480 C:\Windows\System32\spool\drivers\x64\3\BRUFXA5C.dll - ok
18:41:09.0618 4480 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
18:41:09.0618 4480 C:\Windows\SysWOW64\profapi.dll - ok
18:41:09.0618 4480 [ EFEC3847B47CC9357D5C33BBAB59B7EB ] C:\Windows\System32\mgmtapi.dll
18:41:09.0618 4480 C:\Windows\System32\mgmtapi.dll - ok
18:41:09.0618 4480 [ 79CA5FB6EE4BE3203AD81F3B8722CBF1 ] C:\Windows\System32\spool\drivers\x64\3\BRLFXA5C.DLL
18:41:09.0618 4480 C:\Windows\System32\spool\drivers\x64\3\BRLFXA5C.DLL - ok
18:41:09.0634 4480 [ E81F5A2F6D52215C0E84F2849503EBA8 ] C:\Windows\System32\tcpmib.dll
18:41:09.0634 4480 C:\Windows\System32\tcpmib.dll - ok
18:41:09.0634 4480 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
18:41:09.0634 4480 C:\Windows\SysWOW64\uxtheme.dll - ok
18:41:09.0634 4480 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
18:41:09.0634 4480 C:\Windows\System32\AtBroker.exe - ok
18:41:09.0634 4480 [ 22F020C76E339EB2B2187BA73A7E4173 ] C:\Windows\System32\PrintIsolationHost.exe
18:41:09.0634 4480 C:\Windows\System32\PrintIsolationHost.exe - ok
18:41:09.0634 4480 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
18:41:09.0634 4480 C:\Windows\System32\mpr.dll - ok
18:41:09.0650 4480 [ F34BF72CAC4397D8AA0B395F3E94726D ] C:\Windows\System32\spool\drivers\x64\3\BRPRIB1A.DLL
18:41:09.0650 4480 C:\Windows\System32\spool\drivers\x64\3\BRPRIB1A.DLL - ok
18:41:09.0650 4480 [ 11C6104C6E6F19EC2285233E84420F3B ] C:\Windows\System32\spool\drivers\x64\3\BRUIIB1A.DLL
18:41:09.0650 4480 C:\Windows\System32\spool\drivers\x64\3\BRUIIB1A.DLL - ok
18:41:09.0650 4480 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
18:41:09.0650 4480 C:\Windows\System32\userinit.exe - ok
18:41:09.0650 4480 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
18:41:09.0650 4480 C:\Windows\System32\dwm.exe - ok
18:41:09.0650 4480 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
18:41:09.0650 4480 C:\Windows\System32\dwmcore.dll - ok
18:41:09.0665 4480 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
18:41:09.0665 4480 C:\Windows\System32\dwmredir.dll - ok
18:41:09.0665 4480 [ D1599D3BCFA3DE8E0DB858946B418AE6 ] C:\Windows\System32\spool\drivers\x64\3\BRDSMB00.DLL
18:41:09.0665 4480 C:\Windows\System32\spool\drivers\x64\3\BRDSMB00.DLL - ok
18:41:09.0665 4480 [ 219A9AFF51D841F97ABBE06909A36132 ] C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
18:41:09.0665 4480 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe - ok
18:41:09.0665 4480 [ C586F9DD74418ABF3238C31C5C488A3A ] C:\Windows\System32\spool\drivers\x64\3\BRLGIB1A_0409.DLL
18:41:09.0665 4480 C:\Windows\System32\spool\drivers\x64\3\BRLGIB1A_0409.DLL - ok
18:41:09.0665 4480 [ 0A8BF3229EE6091B72B9E22C19472C39 ] C:\Windows\System32\spool\drivers\x64\3\BROFXA5C.dll
18:41:09.0665 4480 C:\Windows\System32\spool\drivers\x64\3\BROFXA5C.dll - ok
18:41:09.0681 4480 [ EBA24FE20C141ACE59C2CB86FFD8A8B8 ] C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe
18:41:09.0681 4480 C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe - ok
18:41:09.0681 4480 [ CBDD25C4B42053D30000A9CFC24BE111 ] C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
18:41:09.0681 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe - ok
18:41:09.0681 4480 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
18:41:09.0681 4480 C:\Windows\System32\d3d10_1.dll - ok
18:41:09.0681 4480 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
18:41:09.0681 4480 C:\Windows\System32\d3d10_1core.dll - ok
18:41:09.0681 4480 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
18:41:09.0681 4480 C:\Windows\SysWOW64\cfgmgr32.dll - ok
18:41:09.0696 4480 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
18:41:09.0696 4480 C:\Windows\System32\dxgi.dll - ok
18:41:09.0696 4480 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
18:41:09.0696 4480 C:\Windows\explorer.exe - ok
18:41:09.0696 4480 [ E8C132DAA93C8D4C18E869CFBEF88067 ] C:\Windows\System32\aticfx64.dll
18:41:09.0696 4480 C:\Windows\System32\aticfx64.dll - ok
18:41:09.0696 4480 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
18:41:09.0696 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
18:41:09.0696 4480 [ A20CD93FCEEF9B91221E270B1517349E ] C:\Windows\System32\atiuxp64.dll
18:41:09.0696 4480 C:\Windows\System32\atiuxp64.dll - ok
18:41:09.0696 4480 [ 78D3448CF674A9D8E0BD3E34CF53ACEE ] C:\Windows\System32\atidxx64.dll
18:41:09.0696 4480 C:\Windows\System32\atidxx64.dll - ok
18:41:09.0712 4480 [ 3B7D8EAE5E44CBDA4CD772720594F116 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
18:41:09.0712 4480 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
18:41:09.0712 4480 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
18:41:09.0712 4480 C:\Windows\SysWOW64\setupapi.dll - ok
18:41:09.0712 4480 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
18:41:09.0712 4480 C:\Windows\SysWOW64\msimg32.dll - ok
18:41:09.0712 4480 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
18:41:09.0712 4480 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
18:41:09.0712 4480 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
18:41:09.0712 4480 C:\Windows\System32\ExplorerFrame.dll - ok
18:41:09.0728 4480 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
18:41:09.0728 4480 C:\Windows\SysWOW64\devobj.dll - ok
18:41:09.0728 4480 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
18:41:09.0728 4480 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
18:41:09.0728 4480 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
18:41:09.0728 4480 C:\Windows\SysWOW64\userenv.dll - ok
18:41:09.0728 4480 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
18:41:09.0728 4480 C:\Windows\SysWOW64\wtsapi32.dll - ok
18:41:09.0728 4480 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
18:41:09.0728 4480 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
18:41:09.0743 4480 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\SysWOW64\dnssd.dll
18:41:09.0743 4480 C:\Windows\SysWOW64\dnssd.dll - ok
18:41:09.0743 4480 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
18:41:09.0743 4480 C:\Windows\SysWOW64\ntmarta.dll - ok
18:41:09.0743 4480 [ 75A97A2C060E72AB49E071E08C7DD2BA ] C:\Windows\SysWOW64\wininet.dll
18:41:09.0743 4480 C:\Windows\SysWOW64\wininet.dll - ok
18:41:09.0743 4480 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
18:41:09.0743 4480 C:\Windows\SysWOW64\Wldap32.dll - ok
18:41:09.0743 4480 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] C:\Program Files\Bonjour\mDNSResponder.exe
18:41:09.0743 4480 C:\Program Files\Bonjour\mDNSResponder.exe - ok
18:41:09.0759 4480 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
18:41:09.0759 4480 C:\Windows\SysWOW64\dwmapi.dll - ok
18:41:09.0759 4480 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
18:41:09.0759 4480 C:\Windows\SysWOW64\mswsock.dll - ok
18:41:09.0759 4480 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
18:41:09.0759 4480 C:\Windows\SysWOW64\secur32.dll - ok
18:41:09.0759 4480 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
18:41:09.0759 4480 C:\Windows\SysWOW64\comdlg32.dll - ok
18:41:09.0759 4480 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
18:41:09.0759 4480 C:\Windows\SysWOW64\psapi.dll - ok
18:41:09.0759 4480 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
18:41:09.0759 4480 C:\Windows\SysWOW64\winsta.dll - ok
18:41:09.0774 4480 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
18:41:09.0774 4480 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
18:41:09.0774 4480 [ B0BF87F9E247BB0621BCE59EB8CD113F ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
18:41:09.0774 4480 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
18:41:09.0774 4480 [ 4F5414602E2544A4554D95517948B705 ] C:\Windows\System32\cryptsvc.dll
18:41:09.0774 4480 C:\Windows\System32\cryptsvc.dll - ok
18:41:09.0774 4480 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
18:41:09.0774 4480 C:\Windows\System32\dps.dll - ok
18:41:09.0774 4480 [ 7F8E83B9466A0A002D4AB15C104062A7 ] C:\Windows\System32\efscore.dll
18:41:09.0774 4480 C:\Windows\System32\efscore.dll - ok
18:41:09.0790 4480 [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
18:41:09.0790 4480 C:\Windows\System32\efssvc.dll - ok
18:41:09.0790 4480 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
18:41:09.0790 4480 C:\Windows\System32\mscoree.dll - ok
18:41:09.0790 4480 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
18:41:09.0790 4480 C:\Windows\SysWOW64\cryptsp.dll - ok
18:41:09.0790 4480 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
18:41:09.0790 4480 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
18:41:09.0790 4480 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
18:41:09.0790 4480 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
18:41:09.0806 4480 [ 1D817D77C8EB600AB311AAC8E68B5A1A ] C:\Windows\System32\cryptnet.dll
18:41:09.0806 4480 C:\Windows\System32\cryptnet.dll - ok
18:41:09.0806 4480 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
18:41:09.0806 4480 C:\Windows\System32\FDResPub.dll - ok
18:41:09.0806 4480 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
18:41:09.0806 4480 C:\Windows\System32\netman.dll - ok
18:41:09.0806 4480 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
18:41:09.0806 4480 C:\Windows\System32\taskschd.dll - ok
18:41:09.0806 4480 [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
18:41:09.0806 4480 C:\Windows\System32\efsutil.dll - ok
18:41:09.0806 4480 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
18:41:09.0806 4480 C:\Windows\System32\vssapi.dll - ok
18:41:09.0821 4480 [ B17ADBBBDC97148D28F995F32C380F2E ] C:\Windows\SysWOW64\iertutil.dll
18:41:09.0821 4480 C:\Windows\SysWOW64\iertutil.dll - ok
18:41:09.0821 4480 [ FE39D90FDD855B5FE68DB99237417465 ] C:\Program Files (x86)\NVDA\nvda_service.exe
18:41:09.0821 4480 C:\Program Files (x86)\NVDA\nvda_service.exe - ok
18:41:09.0821 4480 [ 667981F2E7C26275F0694B58EEE303B9 ] C:\Windows\SysWOW64\urlmon.dll
18:41:09.0821 4480 C:\Windows\SysWOW64\urlmon.dll - ok
18:41:09.0821 4480 [ 5E467D1701DCBEF49DEFBE8714074988 ] C:\Program Files (x86)\NVDA\python27.dll
18:41:09.0821 4480 C:\Program Files (x86)\NVDA\python27.dll - ok
18:41:09.0837 4480 [ A05C0003E8D7CEA359A439690554F8BB ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
18:41:09.0837 4480 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
18:41:09.0837 4480 [ 104A1070E90F1C530328E69B49718841 ] C:\Windows\SysWOW64\nlaapi.dll
18:41:09.0837 4480 C:\Windows\SysWOW64\nlaapi.dll - ok
18:41:09.0837 4480 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
18:41:09.0837 4480 C:\Windows\SysWOW64\NapiNSP.dll - ok
18:41:09.0837 4480 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
18:41:09.0837 4480 C:\Windows\SysWOW64\pnrpnsp.dll - ok
18:41:09.0837 4480 [ A56CCBBFCCEDCE2FD9C69FED24E035E3 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
18:41:09.0837 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
18:41:09.0837 4480 [ 1EE99A89CC788ADA662441D1E9830529 ] C:\Windows\System32\nlasvc.dll
18:41:09.0837 4480 C:\Windows\System32\nlasvc.dll - ok
18:41:09.0852 4480 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
18:41:09.0852 4480 C:\Windows\System32\vsstrace.dll - ok
18:41:09.0852 4480 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
18:41:09.0852 4480 C:\Windows\SysWOW64\dnsapi.dll - ok
18:41:09.0852 4480 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
18:41:09.0852 4480 C:\Windows\SysWOW64\shfolder.dll - ok
18:41:09.0852 4480 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
18:41:09.0852 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
18:41:09.0852 4480 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
18:41:09.0852 4480 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
18:41:09.0868 4480 [ 4A435F95B940E93A88FEC144BD409789 ] C:\Windows\System32\ncsi.dll
18:41:09.0868 4480 C:\Windows\System32\ncsi.dll - ok
18:41:09.0868 4480 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
18:41:09.0868 4480 C:\Windows\SysWOW64\apphelp.dll - ok
18:41:09.0868 4480 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
18:41:09.0868 4480 C:\Windows\SysWOW64\winrnr.dll - ok
18:41:09.0868 4480 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
18:41:09.0868 4480 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
18:41:09.0868 4480 [ 12517C9BB249B072A3179C786A0DD32F ] C:\Program Files (x86)\Real\RealUpgrade\Common\hxmedpltfm.dll
18:41:09.0868 4480 C:\Program Files (x86)\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
18:41:09.0884 4480 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll
18:41:09.0884 4480 C:\Windows\AppPatch\AcGenral.dll - ok
18:41:09.0884 4480 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
18:41:09.0884 4480 C:\Windows\System32\winhttp.dll - ok
18:41:09.0884 4480 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
18:41:09.0884 4480 C:\Windows\System32\webio.dll - ok
18:41:09.0884 4480 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
18:41:09.0884 4480 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
18:41:09.0884 4480 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
18:41:09.0884 4480 C:\Windows\SysWOW64\winnsi.dll - ok
18:41:09.0899 4480 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
18:41:09.0899 4480 C:\Windows\System32\ssdpapi.dll - ok
18:41:09.0899 4480 [ ADE60EDBD63727BC60023C55F6BBE499 ] C:\Program Files (x86)\NVDA\servicemanager.pyd
18:41:09.0899 4480 C:\Program Files (x86)\NVDA\servicemanager.pyd - ok
18:41:09.0899 4480 [ C28FD3B37B6F18751C99E6022A2A9782 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
18:41:09.0899 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
18:41:09.0899 4480 [ 9E3FD1F8CCD69B580AB2506076E316C8 ] C:\Program Files (x86)\NVDA\pywintypes27.dll
18:41:09.0899 4480 C:\Program Files (x86)\NVDA\pywintypes27.dll - ok
18:41:09.0899 4480 [ CB4869A70ECB5ECFA71C383DF7FBDEF5 ] C:\Program Files (x86)\NVDA\win32service.pyd
18:41:09.0899 4480 C:\Program Files (x86)\NVDA\win32service.pyd - ok
18:41:09.0915 4480 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
18:41:09.0915 4480 C:\Windows\System32\httpapi.dll - ok
18:41:09.0915 4480 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
18:41:09.0915 4480 C:\Windows\SysWOW64\msacm32.dll - ok
18:41:09.0915 4480 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
18:41:09.0915 4480 C:\Windows\SysWOW64\samcli.dll - ok
18:41:09.0915 4480 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
18:41:09.0915 4480 C:\Windows\SysWOW64\sfc.dll - ok
18:41:09.0915 4480 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
18:41:09.0915 4480 C:\Windows\SysWOW64\sfc_os.dll - ok
18:41:09.0915 4480 [ 18301B40411B2108076AB685B4E4B6DC ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
18:41:09.0915 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
18:41:09.0930 4480 [ A5AE13CFF358DCB8DCA384444D44D46A ] C:\Program Files (x86)\NVDA\win32api.pyd
18:41:09.0930 4480 C:\Program Files (x86)\NVDA\win32api.pyd - ok
18:41:09.0930 4480 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
18:41:09.0930 4480 C:\Windows\SysWOW64\mpr.dll - ok
18:41:09.0930 4480 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
18:41:09.0930 4480 C:\Windows\SysWOW64\powrprof.dll - ok
18:41:09.0930 4480 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
18:41:09.0930 4480 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
18:41:09.0930 4480 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
18:41:09.0930 4480 C:\Windows\SysWOW64\rsaenh.dll - ok
18:41:09.0946 4480 [ DECCEDE0781726CE0DAA75A4635BF919 ] C:\Program Files (x86)\NVDA\_ctypes.pyd
18:41:09.0946 4480 C:\Program Files (x86)\NVDA\_ctypes.pyd - ok
18:41:09.0946 4480 [ 703FFD301AB900B047337C5D40FD6F96 ] C:\Windows\SysWOW64\olepro32.dll
18:41:09.0946 4480 C:\Windows\SysWOW64\olepro32.dll - ok
18:41:09.0946 4480 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll
18:41:09.0946 4480 C:\Windows\SysWOW64\security.dll - ok
18:41:09.0946 4480 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\SysWOW64\shsvcs.dll
18:41:09.0946 4480 C:\Windows\SysWOW64\shsvcs.dll - ok
18:41:09.0946 4480 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
18:41:09.0946 4480 C:\Windows\System32\aepic.dll - ok
18:41:09.0946 4480 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
18:41:09.0946 4480 C:\Windows\System32\sfc.dll - ok
18:41:09.0962 4480 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
18:41:09.0962 4480 C:\Windows\System32\sfc_os.dll - ok
18:41:09.0962 4480 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
18:41:09.0962 4480 C:\Windows\SysWOW64\clbcatq.dll - ok
18:41:09.0962 4480 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
18:41:09.0962 4480 C:\Windows\SysWOW64\slc.dll - ok
18:41:09.0962 4480 [ 2BD64FE01D50546A8FA967B3A7E0805B ] C:\Program Files (x86)\NVDA\nvda.exe
18:41:09.0962 4480 C:\Program Files (x86)\NVDA\nvda.exe - ok
18:41:09.0962 4480 [ C1C3BAF078BE5A14384A4BA2D730817D ] C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
18:41:09.0962 4480 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe - ok
18:41:09.0977 4480 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
18:41:09.0977 4480 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
18:41:09.0977 4480 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
18:41:09.0977 4480 C:\Windows\System32\drivers\PEAuth.sys - ok
18:41:09.0977 4480 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
18:41:09.0977 4480 C:\Windows\System32\drivers\secdrv.sys - ok
18:41:09.0977 4480 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
18:41:09.0977 4480 C:\Windows\System32\seclogon.dll - ok
18:41:09.0977 4480 [ EF3B592545676301CDEB7C2609EED7BF ] C:\Program Files (x86)\Skype\Updater\Updater.exe
18:41:09.0977 4480 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
18:41:09.0993 4480 [ 76CDA84DCB30EBDEF0D86051A72E0C0F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\f73f0a9c9a83dcd3ff428be509a7992f\mscorlib.ni.dll
18:41:09.0993 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\f73f0a9c9a83dcd3ff428be509a7992f\mscorlib.ni.dll - ok
18:41:09.0993 4480 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
18:41:09.0993 4480 C:\Windows\System32\drivers\srvnet.sys - ok
18:41:09.0993 4480 [ 20391947E891F98B3FF8E66547886FEE ] C:\Program Files (x86)\NVDA\winsound.pyd
18:41:09.0993 4480 C:\Program Files (x86)\NVDA\winsound.pyd - ok
18:41:09.0993 4480 [ DF687E3D8836BFB04FCC0615BF15A519 ] C:\Windows\System32\drivers\tcpipreg.sys
18:41:09.0993 4480 C:\Windows\System32\drivers\tcpipreg.sys - ok
18:41:09.0993 4480 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
18:41:09.0993 4480 C:\Windows\System32\tapisrv.dll - ok
18:41:10.0008 4480 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
18:41:10.0008 4480 C:\Windows\System32\trkwks.dll - ok
18:41:10.0008 4480 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
18:41:10.0008 4480 C:\Windows\System32\wbem\WMIsvc.dll - ok
18:41:10.0008 4480 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
18:41:10.0008 4480 C:\Windows\System32\wiaservc.dll - ok
18:41:10.0008 4480 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:41:10.0008 4480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
18:41:10.0008 4480 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
18:41:10.0008 4480 C:\Windows\System32\wbemcomn.dll - ok
18:41:10.0024 4480 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
18:41:10.0024 4480 C:\Windows\System32\wiatrace.dll - ok
18:41:10.0024 4480 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
18:41:10.0024 4480 C:\Windows\System32\wbem\WinMgmtR.dll - ok
18:41:10.0024 4480 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
18:41:10.0024 4480 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
18:41:10.0024 4480 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
18:41:10.0024 4480 C:\Windows\System32\SensApi.dll - ok
18:41:10.0024 4480 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
18:41:10.0024 4480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
18:41:10.0040 4480 [ 4C1244FEF74C60A4B1B151C76609CBE2 ] C:\Windows\System32\wsdchngr.dll
18:41:10.0040 4480 C:\Windows\System32\wsdchngr.dll - ok
18:41:10.0040 4480 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
18:41:10.0040 4480 C:\Windows\System32\wbem\fastprox.dll - ok
18:41:10.0040 4480 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
18:41:10.0040 4480 C:\Windows\System32\wer.dll - ok
18:41:10.0040 4480 [ C2E0788F9B6E0EC7D63444115EF76283 ] C:\Windows\System32\BrWi211a.dll
18:41:10.0040 4480 C:\Windows\System32\BrWi211a.dll - ok
18:41:10.0040 4480 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
18:41:10.0040 4480 C:\Windows\System32\ntdsapi.dll - ok
18:41:10.0040 4480 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
18:41:10.0055 4480 C:\Windows\System32\wbem\wbemprox.dll - ok
18:41:10.0055 4480 [ 4370EAB2944C40205E94A56D4ED8779C ] C:\Windows\System32\atwtusb.exe
18:41:10.0055 4480 C:\Windows\System32\atwtusb.exe - ok
18:41:10.0055 4480 [ 85C3AB8341F13E94B16FE9A69582A42F ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
18:41:10.0055 4480 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
18:41:10.0055 4480 [ DBB2E77039C6EAF240714BBF03220E98 ] C:\Windows\System32\BrNetSti.dll
18:41:10.0055 4480 C:\Windows\System32\BrNetSti.dll - ok
18:41:10.0055 4480 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
18:41:10.0055 4480 C:\Windows\System32\msxml3.dll - ok
18:41:10.0055 4480 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
18:41:10.0055 4480 C:\Windows\System32\wbem\wbemcore.dll - ok
18:41:10.0071 4480 [ E3370E3143ED1FB77D356F688F2EBB2A ] C:\Windows\System32\BrSNMP64.dll
18:41:10.0071 4480 C:\Windows\System32\BrSNMP64.dll - ok
18:41:10.0071 4480 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
18:41:10.0071 4480 C:\Windows\System32\NapiNSP.dll - ok
18:41:10.0071 4480 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
18:41:10.0071 4480 C:\Windows\System32\wsock32.dll - ok
18:41:10.0071 4480 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
18:41:10.0071 4480 C:\Windows\System32\pnrpnsp.dll - ok
18:41:10.0071 4480 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
18:41:10.0071 4480 C:\Windows\System32\wbem\esscli.dll - ok
18:41:10.0086 4480 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
18:41:10.0086 4480 C:\Windows\System32\winrnr.dll - ok
18:41:10.0086 4480 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
18:41:10.0086 4480 C:\Windows\System32\wbem\wbemsvc.dll - ok
18:41:10.0086 4480 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
18:41:10.0086 4480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
18:41:10.0086 4480 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
18:41:10.0086 4480 C:\Windows\System32\wbem\repdrvfs.dll - ok
18:41:10.0086 4480 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
18:41:10.0086 4480 C:\Windows\System32\wbem\wmiutils.dll - ok
18:41:10.0102 4480 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
18:41:10.0102 4480 C:\Windows\System32\aeevts.dll - ok
18:41:10.0102 4480 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
18:41:10.0102 4480 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
18:41:10.0102 4480 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
18:41:10.0102 4480 C:\Windows\System32\ncobjapi.dll - ok
18:41:10.0102 4480 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
18:41:10.0102 4480 C:\Windows\System32\wbem\wbemess.dll - ok
18:41:10.0102 4480 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
18:41:10.0102 4480 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
18:41:10.0118 4480 [ 68D8AC3F047D3E105C1674FD4EF08913 ] C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
18:41:10.0118 4480 C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL - ok
18:41:10.0118 4480 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
18:41:10.0118 4480 C:\Windows\System32\EhStorShell.dll - ok
18:41:10.0118 4480 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
18:41:10.0118 4480 C:\Windows\System32\dssenh.dll - ok
18:41:10.0118 4480 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
18:41:10.0118 4480 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
18:41:10.0118 4480 [ 57AC86AC664CC774C861DAB2B1D1E978 ] C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.dll
18:41:10.0118 4480 C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.dll - ok
18:41:10.0133 4480 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
18:41:10.0133 4480 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
18:41:10.0133 4480 [ 5ABAEB53E6ECF7878A5C4C4ABED92050 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
18:41:10.0133 4480 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
18:41:10.0133 4480 [ 66E3C667D853DF349E310568F60B9B6A ] C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
18:41:10.0133 4480 C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll - ok
18:41:10.0133 4480 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
18:41:10.0133 4480 C:\Windows\System32\ntshrui.dll - ok
18:41:10.0133 4480 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
18:41:10.0133 4480 C:\Windows\System32\IconCodecService.dll - ok
18:41:10.0149 4480 [ B025EC52DF8BB7E450855F9695833E4A ] C:\Program Files (x86)\Kodak\KODAK Share Button App\KODAK Wireless Utility.exe
18:41:10.0149 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\KODAK Wireless Utility.exe - ok
18:41:10.0149 4480 [ 57EE3144A5F82E9EA6A66868BD307FD6 ] C:\Program Files (x86)\Kodak\KODAK Share Button App\bmdns.dll
18:41:10.0149 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\bmdns.dll - ok
18:41:10.0149 4480 [ 35346C3BEC1598CF37E431336A48C95D ] C:\Program Files (x86)\Kodak\KODAK Share Button App\nativeservices.pyd
18:41:10.0149 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\nativeservices.pyd - ok
18:41:10.0149 4480 [ 7D5A8BD7548FB8EE039F3F3B45B1FCC8 ] C:\Program Files (x86)\Real\RealUpgrade\Plugins\upgrade.dll
18:41:10.0149 4480 C:\Program Files (x86)\Real\RealUpgrade\Plugins\upgrade.dll - ok
18:41:10.0149 4480 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
18:41:10.0149 4480 C:\Windows\SysWOW64\msi.dll - ok
18:41:10.0164 4480 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
18:41:10.0164 4480 C:\Windows\SysWOW64\winhttp.dll - ok
18:41:10.0164 4480 [ 5E8E869E1342308752A37A2C90CCA79D ] C:\Windows\SysWOW64\mshtml.dll
18:41:10.0164 4480 C:\Windows\SysWOW64\mshtml.dll - ok
18:41:10.0164 4480 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
18:41:10.0164 4480 C:\Windows\SysWOW64\webio.dll - ok
18:41:10.0164 4480 [ AB7B2E854E4876AD818A560F5FEB4942 ] C:\Program Files (x86)\Kodak\KODAK Share Button App\libeay32.dll
18:41:10.0164 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\libeay32.dll - ok
18:41:10.0164 4480 [ 30F3D3E322C5339004415D7BC8BF246E ] C:\Program Files (x86)\Kodak\KODAK Share Button App\python26.dll
18:41:10.0164 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\python26.dll - ok
18:41:10.0180 4480 [ E62352352C2E4FA22EA148E4D169B0DD ] C:\Program Files (x86)\Kodak\KODAK Share Button App\router.dll
18:41:10.0180 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\router.dll - ok
18:41:10.0180 4480 [ 2DFF01852A06A7D80B74FABB0B2556E5 ] C:\Program Files (x86)\Kodak\KODAK Share Button App\boost_python-vc90-mt-1_40.dll
18:41:10.0180 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\boost_python-vc90-mt-1_40.dll - ok
18:41:10.0180 4480 [ 32E15ECF5854F5610BC895490BC3246A ] C:\Windows\SysWOW64\ieframe.dll
18:41:10.0180 4480 C:\Windows\SysWOW64\ieframe.dll - ok
18:41:10.0180 4480 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
18:41:10.0180 4480 C:\Windows\SysWOW64\oleacc.dll - ok
18:41:10.0180 4480 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
18:41:10.0180 4480 C:\Windows\SysWOW64\sxs.dll - ok
18:41:10.0196 4480 [ A34A587FFFD45FA649FBA6D03784D257 ] C:\Windows\System32\iphlpsvc.dll
18:41:10.0196 4480 C:\Windows\System32\iphlpsvc.dll - ok
18:41:10.0196 4480 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
18:41:10.0196 4480 C:\Windows\System32\drivers\srv2.sys - ok
18:41:10.0196 4480 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
18:41:10.0196 4480 C:\Windows\System32\sqmapi.dll - ok
18:41:10.0196 4480 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
18:41:10.0196 4480 C:\Windows\System32\wdscore.dll - ok
18:41:10.0196 4480 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
18:41:10.0196 4480 C:\Windows\System32\rasmans.dll - ok
18:41:10.0196 4480 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
18:41:10.0196 4480 C:\Windows\System32\rastapi.dll - ok
18:41:10.0211 4480 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
18:41:10.0211 4480 C:\Windows\System32\tapi32.dll - ok
18:41:10.0211 4480 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
18:41:10.0211 4480 C:\Windows\System32\drivers\srv.sys - ok
18:41:10.0211 4480 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
18:41:10.0211 4480 C:\Windows\System32\hnetcfg.dll - ok
18:41:10.0211 4480 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
18:41:10.0211 4480 C:\Windows\System32\browser.dll - ok
18:41:10.0211 4480 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
18:41:10.0211 4480 C:\Windows\System32\netmsg.dll - ok
18:41:10.0227 4480 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
18:41:10.0227 4480 C:\Windows\System32\srvsvc.dll - ok
18:41:10.0227 4480 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
18:41:10.0227 4480 C:\Windows\System32\unimdm.tsp - ok
18:41:10.0227 4480 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
18:41:10.0227 4480 C:\Windows\System32\uniplat.dll - ok
18:41:10.0227 4480 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
18:41:10.0227 4480 C:\Windows\System32\clusapi.dll - ok
18:41:10.0227 4480 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
18:41:10.0227 4480 C:\Windows\System32\hidphone.tsp - ok
18:41:10.0242 4480 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
18:41:10.0242 4480 C:\Windows\System32\kmddsp.tsp - ok
18:41:10.0242 4480 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
18:41:10.0242 4480 C:\Windows\System32\ndptsp.tsp - ok
18:41:10.0242 4480 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
18:41:10.0242 4480 C:\Windows\System32\netprofm.dll - ok
18:41:10.0242 4480 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
18:41:10.0242 4480 C:\Windows\System32\resutils.dll - ok
18:41:10.0242 4480 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
18:41:10.0242 4480 C:\Windows\System32\sscore.dll - ok
18:41:10.0242 4480 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
18:41:10.0242 4480 C:\Windows\System32\rasppp.dll - ok
18:41:10.0258 4480 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
18:41:10.0258 4480 C:\Windows\System32\vpnike.dll - ok
18:41:10.0258 4480 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
18:41:10.0258 4480 C:\Windows\System32\ipnathlp.dll - ok
18:41:10.0258 4480 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
18:41:10.0258 4480 C:\Windows\System32\raschap.dll - ok
18:41:10.0258 4480 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
18:41:10.0258 4480 C:\Windows\System32\mprapi.dll - ok
18:41:10.0258 4480 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
18:41:10.0258 4480 C:\Windows\System32\netshell.dll - ok
18:41:10.0274 4480 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\SysWOW64\taskschd.dll
18:41:10.0274 4480 C:\Windows\SysWOW64\taskschd.dll - ok
18:41:10.0274 4480 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
18:41:10.0274 4480 C:\Windows\System32\appinfo.dll - ok
18:41:10.0274 4480 [ 35BA5AA671887FE8A62B88A9A6229FD5 ] C:\Windows\System32\pstorsvc.dll
18:41:10.0274 4480 C:\Windows\System32\pstorsvc.dll - ok
18:41:10.0274 4480 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
18:41:10.0274 4480 C:\Windows\System32\wdi.dll - ok
18:41:10.0274 4480 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
18:41:10.0274 4480 C:\Windows\System32\diagperf.dll - ok
18:41:10.0289 4480 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
18:41:10.0289 4480 C:\Windows\System32\hidserv.dll - ok
18:41:10.0289 4480 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
18:41:10.0289 4480 C:\Windows\System32\perftrack.dll - ok
18:41:10.0289 4480 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
18:41:10.0289 4480 C:\Windows\System32\PortableDeviceApi.dll - ok
18:41:10.0289 4480 [ AB95FBAE4F9A5A56B177CEC427B2B35E ] C:\Windows\System32\psbase.dll
18:41:10.0289 4480 C:\Windows\System32\psbase.dll - ok
18:41:10.0289 4480 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
18:41:10.0289 4480 C:\Windows\System32\wpdbusenum.dll - ok
18:41:10.0289 4480 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
18:41:10.0289 4480 C:\Windows\SysWOW64\xmllite.dll - ok
18:41:10.0305 4480 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
18:41:10.0305 4480 C:\Windows\System32\Apphlpdm.dll - ok
18:41:10.0305 4480 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
18:41:10.0305 4480 C:\Windows\System32\npmproxy.dll - ok
18:41:10.0305 4480 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
18:41:10.0305 4480 C:\Windows\System32\pnpts.dll - ok
18:41:10.0305 4480 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
18:41:10.0305 4480 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
18:41:10.0305 4480 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
18:41:10.0305 4480 C:\Windows\System32\radardt.dll - ok
18:41:10.0320 4480 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
18:41:10.0320 4480 C:\Windows\System32\wdiasqmmodule.dll - ok
18:41:10.0320 4480 [ CF8D590BE3373029D57AF80914190682 ] C:\Windows\System32\drivers\WUDFRd.sys
18:41:10.0320 4480 C:\Windows\System32\drivers\WUDFRd.sys - ok
18:41:10.0320 4480 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
18:41:10.0320 4480 C:\Windows\System32\dimsjob.dll - ok
18:41:10.0320 4480 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
18:41:10.0320 4480 C:\Windows\System32\FwRemoteSvr.dll - ok
18:41:10.0320 4480 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
18:41:10.0320 4480 C:\Windows\System32\IPSECSVC.DLL - ok
18:41:10.0320 4480 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
18:41:10.0320 4480 C:\Windows\System32\pautoenr.dll - ok
18:41:10.0336 4480 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
18:41:10.0336 4480 C:\Windows\System32\certcli.dll - ok
18:41:10.0336 4480 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
18:41:10.0336 4480 C:\Windows\System32\CertEnroll.dll - ok
18:41:10.0336 4480 [ D0FF1CA89D013B94768A289023958F6B ] C:\Windows\System32\WUDFHost.exe
18:41:10.0336 4480 C:\Windows\System32\WUDFHost.exe - ok
18:41:10.0336 4480 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
18:41:10.0336 4480 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
18:41:10.0336 4480 [ 1950B1C38AED4154BA79F77E36494D8A ] C:\Windows\System32\WUDFx.dll
18:41:10.0336 4480 C:\Windows\System32\WUDFx.dll - ok
18:41:10.0352 4480 [ 0901C4245D3EC17239AFAE4160C3E187 ] C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
18:41:10.0352 4480 C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe - ok
18:41:10.0352 4480 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
18:41:10.0352 4480 C:\Windows\System32\WMVCORE.DLL - ok
18:41:10.0352 4480 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
18:41:10.0352 4480 C:\Windows\System32\WMASF.DLL - ok
18:41:10.0352 4480 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
18:41:10.0352 4480 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
18:41:10.0352 4480 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
18:41:10.0352 4480 C:\Windows\System32\PortableDeviceTypes.dll - ok
18:41:10.0367 4480 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
18:41:10.0367 4480 C:\Windows\SysWOW64\rasapi32.dll - ok
18:41:10.0367 4480 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
18:41:10.0367 4480 C:\Windows\SysWOW64\rasman.dll - ok
18:41:10.0367 4480 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
18:41:10.0367 4480 C:\Windows\SysWOW64\rtutils.dll - ok
18:41:10.0367 4480 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
18:41:10.0367 4480 C:\Windows\SysWOW64\rasadhlp.dll - ok
18:41:10.0367 4480 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
18:41:10.0367 4480 C:\Windows\SysWOW64\SensApi.dll - ok
18:41:10.0367 4480 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
18:41:10.0367 4480 C:\Windows\System32\runonce.exe - ok
18:41:10.0383 4480 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
18:41:10.0383 4480 C:\Windows\SysWOW64\runonce.exe - ok
18:41:10.0383 4480 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
18:41:10.0383 4480 C:\Windows\SysWOW64\propsys.dll - ok
18:41:10.0383 4480 [ FB8C6A46EAF7585D2CA8583C4C9A8EDF ] C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
18:41:10.0383 4480 C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL - ok
18:41:10.0383 4480 [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
18:41:10.0383 4480 C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
18:41:10.0383 4480 [ 8DC2EB39AF2A01C5C28E50685F5B78A5 ] C:\PROGRA~2\Kodak\KODAKS~1\py\_ctypes.pyd
18:41:10.0383 4480 C:\PROGRA~2\Kodak\KODAKS~1\py\_ctypes.pyd - ok
18:41:10.0398 4480 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
18:41:10.0398 4480 C:\Windows\SysWOW64\cmd.exe - ok
18:41:10.0398 4480 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
18:41:10.0398 4480 C:\Windows\SysWOW64\winbrand.dll - ok
18:41:10.0398 4480 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
18:41:10.0398 4480 C:\Windows\SysWOW64\shdocvw.dll - ok
18:41:10.0398 4480 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
18:41:10.0398 4480 C:\Windows\SysWOW64\wship6.dll - ok
18:41:10.0398 4480 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
18:41:10.0398 4480 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
18:41:10.0414 4480 [ 4711D1F164DED6B53A834E224551F6E1 ] C:\Program Files (x86)\Common Files\Chameleon Manager\cham_ex64.dll
18:41:10.0414 4480 C:\Program Files (x86)\Common Files\Chameleon Manager\cham_ex64.dll - ok
18:41:10.0414 4480 [ DE2D7710DF970F1445FDF65712881672 ] C:\Program Files (x86)\Common Files\Chameleon Manager\proc64.exe
18:41:10.0414 4480 C:\Program Files (x86)\Common Files\Chameleon Manager\proc64.exe - ok
18:41:10.0414 4480 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\Users\Evelyn\AppData\Local\Temp\E8C90E58-CF8B-4E5C-993A-8A491D5C67E9.exe
18:41:10.0414 4480 C:\Users\Evelyn\AppData\Local\Temp\E8C90E58-CF8B-4E5C-993A-8A491D5C67E9.exe - ok
18:41:10.0414 4480 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
18:41:10.0414 4480 C:\Windows\SysWOW64\imagehlp.dll - ok
18:41:10.0414 4480 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
18:41:10.0414 4480 C:\Windows\SysWOW64\ncrypt.dll - ok
18:41:10.0430 4480 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
18:41:10.0430 4480 C:\Windows\SysWOW64\bcrypt.dll - ok
18:41:10.0430 4480 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
18:41:10.0430 4480 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
18:41:10.0430 4480 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
18:41:10.0430 4480 C:\Windows\SysWOW64\gpapi.dll - ok
18:41:10.0430 4480 [ 6316957BB3431DFB06BFFA98C0F1926E ] C:\Windows\SysWOW64\cryptnet.dll
18:41:10.0430 4480 C:\Windows\SysWOW64\cryptnet.dll - ok
18:41:10.0430 4480 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
18:41:10.0430 4480 C:\Windows\SysWOW64\credssp.dll - ok
18:41:10.0430 4480 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
18:41:10.0430 4480 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
18:41:10.0445 4480 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
18:41:10.0445 4480 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
18:41:10.0445 4480 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
18:41:10.0445 4480 C:\Windows\System32\rundll32.exe - ok
18:41:10.0445 4480 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
18:41:10.0445 4480 C:\Windows\System32\actxprxy.dll - ok
18:41:10.0445 4480 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
18:41:10.0445 4480 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
18:41:10.0445 4480 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
18:41:10.0445 4480 C:\Windows\SysWOW64\mscoree.dll - ok
18:41:10.0461 4480 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
18:41:10.0461 4480 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
18:41:10.0461 4480 [ 4552F8F61A7975C2359D19673483604D ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18:41:10.0461 4480 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
18:41:10.0461 4480 [ C2335D714EFAFFFB4C7A3C164F2024B1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
18:41:10.0461 4480 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll - ok
18:41:10.0461 4480 [ 992A8CAEE4BA4F86AD8D1218B47DEB09 ] C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll
18:41:10.0461 4480 C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll - ok
18:41:10.0461 4480 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18:41:10.0461 4480 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
18:41:10.0476 4480 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
18:41:10.0476 4480 C:\Windows\SysWOW64\EhStorShell.dll - ok
18:41:10.0476 4480 [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~2\MICROS~2\Office14\1033\GrooveIntlResource.dll
18:41:10.0476 4480 C:\PROGRA~2\MICROS~2\Office14\1033\GrooveIntlResource.dll - ok
18:41:10.0476 4480 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
18:41:10.0476 4480 C:\Windows\SysWOW64\ntshrui.dll - ok
18:41:10.0476 4480 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
18:41:10.0476 4480 C:\Windows\SysWOW64\cscapi.dll - ok
18:41:10.0476 4480 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
18:41:10.0476 4480 C:\Windows\SysWOW64\srvcli.dll - ok
18:41:10.0492 4480 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
18:41:10.0492 4480 C:\Windows\SysWOW64\imageres.dll - ok
18:41:10.0492 4480 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\SysWOW64\IconCodecService.dll
18:41:10.0492 4480 C:\Windows\SysWOW64\IconCodecService.dll - ok
18:41:10.0492 4480 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
18:41:10.0492 4480 C:\Windows\SysWOW64\mlang.dll - ok
18:41:10.0492 4480 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
18:41:10.0492 4480 C:\Windows\SysWOW64\msimtf.dll - ok
18:41:10.0492 4480 [ 9F179DA6BF972F2B8B7F90978D02D719 ] C:\Windows\SysWOW64\jscript9.dll
18:41:10.0492 4480 C:\Windows\SysWOW64\jscript9.dll - ok
18:41:10.0492 4480 [ 09CC3CB9B87DD31A6EBFE5F9B99FDD4C ] C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx
18:41:10.0492 4480 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx - ok
18:41:10.0508 4480 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
18:41:10.0508 4480 C:\Windows\SysWOW64\dsound.dll - ok
18:41:10.0508 4480 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
18:41:10.0508 4480 C:\Windows\SysWOW64\mscms.dll - ok
18:41:10.0508 4480 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
18:41:10.0508 4480 C:\Windows\SysWOW64\devrtl.dll - ok
18:41:10.0508 4480 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
18:41:10.0508 4480 C:\Windows\SysWOW64\netutils.dll - ok
18:41:10.0508 4480 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
18:41:10.0508 4480 C:\Windows\System32\ie4uinit.exe - ok
18:41:10.0523 4480 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
18:41:10.0523 4480 C:\Windows\System32\iedkcs32.dll - ok
18:41:10.0523 4480 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
18:41:10.0523 4480 C:\Windows\System32\timedate.cpl - ok
18:41:10.0523 4480 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
18:41:10.0523 4480 C:\Windows\System32\shdocvw.dll - ok
18:41:10.0523 4480 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
18:41:10.0523 4480 C:\Windows\System32\msi.dll - ok
18:41:10.0523 4480 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
18:41:10.0523 4480 C:\Windows\System32\msiltcfg.dll - ok
18:41:10.0539 4480 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
18:41:10.0539 4480 C:\Windows\System32\linkinfo.dll - ok
18:41:10.0539 4480 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
18:41:10.0539 4480 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
18:41:10.0539 4480 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
18:41:10.0539 4480 C:\Windows\System32\msftedit.dll - ok
18:41:10.0539 4480 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\44974690.sys
18:41:10.0539 4480 C:\Windows\System32\drivers\44974690.sys - ok
18:41:10.0539 4480 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
18:41:10.0539 4480 C:\Windows\System32\msls31.dll - ok
18:41:10.0539 4480 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
18:41:10.0554 4480 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
18:41:10.0554 4480 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
18:41:10.0554 4480 C:\Windows\System32\gameux.dll - ok
18:41:10.0554 4480 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
18:41:10.0554 4480 C:\Windows\System32\thumbcache.dll - ok
18:41:10.0554 4480 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
18:41:10.0554 4480 C:\Windows\System32\networkexplorer.dll - ok
18:41:10.0554 4480 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
18:41:10.0554 4480 C:\Windows\System32\DeviceCenter.dll - ok
18:41:10.0554 4480 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
18:41:10.0554 4480 C:\Windows\System32\drprov.dll - ok
18:41:10.0570 4480 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
18:41:10.0570 4480 C:\Windows\System32\ntlanman.dll - ok
18:41:10.0570 4480 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
18:41:10.0570 4480 C:\Windows\SysWOW64\riched20.dll - ok
18:41:10.0570 4480 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
18:41:10.0570 4480 C:\Windows\System32\davclnt.dll - ok
18:41:10.0570 4480 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
18:41:10.0570 4480 C:\Windows\System32\davhlpr.dll - ok
18:41:10.0570 4480 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
18:41:10.0570 4480 C:\Windows\System32\wdmaud.drv - ok
18:41:10.0586 4480 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
18:41:10.0586 4480 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
18:41:10.0586 4480 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
18:41:10.0586 4480 C:\Windows\System32\ksuser.dll - ok
18:41:10.0586 4480 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
18:41:10.0586 4480 C:\Windows\System32\AudioSes.dll - ok
18:41:10.0586 4480 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
18:41:10.0586 4480 C:\Windows\SysWOW64\dui70.dll - ok
18:41:10.0586 4480 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
18:41:10.0586 4480 C:\Windows\SysWOW64\duser.dll - ok
18:41:10.0586 4480 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
18:41:10.0586 4480 C:\Windows\System32\midimap.dll - ok
18:41:10.0601 4480 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
18:41:10.0601 4480 C:\Windows\System32\msacm32.dll - ok
18:41:10.0601 4480 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
18:41:10.0601 4480 C:\Windows\System32\msacm32.drv - ok
18:41:10.0601 4480 [ 7C74C407EEFE30A423B49E2D10850281 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
18:41:10.0601 4480 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll - ok
18:41:10.0601 4480 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
18:41:10.0601 4480 C:\Windows\System32\AudioEng.dll - ok
18:41:10.0601 4480 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
18:41:10.0601 4480 C:\Windows\System32\AUDIOKSE.dll - ok
18:41:10.0617 4480 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
18:41:10.0617 4480 C:\Windows\System32\WMALFXGFXDSP.dll - ok
18:41:10.0617 4480 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
18:41:10.0617 4480 C:\Windows\System32\mfplat.dll - ok
18:41:10.0617 4480 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
18:41:10.0617 4480 C:\Windows\System32\UIAnimation.dll - ok
18:41:10.0617 4480 [ CB220198D13F3429DBDA044691A30AF2 ] C:\Windows\SysWOW64\tblmouse.exe
18:41:10.0617 4480 C:\Windows\SysWOW64\tblmouse.exe - ok
18:41:10.0617 4480 [ F4ADAC29DBBB24B335C2EC2738151030 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
18:41:10.0617 4480 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe - ok
18:41:10.0617 4480 [ 00490C2A421579311EFF460ADDAB7AD0 ] C:\Program Files\Microsoft Security Client\msseces.exe
18:41:10.0617 4480 C:\Program Files\Microsoft Security Client\msseces.exe - ok
18:41:10.0632 4480 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
18:41:10.0632 4480 C:\Windows\SysWOW64\netapi32.dll - ok
18:41:10.0632 4480 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
18:41:10.0632 4480 C:\Windows\SysWOW64\wkscli.dll - ok
18:41:10.0632 4480 [ C27853E2675D3461FA997AC4CFAD0B37 ] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
18:41:10.0632 4480 C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe - ok
18:41:10.0632 4480 [ 6BF7676296D5359AFC135A5397000053 ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
18:41:10.0632 4480 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe - ok
18:41:10.0632 4480 [ D67546AD7FF0F7167A30A3A66FFEEEAD ] C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe
18:41:10.0632 4480 C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe - ok
18:41:10.0648 4480 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
18:41:10.0648 4480 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
18:41:10.0648 4480 [ E970929B7FC9CE646A78B5ECABAF9136 ] C:\ProgramData\FLEXnet\Connect\11\agent.exe
18:41:10.0648 4480 C:\ProgramData\FLEXnet\Connect\11\agent.exe - ok
18:41:10.0648 4480 [ E80598FF6AC2A7660C9336826A1A533E ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
18:41:10.0648 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe - ok
18:41:10.0648 4480 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
18:41:10.0648 4480 C:\Windows\System32\riched20.dll - ok
18:41:10.0648 4480 [ C5B5552E5C1A0079C1F7313E7CC7707E ] J:\Google Calendar Sync\GoogleCalendarSync.exe
18:41:10.0648 4480 J:\Google Calendar Sync\GoogleCalendarSync.exe - ok
18:41:10.0664 4480 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
18:41:10.0664 4480 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
18:41:10.0664 4480 [ 1CD24A9A1C125AB523268DE02E6DE6D7 ] C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
18:41:10.0664 4480 C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe - ok
18:41:10.0664 4480 [ 037A3E8D3F4F336EE6B5F0E0AFA3AEEC ] C:\Users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe
18:41:10.0664 4480 C:\Users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe - ok
18:41:10.0664 4480 [ DB16A7C0A453F7E220A5F29E42572FD8 ] C:\Windows\AppPatch\AppPatch64\AcGenral.dll
18:41:10.0664 4480 C:\Windows\AppPatch\AppPatch64\AcGenral.dll - ok
18:41:10.0664 4480 [ BA48FCD5653B8A62F39AAF2663EC5D10 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\c40ec0f4cd203c880298f94c0427dd54\System.ni.dll
18:41:10.0664 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\c40ec0f4cd203c880298f94c0427dd54\System.ni.dll - ok
18:41:10.0679 4480 [ 6C05EE9545E4D000793461E1F27F7698 ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
18:41:10.0679 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll - ok
18:41:10.0679 4480 [ 043FE3C9088BEADC6A9FFC033C84F20F ] C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
18:41:10.0679 4480 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - ok
18:41:10.0679 4480 [ 75BCC4043512E41D83C8F224B168039C ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18:41:10.0679 4480 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
18:41:10.0679 4480 [ FC19F3D46E21EF65EEA990B8AF2076F6 ] C:\Program Files (x86)\Microsoft Office\Office14\1033\ONINTL.DLL
18:41:10.0679 4480 C:\Program Files (x86)\Microsoft Office\Office14\1033\ONINTL.DLL - ok
18:41:10.0695 4480 [ 26A68554F95A344B62E5771AF598E0E8 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
18:41:10.0695 4480 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll - ok
18:41:10.0695 4480 [ 040CAD6E6600BCEF7A91AE9885C4158F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll
18:41:10.0695 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\222eb8aa336953a6b0216db2b0c4770d\System.Drawing.ni.dll - ok
18:41:10.0695 4480 [ 3B919CBDDE7AE3376ED296839846C3DD ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
18:41:10.0695 4480 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll - ok
18:41:10.0695 4480 [ 9482A6241FD04A3D395200A14709CEE8 ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
18:41:10.0695 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtGui4.dll - ok
18:41:10.0695 4480 [ 1E8D1091011E1C51B44A94DE5EE89A6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll
18:41:10.0695 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\dc5bb74eefdbf954cdfb70dd534d5564\System.Windows.Forms.ni.dll - ok
18:41:10.0710 4480 [ BD23077CBAD092A5EA5F77ED874F32A2 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
18:41:10.0710 4480 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll - ok
18:41:10.0710 4480 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
18:41:10.0710 4480 C:\Windows\SysWOW64\winspool.drv - ok
18:41:10.0710 4480 [ 994BF064851281D22CFACB306EF0C277 ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
18:41:10.0710 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtCore4.dll - ok
18:41:10.0710 4480 [ BD6599741E57F3CE5B77875B69459A7B ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
18:41:10.0710 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll - ok
18:41:10.0710 4480 [ 20C490813742EC4867A5DC5EC18DCB75 ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\pthread.dll
18:41:10.0710 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\pthread.dll - ok
18:41:10.0726 4480 [ 25301F793032B86C8440EE853A4F2ACD ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\log4cxx.dll
18:41:10.0726 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\log4cxx.dll - ok
18:41:10.0726 4480 [ 68CE18072E9CDFE63DD2E083868C7433 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
18:41:10.0726 4480 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
18:41:10.0726 4480 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
18:41:10.0726 4480 C:\Windows\SysWOW64\odbc32.dll - ok
18:41:10.0726 4480 [ E1231E3E937512D3849704B0F882A271 ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
18:41:10.0726 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libaacdec.dll - ok
18:41:10.0726 4480 [ 20309535467816C099CC2E0284698692 ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
18:41:10.0726 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll - ok
18:41:10.0742 4480 [ E3E48EE7D21E29F41D15F4DDE8C672CC ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
18:41:10.0742 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libid3tag.dll - ok
18:41:10.0742 4480 [ 76C6C461292CAF3791AB0C0175CE49CB ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
18:41:10.0742 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll - ok
18:41:10.0742 4480 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
18:41:10.0742 4480 C:\Windows\SysWOW64\odbcint.dll - ok
18:41:10.0742 4480 [ 1BA1E1C6E6577BB41842CFC451D7ED8C ] C:\Windows\SysWOW64\WINTAB32.dll
18:41:10.0742 4480 C:\Windows\SysWOW64\WINTAB32.dll - ok
18:41:10.0742 4480 [ E8CFC11D1916EB3607EC6B9C166F05E4 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
18:41:10.0757 4480 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll - ok
18:41:10.0757 4480 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
18:41:10.0757 4480 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
18:41:10.0757 4480 [ 9F71303BDDECF888CC77C2A486769C9D ] C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.DLL
18:41:10.0757 4480 C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.DLL - ok
18:41:10.0757 4480 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
18:41:10.0757 4480 C:\Windows\SysWOW64\dbghelp.dll - ok
18:41:10.0757 4480 [ 98D53BB2DB8E11762D30C3CF41FA140B ] C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
18:41:10.0757 4480 C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok
18:41:10.0773 4480 [ 857F78A80A36BF9BE8B10D85E49CE2C4 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\193d03ca60573c92f92d9b07fa5bc243\System.Configuration.ni.dll
18:41:10.0773 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\193d03ca60573c92f92d9b07fa5bc243\System.Configuration.ni.dll - ok
18:41:10.0773 4480 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
18:41:10.0773 4480 C:\Windows\System32\shfolder.dll - ok
18:41:10.0773 4480 [ 37C813CF6B4E892E2CDA6FEF3B871AFC ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\24d1b7ccbedaa3602bae6a6acea9929e\System.Xml.ni.dll
18:41:10.0773 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\24d1b7ccbedaa3602bae6a6acea9929e\System.Xml.ni.dll - ok
18:41:10.0773 4480 [ 4DF1FC22D97CD905D5E046C06EE4B036 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\ea1848ec07c70f3d3c3445f4fbdae87a\System.Data.ni.dll
18:41:10.0773 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\ea1848ec07c70f3d3c3445f4fbdae87a\System.Data.ni.dll - ok
18:41:10.0773 4480 [ C17DFE97C4F5835505BBF6D6C1DEAC7F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\ec95ad2463c5588fc8ef552b3f375ee6\System.Transactions.ni.dll
18:41:10.0773 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\ec95ad2463c5588fc8ef552b3f375ee6\System.Transactions.ni.dll - ok
18:41:10.0788 4480 [ E4806AC8BE2D890193252D4BEE7EA95C ] C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
18:41:10.0788 4480 C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
18:41:10.0788 4480 [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
18:41:10.0788 4480 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe - ok
18:41:10.0788 4480 [ 43CC960ED33AD7B552772711284B0CDD ] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
18:41:10.0788 4480 C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe - ok
18:41:10.0788 4480 [ F577910A133A592234EBAAD3F3AFA258 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:41:10.0788 4480 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - ok
18:41:10.0804 4480 [ 2B89D8F744E7AEB09F696731F6A83AA5 ] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
18:41:10.0804 4480 C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll - ok
18:41:10.0804 4480 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\SysWOW64\msxml3.dll
18:41:10.0804 4480 C:\Windows\SysWOW64\msxml3.dll - ok
18:41:10.0804 4480 [ E1636F57581CAB5D995FD54D2991EF57 ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
18:41:10.0804 4480 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe - ok
18:41:10.0804 4480 [ 83763D5C3C8232C3F9FF2C72DEE32443 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.ni.dll
18:41:10.0804 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\d50cde53634ccbb5e0231738784ff4b8\System.EnterpriseServices.ni.dll - ok
18:41:10.0804 4480 [ 114E5342884A174F0E261526F07B63A1 ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\libcurl.dll
18:41:10.0804 4480 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\libcurl.dll - ok
18:41:10.0820 4480 [ 6307849B9BE3C206DB46A62316BF191F ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\libeay32.dll
18:41:10.0820 4480 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\libeay32.dll - ok
18:41:10.0820 4480 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:41:10.0820 4480 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
18:41:10.0820 4480 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
18:41:10.0820 4480 C:\Windows\SysWOW64\msls31.dll - ok
18:41:10.0820 4480 [ AAA55B127EC38BDEBD2A3891A2E5FD54 ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\ssleay32.dll
18:41:10.0820 4480 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\ssleay32.dll - ok
18:41:10.0820 4480 [ 907B50DE97ED835EFE151F203818216D ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll
18:41:10.0820 4480 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll - ok
18:41:10.0835 4480 [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\SysWOW64\d2d1.dll
18:41:10.0835 4480 C:\Windows\SysWOW64\d2d1.dll - ok
18:41:10.0835 4480 [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\SysWOW64\DWrite.dll
18:41:10.0835 4480 C:\Windows\SysWOW64\DWrite.dll - ok
18:41:10.0835 4480 [ DA6A7AF9E7030C7C2933A697EE1189BE ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
18:41:10.0835 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe - ok
18:41:10.0835 4480 [ 1C338290116B8D8D91018E8E6C66E555 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
18:41:10.0835 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe - ok
18:41:10.0835 4480 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
18:41:10.0835 4480 C:\Windows\System32\FntCache.dll - ok
18:41:10.0851 4480 [ 880798F61D6FAA41556CE9FA25E146F5 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
18:41:10.0851 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe - ok
18:41:10.0851 4480 [ 8F77B32860FA6541F7F4AE494EEA670F ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Esl\Aiod.dll
18:41:10.0851 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Esl\Aiod.dll - ok
18:41:10.0851 4480 [ 4D90AE409CB418BF161CE9255655471D ] C:\Program Files (x86)\Music Alarm Clock\mac.exe
18:41:10.0851 4480 C:\Program Files (x86)\Music Alarm Clock\mac.exe - ok
18:41:10.0851 4480 [ 3F2D0111ED59CF2847E0E2551117D3F3 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe
18:41:10.0851 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe - ok
18:41:10.0851 4480 [ 612DCF511367C3666BEF8D1EFFB2566E ] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
18:41:10.0851 4480 C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll - ok
18:41:10.0866 4480 [ 27A6ADA12783F1065924460674BE4191 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodistdll.dll
18:41:10.0866 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodistdll.dll - ok
18:41:10.0866 4480 [ B45F2C4076ACFD9714037B7C69D90167 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:41:10.0866 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
18:41:10.0866 4480 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
18:41:10.0866 4480 C:\Windows\SysWOW64\quartz.dll - ok
18:41:10.0866 4480 [ 8E53B67FA3816E854B07C5DC66E10730 ] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
18:41:10.0866 4480 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe - ok
18:41:10.0866 4480 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
18:41:10.0866 4480 C:\Windows\SysWOW64\dxgi.dll - ok
18:41:10.0882 4480 [ E0CD5872CA4552056C4C705361A6BB5A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
18:41:10.0882 4480 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
18:41:10.0882 4480 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
18:41:10.0882 4480 C:\Windows\SysWOW64\MMDevAPI.dll - ok
18:41:10.0882 4480 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\SysWOW64\d3d10_1.dll
18:41:10.0882 4480 C:\Windows\SysWOW64\d3d10_1.dll - ok
18:41:10.0882 4480 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\SysWOW64\wdmaud.drv
18:41:10.0882 4480 C:\Windows\SysWOW64\wdmaud.drv - ok
18:41:10.0882 4480 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
18:41:10.0882 4480 C:\Windows\SysWOW64\avrt.dll - ok
18:41:10.0898 4480 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\SysWOW64\d3d10_1core.dll
18:41:10.0898 4480 C:\Windows\SysWOW64\d3d10_1core.dll - ok
18:41:10.0898 4480 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
18:41:10.0898 4480 C:\Windows\SysWOW64\ksuser.dll - ok
18:41:10.0898 4480 [ 34086F1DBB4065047EA3671CB70505CC ] C:\Program Files\iTunesHelper.exe
18:41:10.0898 4480 C:\Program Files\iTunesHelper.exe - ok
18:41:10.0898 4480 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
18:41:10.0898 4480 C:\Windows\SysWOW64\AudioSes.dll - ok
18:41:10.0898 4480 [ 78B7A3BDA25C90DAA50D36A56A8D1351 ] C:\Windows\SysWOW64\d3d10warp.dll
18:41:10.0898 4480 C:\Windows\SysWOW64\d3d10warp.dll - ok
18:41:10.0898 4480 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
18:41:10.0898 4480 C:\Windows\SysWOW64\midimap.dll - ok
18:41:10.0913 4480 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
18:41:10.0913 4480 C:\Windows\SysWOW64\msacm32.drv - ok
18:41:10.0913 4480 [ B1CA4AA760FF0DDFA1C38E95D19CFEFB ] C:\Program Files\iTunesHelper.dll
18:41:10.0913 4480 C:\Program Files\iTunesHelper.dll - ok
18:41:10.0913 4480 [ 0522F8DB363CD014E5F69BDFF0E28435 ] C:\Windows\SysWOW64\aticfx32.dll
18:41:10.0913 4480 C:\Windows\SysWOW64\aticfx32.dll - ok
18:41:10.0913 4480 [ 97EA663282E10C6306769FEAD4E76867 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ahclient.dll
18:41:10.0913 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ahclient.dll - ok
18:41:10.0913 4480 [ C5F1D82D9CC8979971CC748FCB2EE7CA ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
18:41:10.0913 4480 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe - ok
18:41:10.0929 4480 [ 06CABCD25920159660B4F73B8BE85D5A ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeXMP.dll
18:41:10.0929 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeXMP.dll - ok
18:41:10.0929 4480 [ E7FE89F69C3CC65CAD3D1ADC5D6A9F41 ] C:\Program Files\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
18:41:10.0929 4480 C:\Program Files\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
18:41:10.0929 4480 [ 0654195051D1024C005E7BE135A6FEE7 ] C:\Program Files\iTunesHelper.Resources\iTunesHelper.dll
18:41:10.0929 4480 C:\Program Files\iTunesHelper.Resources\iTunesHelper.dll - ok
18:41:10.0929 4480 [ 8A4D564076F8739C8C0C2B9A461F9408 ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
18:41:10.0929 4480 C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll - ok
18:41:10.0929 4480 [ 995BEB69AE5C50D354894354F5A6CD5A ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:41:10.0929 4480 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
18:41:10.0944 4480 [ 642D2E6B9E57C8094E6114131916FDB7 ] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
18:41:10.0944 4480 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll - ok
18:41:10.0944 4480 [ 819EB5ABEAE5B1728EDFF0AC8B696769 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ACE.dll
18:41:10.0944 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ACE.dll - ok
18:41:10.0944 4480 [ 3DF8D76576A0AD5F82E541C6F4903A85 ] C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll
18:41:10.0944 4480 C:\Program Files (x86)\Real\RealPlayer\Update\setu3270.dll - ok
18:41:10.0944 4480 [ 2931B1A98FA187834F7E39A598B947E1 ] C:\PROGRA~2\Kodak\KODAKS~1\py\_socket.pyd
18:41:10.0944 4480 C:\PROGRA~2\Kodak\KODAKS~1\py\_socket.pyd - ok
18:41:10.0960 4480 [ 234CF1A2306CD5645011A298F0D3584A ] C:\PROGRA~2\Kodak\KODAKS~1\py\_ssl.pyd
18:41:10.0960 4480 C:\PROGRA~2\Kodak\KODAKS~1\py\_ssl.pyd - ok
18:41:10.0960 4480 [ 07C4EBD3107799774FA3103956CD1C40 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
18:41:10.0960 4480 C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe - ok
18:41:10.0960 4480 [ C7E02E0BF58E7764CD8E0B526C56C434 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobePDFL.dll
18:41:10.0960 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobePDFL.dll - ok
18:41:10.0960 4480 [ DC2502AE5720D1D2EACB0D7B5A8E7B53 ] C:\Program Files (x86)\Real\RealPlayer\realjbox.exe
18:41:10.0960 4480 C:\Program Files (x86)\Real\RealPlayer\realjbox.exe - ok
18:41:10.0960 4480 [ 32288D2A44C99A769A8D3B6D627D7227 ] C:\Program Files (x86)\Real\RealPlayer\realplay.exe
18:41:10.0960 4480 C:\Program Files (x86)\Real\RealPlayer\realplay.exe - ok
18:41:10.0976 4480 [ E5F1D2C7D51C816437BBE2306828BC4B ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
18:41:10.0976 4480 C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe - ok
18:41:10.0976 4480 [ 874650BF7C7063FB2455E0498456D29C ] C:\Program Files (x86)\Nuance\PaperPort\XMaxUtil.dll
18:41:10.0976 4480 C:\Program Files (x86)\Nuance\PaperPort\XMaxUtil.dll - ok
18:41:10.0976 4480 [ E2BF206E5164569500742637B5459402 ] C:\Program Files (x86)\Nuance\PaperPort\BliceCtr.dll
18:41:10.0976 4480 C:\Program Files (x86)\Nuance\PaperPort\BliceCtr.dll - ok
18:41:10.0976 4480 [ 78B16D439F3562552AEB38D352F00567 ] C:\PROGRA~2\Kodak\KODAKS~1\py\_hashlib.pyd
18:41:10.0976 4480 C:\PROGRA~2\Kodak\KODAKS~1\py\_hashlib.pyd - ok
18:41:10.0976 4480 [ 519835D8C5215B09DC6D60F356625A66 ] C:\Program Files (x86)\Nuance\PaperPort\MaxRes.dll
18:41:10.0976 4480 C:\Program Files (x86)\Nuance\PaperPort\MaxRes.dll - ok
18:41:10.0991 4480 [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe
18:41:10.0991 4480 C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe - ok
18:41:10.0991 4480 [ 992776DD978494547DD1CE211D978868 ] C:\Program Files (x86)\Nuance\PaperPort\BindRes.dll
18:41:10.0991 4480 C:\Program Files (x86)\Nuance\PaperPort\BindRes.dll - ok
18:41:10.0991 4480 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
18:41:10.0991 4480 C:\Windows\SysWOW64\oledlg.dll - ok
18:41:10.0991 4480 [ CFB1E2B76E115A65F8F1D2C798D1D66F ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\EregRes_eng.dll
18:41:10.0991 4480 C:\Program Files (x86)\Nuance\PaperPort\Ereg\EregRes_eng.dll - ok
18:41:10.0991 4480 [ 9F0ACAA725CF5A391AF7E2067AE45746 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
18:41:10.0991 4480 C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe - ok
18:41:11.0007 4480 [ 255423C760AE5A9D81A44873923B116D ] C:\Program Files (x86)\Real\RealPlayer\rpwa3260.dll
18:41:11.0007 4480 C:\Program Files (x86)\Real\RealPlayer\rpwa3260.dll - ok
18:41:11.0007 4480 [ FDB069972B81AA52BFBA7AE45FF7BF7B ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\JP2KLib.dll
18:41:11.0007 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\JP2KLib.dll - ok
18:41:11.0007 4480 [ 672938970059EF303A55D7D671D2AE3C ] C:\PROGRA~2\Kodak\KODAKS~1\py\sqlite3.dll
18:41:11.0007 4480 C:\PROGRA~2\Kodak\KODAKS~1\py\sqlite3.dll - ok
18:41:11.0007 4480 [ F6DB1865F029A7CC259E14A45B734644 ] C:\PROGRA~2\Kodak\KODAKS~1\py\_sqlite3.pyd
18:41:11.0007 4480 C:\PROGRA~2\Kodak\KODAKS~1\py\_sqlite3.pyd - ok
18:41:11.0007 4480 [ 759D71FC9442AB5A9B5749C0F6C0C263 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\BIB.dll
18:41:11.0007 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\BIB.dll - ok
18:41:11.0022 4480 [ B05953F956EB87A02E62096EAAFA9C5F ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\BIBUtils.dll
18:41:11.0022 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\BIBUtils.dll - ok
18:41:11.0022 4480 [ 154420A93E4F676AA33A055A116255D9 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
18:41:11.0022 4480 C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe - ok
18:41:11.0022 4480 [ AB9D511F0CA51F683CD72870AB989141 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AGM.dll
18:41:11.0022 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AGM.dll - ok
18:41:11.0022 4480 [ A9DA8CC5E02FF594E11A78D86D5B6A5B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\2a02b172fa4cf3d93ce7388b67b2a199\System.Runtime.Remoting.ni.dll
18:41:11.0022 4480 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\2a02b172fa4cf3d93ce7388b67b2a199\System.Runtime.Remoting.ni.dll - ok
18:41:11.0038 4480 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
18:41:11.0038 4480 C:\Windows\SysWOW64\credui.dll - ok
18:41:11.0038 4480 [ 016B31B67ACDF4AEB325FAC166684E5D ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
18:41:11.0038 4480 C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe - ok
18:41:11.0038 4480 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
18:41:11.0038 4480 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
18:41:11.0038 4480 [ F2A24E4AEC0F8D5DBAB10CB87A8EFED2 ] C:\Windows\SysWOW64\sti.dll
18:41:11.0038 4480 C:\Windows\SysWOW64\sti.dll - ok
18:41:11.0038 4480 [ B11F7DB91E12BBCA71BE88BFB2120FAF ] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
18:41:11.0038 4480 C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll - ok
18:41:11.0054 4480 [ DF5F5DA91097AEC042295634B2E52729 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\cnvres_eng.dll
18:41:11.0054 4480 C:\Program Files (x86)\Nuance\PDF Viewer Plus\cnvres_eng.dll - ok
18:41:11.0054 4480 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
18:41:11.0054 4480 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
18:41:11.0054 4480 [ 84ED734D77A8F8B7E56C954D42731945 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
18:41:11.0054 4480 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe - ok
18:41:11.0054 4480 [ E3564D023DCCA4A1854DC2226C99120D ] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
18:41:11.0054 4480 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe - ok
18:41:11.0054 4480 [ 87EFA9CF72AA7059022008348BF6085A ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\CoolType.dll
18:41:11.0054 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\CoolType.dll - ok
18:41:11.0069 4480 [ 432BE6CF7311062633459EEF6B242FB5 ] C:\Windows\SysWOW64\regsvr32.exe
18:41:11.0069 4480 C:\Windows\SysWOW64\regsvr32.exe - ok
18:41:11.0069 4480 [ 0017163E0D5985168792BEE5CF70D5DF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
18:41:11.0069 4480 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll - ok
18:41:11.0069 4480 [ 6C13E1F69181003070DA7893F87C8F1E ] C:\Program Files (x86)\ControlCenter4\BrCcDevMan.dll
18:41:11.0069 4480 C:\Program Files (x86)\ControlCenter4\BrCcDevMan.dll - ok
18:41:11.0069 4480 [ 0CFB90C28768E26498834D780FBBD754 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AXE8SharedExpat.dll
18:41:11.0069 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AXE8SharedExpat.dll - ok
18:41:11.0085 4480 [ D5857104B6BDB7325FBC58F196505758 ] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
18:41:11.0085 4480 C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll - ok
18:41:11.0085 4480 [ 79BFC537A2D5005EDE7CBDE543B2C114 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ARE.dll
18:41:11.0085 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ARE.dll - ok
18:41:11.0085 4480 [ 621A8A21CC9A28D7AFC62B1C98F600A3 ] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
18:41:11.0085 4480 C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll - ok
18:41:11.0085 4480 [ 517EEF6693CEB66A26CCC5BE12EEA42D ] C:\Program Files (x86)\ControlCenter4\BrCcExtPg.dll
18:41:11.0085 4480 C:\Program Files (x86)\ControlCenter4\BrCcExtPg.dll - ok
18:41:11.0085 4480 [ 916A2C4EB028604783FD5EA169236C1D ] J:\QuickTime\QTTask.exe
18:41:11.0085 4480 J:\QuickTime\QTTask.exe - ok
18:41:11.0100 4480 [ 73CB26E2DD5A28B08C7260CEC63172C1 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Adist.dll
18:41:11.0100 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Adist.dll - ok
18:41:11.0100 4480 [ E97295DE2A9FDE547FEAB4FE41DF16CA ] C:\Windows\SysWOW64\mspaint.exe
18:41:11.0100 4480 C:\Windows\SysWOW64\mspaint.exe - ok
18:41:11.0100 4480 [ FE51EEF2F9842C7A14768A48219F96C2 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\adistres.dll
18:41:11.0100 4480 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\adistres.dll - ok
18:41:11.0100 4480 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] C:\Program Files (x86)\Browny02\BrYNSvc.exe
18:41:11.0100 4480 C:\Program Files (x86)\Browny02\BrYNSvc.exe - ok
18:41:11.0100 4480 [ 8B0A56C93B519426793DDA8FA408D087 ] C:\Program Files (x86)\Browny02\BrMonitor.dll
18:41:11.0100 4480 C:\Program Files (x86)\Browny02\BrMonitor.dll - ok
18:41:11.0116 4480 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\SysWOW64\msxml6.dll
18:41:11.0116 4480 C:\Windows\SysWOW64\msxml6.dll - ok
18:41:11.0116 4480 [ D114FADA168A6F4AD7866B3CDEB9CAB2 ] C:\Program Files (x86)\ThinkBuzan\iMindMap 5\iMindMap 5.exe
18:41:11.0116 4480 C:\Program Files (x86)\ThinkBuzan\iMindMap 5\iMindMap 5.exe - ok
18:41:11.0116 4480 [ 9567E1E9A68672811127E183F383CFEC ] C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\client\jvm.dll
18:41:11.0116 4480 C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\client\jvm.dll - ok
18:41:11.0116 4480 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\Windows\SysWOW64\msvcr71.dll
18:41:11.0116 4480 C:\Windows\SysWOW64\msvcr71.dll - ok
18:41:11.0116 4480 [ 613195AF25136C645DD0139CBC03B22C ] C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\verify.dll
18:41:11.0116 4480 C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\verify.dll - ok
18:41:11.0132 4480 [ D9960580D80026E2204BB5A894FE032B ] C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\hpi.dll
18:41:11.0132 4480 C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\hpi.dll - ok
18:41:11.0132 4480 [ 8D62D13D2F1FBAEB3EAFEE4CA8FDE383 ] C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\java.dll
18:41:11.0132 4480 C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\java.dll - ok
18:41:11.0132 4480 [ E295D3249D42A0C7EAEF15A8E614BDC3 ] C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\zip.dll
18:41:11.0132 4480 C:\Program Files (x86)\ThinkBuzan\iMindMap 5\jre\bin\zip.dll - ok
18:41:11.0132 4480 [ BB50B21FEE2A6F3E5FC92B330ECCF050 ] C:\Windows\SysWOW64\hhctrl.ocx
18:41:11.0132 4480 C:\Windows\SysWOW64\hhctrl.ocx - ok
18:41:11.0132 4480 [ B907641B954B7C8C7F81EA8679314BFD ] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
18:41:11.0132 4480 C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll - ok
18:41:11.0147 4480 ============================================================
18:41:11.0147 4480 Scan finished
18:41:11.0147 4480 ============================================================
18:41:11.0147 4472 Detected object count: 0
18:41:11.0147 4472 Actual detected object count: 0



#8 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 September 2012 - 06:04 PM

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 18:42:50
-----------------------------
18:42:50.647 OS Version: Windows x64 6.1.7601 Service Pack 1
18:42:50.647 Number of processors: 6 586 0xA00
18:42:50.647 ComputerName: ELBARNEY UserName: Evelyn
18:42:50.772 Initialize success
18:44:04.938 AVAST engine defs: 12090901
18:44:29.461 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000064
18:44:29.476 Disk 0 Vendor: WDC_WD10 06.0 Size: 953869MB BusType: 11
18:44:29.476 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000066
18:44:29.476 Disk 1 Vendor: INTEL_SS 2CV1 Size: 76319MB BusType: 11
18:44:29.492 Disk 1 MBR read successfully
18:44:29.492 Disk 1 MBR scan
18:44:29.492 Disk 1 Windows 7 default MBR code
18:44:29.508 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
18:44:29.508 Disk 1 scanning C:\Windows\system32\drivers
18:44:32.082 Service scanning
18:44:40.084 Modules scanning
18:44:40.084 Disk 1 trace - called modules:
18:44:40.100 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
18:44:40.100 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007258060]
18:44:40.116 3 CLASSPNP.SYS[fffff8800197543f] -> nt!IofCallDriver -> [0xfffffa8006cc76c0]
18:44:40.131 5 amdxata.sys[fffff880010ee7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8006b6d060]
18:44:40.396 AVAST engine scan C:\Windows
18:44:41.176 AVAST engine scan C:\Windows\system32
18:45:57.741 AVAST engine scan C:\Windows\system32\drivers
18:46:00.783 AVAST engine scan C:\Users\Evelyn
18:48:40.481 AVAST engine scan C:\ProgramData
18:49:01.853 Scan finished successfully
18:49:26.033 Disk 1 MBR has been saved successfully to "C:\Users\Evelyn\Desktop\MBR.dat"
18:49:26.033 The log file has been saved successfully to "C:\Users\Evelyn\Desktop\aswMBR.txt"


Now, I do have a partition of my data drive called J: more programs where I have programs that I don't sue often or don't need to run as fast as the SSD drive. I don't imagine the problem is there, but figured I'd best mention it. All browsers are on the C: drive.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 09 September 2012 - 06:25 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 September 2012 - 07:39 PM

First, GRINGO - I cannot thank you enough. The problem is stil there but you relaly are on top of it.

Here is the latest report:

OTL logfile created on: 9/9/2012 7:40:19 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Evelyn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.47 Gb Available Physical Memory | 68.41% Memory free
16.00 Gb Paging File | 13.52 Gb Available in Paging File | 84.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 8.45 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
Drive D: | 908.52 Gb Total Space | 152.81 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive E: | 504.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 22.99 Gb Total Space | 18.24 Gb Free Space | 79.33% Space Free | Partition Type: NTFS

Computer Name: ELBARNEY | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Evelyn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\NVDA\nvda_service.exe (NV Access Inc)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - J:\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\ThinkBuzan\iMindMap 5\iMindMap 5.exe (ThinkBuzan)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\NoteTab Pro 6\NotePro.exe (Fookes Holding Ltd)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Music Alarm Clock\mac.exe (Vioio Software Inc.)
PRC - C:\Windows\SysWOW64\tblmouse.exe (WALTOP International Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtGui4.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll ()
MOD - C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\QtCore4.dll ()
MOD - C:\Users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WTService) -- C:\Windows\SysNative\atwtusb.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BackupStack) -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvda) -- C:\Program Files (x86)\NVDA\nvda_service.exe (NV Access Inc)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ASTSRV) -- C:\Windows\SysWow64\ASTSRV.EXE (Nalpeiron Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\753B.tmp (Sophos Plc)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\walvhid.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (moufiltr) -- C:\Windows\SysNative\drivers\moufiltr.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (aiptektp) -- C:\Windows\SysNative\drivers\aiptektp.sys (WALTOP International Corp.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 18 62 D9 89 12 CC 01 [binary data]
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110141&babsrc=SP_ss&mntrId=2221c4bf0000000000001c659d51961c
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{BD1198CA-D832-4963-9290-A3B9E382BA0B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102868&src=kw&q={searchTerms}&locale=&apn_ptnrs=5I&apn_dtid=YYYYYYYYUS&apn_uid=cd30412a-fff7-45ee-b7a7-fa3d609eaa48&apn_sauid=6F95E2E0-920A-4FDB-BE6D-F137F053F926
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{FEB30129-1532-4FF0-ADEC-1A895D2AD672}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=ffa1fc9523294877932bb360938a7e70
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=ffa1fc9523294877932bb360938a7e70&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=ffa1fc9523294877932bb360938a7e70&subid=&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: browserlab@adobe.com:1.0.0.1227P.314153
FF - prefs.js..extensions.enabledAddons: csscoverage@spaghetticoder.org:0.2.9
FF - prefs.js..extensions.enabledAddons: debugger@aptana.com:1.7.2
FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: eventbug@getfirebug.com:0.1b10
FF - prefs.js..extensions.enabledAddons: fbtest@mozilla.com:1.7b17
FF - prefs.js..extensions.enabledAddons: firefoxExt@ultrarecall.com:1.2
FF - prefs.js..extensions.enabledAddons: firestarter@getfirebug.com:0.1a6
FF - prefs.js..extensions.enabledAddons: netexport@getfirebug.com:0.8
FF - prefs.js..extensions.enabledAddons: pixelperfectplugin@openhouseconcepts.com:1.7.1
FF - prefs.js..extensions.enabledAddons: plugin@apture.com:2.0.0
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: selectbug@getfirebug.com:0.1a3
FF - prefs.js..extensions.enabledAddons: sortplaces@andyhalford.com:1.9.2
FF - prefs.js..extensions.enabledAddons: sroussey@illumination-for-developers.com:1.1.18
FF - prefs.js..extensions.enabledAddons: validator@totalvalidator.com:7.4.0
FF - prefs.js..extensions.enabledAddons: wavetoolbar@webaim.org:1.1.8
FF - prefs.js..extensions.enabledAddons: zoteroWinWordIntegration@zotero.org:3.1.8
FF - prefs.js..extensions.enabledAddons: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.5.0.4
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0
FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0
FF - prefs.js..extensions.enabledAddons: info@cssUpdater.com:0.5.2
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: occudbzlvn@occudbzlvn.org:2.5
FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="

FF - user.js..keyword.enabled: 1
FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: J:\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Evelyn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Evelyn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/07 01:39:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2011/10/29 00:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/09/07 01:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/07 01:39:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HomePagePrint2@corpus.co.jp: C:\Program Files (x86)\Homepage Print 2\Firefox [2012/09/07 01:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/03 18:07:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/03 18:07:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/03 18:07:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/03 18:07:05 | 000,000,000 | ---D | M]

[2011/05/17 23:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Extensions
[2011/05/14 22:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (Adobe BrowserLab for Firebug) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\browserlab@adobe.com
[2012/02/11 16:50:58 | 000,000,000 | ---D | M] (???????????? ?? ?????????? Logitech) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\DeviceDetection@logitech.com
[2011/06/27 19:25:15 | 000,000,000 | ---D | M] (Ultra Recall Firefox Extension) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\firefoxExt@ultrarecall.com
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com
[2012/09/07 01:36:57 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\zoteroWinWordIntegration@zotero.org
[2012/03/10 21:00:56 | 000,009,650 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\csscoverage@spaghetticoder.org.xpi
[2011/11/04 05:35:01 | 000,059,316 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\debugger@aptana.com.xpi
[2012/01/01 16:38:09 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\DivXWebPlayer@divx.com.xpi
[2011/12/12 17:53:19 | 000,011,558 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\eventbug@getfirebug.com.xpi
[2011/09/01 10:43:10 | 000,085,552 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\fbtest@mozilla.com.xpi
[2012/08/31 22:41:53 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\firebug@software.joehewitt.com.xpi
[2011/09/01 10:43:10 | 000,007,213 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\firestarter@getfirebug.com.xpi
[2012/09/05 20:41:31 | 000,010,175 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\info@cssUpdater.com.xpi
[2012/06/26 15:47:59 | 000,043,184 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\netexport@getfirebug.com.xpi
[1832/11/29 00:37:17 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\occudbzlvn@occudbzlvn.org.xpi
[2012/07/24 22:58:26 | 000,216,359 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2011/07/05 13:54:37 | 000,009,339 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@apture.com.xpi
[2011/09/01 10:43:10 | 000,007,039 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\selectbug@getfirebug.com.xpi
[2012/03/31 16:32:49 | 000,081,251 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\sortplaces@andyhalford.com.xpi
[2012/08/31 18:53:27 | 000,239,483 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\sroussey@illumination-for-developers.com.xpi
[2012/07/08 15:00:00 | 000,083,402 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\validator@totalvalidator.com.xpi
[2012/02/06 21:56:40 | 000,426,790 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\wavetoolbar@webaim.org.xpi
[2012/09/05 20:41:31 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/07/24 22:58:30 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/05 20:41:31 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/08/28 13:11:12 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/07/08 14:59:12 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2011/08/11 17:11:07 | 000,002,572 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\searchplugins\askcom.xml
[2012/09/07 01:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 01:36:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/31 18:53:26 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 12:54:54 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:54:56 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/18 10:03:15 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/10/17 14:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/09/06 15:10:30 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/23 16:22:27 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/31 18:53:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/31 18:53:13 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/ig
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={6AB71D94-3DC9-46CD-B5FB-2A492334B6AD}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding},
CHR - homepage: http://www.google.com/ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Evelyn\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: WinZip Courier (Enabled) = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\wzwmcgc.dll
CHR - plugin: WinZip Courier (Enabled) = C:\Program Files (x86)\WinZip Courier\npwzwmc.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Evelyn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Evelyn\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Resolution Switcher = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfpobndlielepmhenppdhjgpjkdkokmi\1.0.2_0\
CHR - Extension: PHP Ninja Manual = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbhjjdhmgeibgdccjfoliooccomjcab\1.1.4_0\
CHR - Extension: SkHTML = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfcdpbcciggmmgejjgalekdiokpmoge\2.1_0\
CHR - Extension: Google Search = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Uncircle Inactives+ = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhcfgcecigkknnimiljlbcjmnbeeodhl\1.8_0\
CHR - Extension: PerfectPixel by WellDoneCode = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkaagdgjmgdmbnecmcefdhjekcoceebi\1.14_0\
CHR - Extension: Chrome Daltonize! = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\efeladnkafmoofnbagdbfaieabmejfcf\1.1_0\
CHR - Extension: FreelanceFeeds = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkcnhailppghnpmjkfedpohojiknnli\1.5_0\
CHR - Extension: Pendule = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkffbkamcejhkcaocmkdeiiccpmjfdi\1.0.0_0\
CHR - Extension: META SEO inspector = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef\1.8.3_0\
CHR - Extension: Web Development Expert! = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikmodglecnfjjbhodpjajkmkmgackpbj\1.1.2_0\
CHR - Extension: WinZip Courier = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.0_0\
CHR - Extension: What's the font? = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipooogmmnpmfmhbhlahhjkjiiamjllal\0.1.4_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Extensity = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmflmamggggndanpgfnpelongoepncg\0.1.6_0\
CHR - Extension: W3C HTML5 & CSS3 Validator = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kobpbiokkobnmnaefmpcodeeficgbfkg\1.1.1_0\
CHR - Extension: ruul. Screen ruler = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj\5.5.2_0\
CHR - Extension: One-Click Extensions Manager = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\niemebbfnfbjfojajlmnbiikmcpjkkja\1.3.3.5_0\
CHR - Extension: lastModified = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpohcbgeibdoacicflegnjjhedeepmb\1.1.2_0\
CHR - Extension: Color Picker = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.32_0\
CHR - Extension: Gmail = C:\Users\Evelyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/09 17:13:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Homepage Print 2BHO) - {EFC91ACA-519F-428D-8472-81E158609D25} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll (CORPUS CORPORATION)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Homepage Print 2) - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll (CORPUS CORPORATION)
O3 - HKLM\..\Toolbar: (Ultra Recall) - {C501607C-4A98-4f5e-B9AF-425E6BBD5186} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll (Kinook Software, Inc.)
O3 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TblMouse] C:\Windows\SysWOW64\tblmouse.exe (WALTOP International Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Music Alarm Clock] C:\Program Files (x86)\Music Alarm Clock\mac.exe (Vioio Software Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001..\Run: [{5F9E7405-B335-47cf-8F9A-74FD2576E4A9}] C:\Program Files (x86)\Homepage Print 2\DeskCapture.exe (CORPUS CORPORATION)
O4 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001..\Run: [MusicManager] C:\Users\Evelyn\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap Preloader.lnk = C:\Users\Evelyn\.thinkbuzan\imindmap\preload\iMindMap_Preloader.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send To &Ultra Recall (copy) - C:\Program Files (x86)\UltraRecall\Integration\StoreFromIE.html ()
O8:64bit: - Extra context menu item: Send To Ultra &Recall (link) - C:\Program Files (x86)\UltraRecall\Integration\LinkFromIE.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send To &Ultra Recall (copy) - C:\Program Files (x86)\UltraRecall\Integration\StoreFromIE.html ()
O8 - Extra context menu item: Send To Ultra &Recall (link) - C:\Program Files (x86)\UltraRecall\Integration\LinkFromIE.html ()
O9 - Extra Button: Copy to Ultra Recall - {24187A0F-0FDD-411b-80C6-F1F22F2ED10E} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll (Kinook Software, Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - J:\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - J:\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Link to Ultra Recall - {FD1FF307-68BC-462f-8718-AAEDB6DB7EA2} - C:\Program Files (x86)\UltraRecall\Integration\IEToolbar.dll (Kinook Software, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FE6B52D-B9D5-49B9-B139-722FF7DEDE99}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/20 01:14:28 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 19:27:11 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Evelyn\Desktop\OTL.exe
[2012/09/09 18:36:56 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Evelyn\Desktop\tdsskiller (1).exe
[2012/09/09 18:36:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Evelyn\Desktop\aswMBR.exe
[2012/09/09 17:16:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/09 17:13:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/09 17:08:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/08 21:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Calendar Sync
[2012/09/06 15:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2012/09/06 15:21:41 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\AVG
[2012/09/06 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012/09/06 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\AVG Secure Search
[2012/09/06 15:10:38 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\TuneUp Software
[2012/09/06 15:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/06 15:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/09/06 15:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/09/06 15:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/06 15:09:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/09/06 15:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/09/06 15:06:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/06 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\MFAData
[2012/09/06 15:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/06 15:06:35 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\Avg2013
[2012/09/06 14:12:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/06 14:12:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/06 14:12:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/06 14:09:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/06 14:09:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/03 18:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/09/03 18:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2012/08/30 14:52:11 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Desktop\edge
[2012/08/28 13:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mind Stereo
[2012/08/28 13:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2012/08/28 13:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuro-Programmer 3
[2012/08/28 13:51:25 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\{7A558ABB-8EE8-4AEE-B328-4706EE42C1EF}
[2012/08/27 17:33:23 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\RealNetworks
[2012/08/26 10:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/08/26 10:58:40 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/08/26 10:58:38 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\DAEMON Tools Lite
[2012/08/26 10:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/08/21 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2012/08/21 21:38:02 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\Programs
[2012/08/19 02:12:13 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Local\{18952B65-7CBF-48B8-AD66-8F911DCDFE5F}
[2012/08/17 00:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker
[2012/08/17 00:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/08/15 21:16:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 21:16:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 21:16:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 21:16:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 21:16:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 21:16:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 21:16:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 21:16:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 21:16:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 21:16:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 21:16:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 21:16:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 21:16:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 15:15:29 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 15:15:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 15:15:24 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 15:15:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 15:13:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 15:13:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 15:13:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 15:12:28 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 21:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SitemapX
[2012/08/14 21:12:05 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Desktop\Wayang Sitemap
[2012/08/14 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\Desktop\Emotional Recognition and
[2012/08/13 21:17:52 | 000,000,000 | ---D | C] -- C:\Users\Evelyn\AppData\Roaming\jAlbum
[2012/07/06 13:34:45 | 027,917,930 | ---- | C] (Nrsft) -- C:\ProgramData\Y9Z6nCqJ.exe
[2012/06/07 19:33:24 | 000,293,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/06/07 19:33:22 | 000,421,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/06/07 19:33:22 | 000,156,560 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/06/07 19:33:20 | 000,403,344 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/06/07 19:33:12 | 009,777,040 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/06/07 19:33:08 | 021,139,344 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/06/07 19:33:04 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/06/07 19:33:04 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/06/07 19:33:04 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/06/07 19:33:04 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2012/04/05 17:28:12 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[3 C:\Users\Evelyn\*.tmp files -> C:\Users\Evelyn\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/09 20:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216082692-2938019425-415009823-1001UA.job
[2012/09/09 20:23:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/09 19:26:51 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Evelyn\Desktop\OTL.exe
[2012/09/09 18:49:26 | 000,000,512 | ---- | M] () -- C:\Users\Evelyn\Desktop\MBR.dat
[2012/09/09 18:47:28 | 000,022,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 18:47:28 | 000,022,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 18:40:21 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012/09/09 18:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 18:35:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Evelyn\Desktop\aswMBR.exe
[2012/09/09 18:34:57 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Evelyn\Desktop\tdsskiller (1).exe
[2012/09/09 18:12:19 | 000,055,014 | ---- | M] () -- C:\Users\Evelyn\Desktop\layout.png
[2012/09/09 17:13:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/09 15:09:59 | 000,729,343 | ---- | M] () -- C:\Users\Evelyn\Desktop\therealme.png
[2012/09/09 15:09:59 | 000,001,456 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/09/09 15:06:26 | 000,192,678 | ---- | M] () -- C:\Users\Evelyn\Desktop\therealme.jpg
[2012/09/09 14:53:53 | 000,395,258 | ---- | M] () -- C:\Users\Evelyn\Desktop\IMG_20120909_145353.jpg
[2012/09/08 23:30:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216082692-2938019425-415009823-1001Core.job
[2012/09/08 21:53:22 | 000,000,741 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012/09/08 21:13:09 | 000,000,128 | ---- | M] () -- C:\Users\Evelyn\defogger_reenable
[2012/09/06 22:01:24 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/06 18:17:50 | 000,033,400 | ---- | M] () -- C:\Users\Evelyn\Desktop\483379_500227226661359_441928740_n.jpg
[2012/09/06 17:58:50 | 000,025,595 | ---- | M] () -- C:\Users\Evelyn\Desktop\392093_339073156110101_1174951493_n.jpg
[2012/09/06 13:49:47 | 000,444,231 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120906-135000.backup
[2012/09/05 20:46:52 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/05 20:46:52 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/04 23:13:16 | 000,050,007 | ---- | M] () -- C:\Users\Evelyn\Desktop\402a3ccdcd5d98a_52797.gif
[2012/09/03 17:50:06 | 000,329,873 | ---- | M] () -- C:\Users\Evelyn\Desktop\NUVIGIL Savings Card.pdf
[2012/09/02 15:10:09 | 000,000,132 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/09/02 00:50:38 | 000,869,043 | ---- | M] () -- C:\Users\Evelyn\Desktop\learn.png
[2012/09/01 14:18:36 | 002,130,118 | ---- | M] () -- C:\Users\Evelyn\Desktop\UltraSimpleCompanion.pdf
[2012/08/30 20:58:52 | 000,442,407 | ---- | M] () -- C:\Users\Evelyn\Desktop\Asana Issues.pdf
[2012/08/30 20:05:58 | 000,101,121 | ---- | M] () -- C:\Users\Evelyn\Desktop\asanaOverview.png
[2012/08/30 20:00:36 | 000,010,819 | ---- | M] () -- C:\Users\Evelyn\Desktop\arrowhead.png
[2012/08/30 18:55:02 | 053,553,664 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\AdobeSetupUtility.zip.aamdownload
[2012/08/30 18:55:02 | 000,000,809 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
[2012/08/30 18:54:47 | 000,163,870 | ---- | M] () -- C:\Users\Evelyn\Desktop\shoes.png
[2012/08/30 01:52:28 | 000,272,981 | ---- | M] () -- C:\Users\Evelyn\Desktop\boot.png
[2012/08/29 00:57:19 | 005,076,793 | ---- | M] () -- C:\Users\Evelyn\Desktop\Neo_Geo_full_on.psd
[2012/08/28 23:38:04 | 000,786,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/28 23:38:04 | 000,665,312 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/28 23:38:04 | 000,123,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/28 22:55:13 | 000,053,958 | ---- | M] () -- C:\Users\Evelyn\Desktop\Evie2.png
[2012/08/28 20:37:52 | 000,000,132 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/08/28 17:23:34 | 000,082,183 | ---- | M] () -- C:\Users\Evelyn\Desktop\vfavi.png
[2012/08/28 17:05:31 | 000,000,600 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\winscp.rnd
[2012/08/28 13:55:45 | 000,000,548 | ---- | M] () -- C:\Users\Public\Desktop\Mind Stereo.lnk
[2012/08/28 13:54:33 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\Neuro-Programmer 3.lnk
[2012/08/28 13:26:23 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\CSE HTML Validator v11.0.lnk
[2012/08/27 09:18:56 | 013,379,712 | ---- | M] (AI Internet Solutions LLC) -- C:\Windows\SysWow64\csevalidator.dll
[2012/08/27 09:17:46 | 000,444,105 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120906-134947.backup
[2012/08/27 09:17:37 | 000,444,105 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120827-091746.backup
[2012/08/26 10:59:29 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/08/26 10:24:03 | 000,000,597 | ---- | M] () -- C:\Users\Evelyn\Desktop\Simfatic Forms.lnk
[2012/08/25 22:37:29 | 001,404,598 | ---- | M] () -- C:\Users\Evelyn\Desktop\mind_n.jpg
[2012/08/20 03:34:00 | 000,012,800 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/20 03:01:48 | 000,793,488 | ---- | M] () -- C:\Users\Evelyn\Desktop\timc.png
[2012/08/20 02:14:51 | 000,780,390 | ---- | M] () -- C:\Users\Evelyn\Desktop\tim.png
[2012/08/19 19:22:44 | 000,103,759 | ---- | M] () -- C:\Users\Evelyn\Documents\Untitled (3).wma
[2012/08/19 16:33:33 | 000,001,292 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/17 00:52:44 | 000,000,230 | ---- | M] () -- C:\Users\Evelyn\.tracker.prefs
[2012/08/15 21:19:39 | 005,127,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 21:44:58 | 000,000,533 | ---- | M] () -- C:\Users\Evelyn\Desktop\SitemapX.lnk
[2012/08/14 21:44:58 | 000,000,533 | ---- | M] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\SitemapX.lnk
[3 C:\Users\Evelyn\*.tmp files -> C:\Users\Evelyn\*.tmp -> ]
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/09 18:49:26 | 000,000,512 | ---- | C] () -- C:\Users\Evelyn\Desktop\MBR.dat
[2012/09/09 18:03:23 | 000,055,014 | ---- | C] () -- C:\Users\Evelyn\Desktop\layout.png
[2012/09/09 15:09:57 | 000,729,343 | ---- | C] () -- C:\Users\Evelyn\Desktop\therealme.png
[2012/09/09 15:06:25 | 000,192,678 | ---- | C] () -- C:\Users\Evelyn\Desktop\therealme.jpg
[2012/09/09 15:01:00 | 000,395,258 | ---- | C] () -- C:\Users\Evelyn\Desktop\IMG_20120909_145353.jpg
[2012/09/08 21:53:22 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012/09/08 21:13:09 | 000,000,128 | ---- | C] () -- C:\Users\Evelyn\defogger_reenable
[2012/09/06 22:01:24 | 000,000,631 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/06 18:17:59 | 000,033,400 | ---- | C] () -- C:\Users\Evelyn\Desktop\483379_500227226661359_441928740_n.jpg
[2012/09/06 17:59:00 | 000,025,595 | ---- | C] () -- C:\Users\Evelyn\Desktop\392093_339073156110101_1174951493_n.jpg
[2012/09/06 14:12:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/06 14:12:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/06 14:12:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/06 14:12:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/06 14:12:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/04 23:13:21 | 000,050,007 | ---- | C] () -- C:\Users\Evelyn\Desktop\402a3ccdcd5d98a_52797.gif
[2012/09/03 17:50:06 | 000,329,873 | ---- | C] () -- C:\Users\Evelyn\Desktop\NUVIGIL Savings Card.pdf
[2012/09/02 00:50:36 | 000,869,043 | ---- | C] () -- C:\Users\Evelyn\Desktop\learn.png
[2012/09/01 14:18:36 | 002,130,118 | ---- | C] () -- C:\Users\Evelyn\Desktop\UltraSimpleCompanion.pdf
[2012/08/30 20:58:51 | 000,442,407 | ---- | C] () -- C:\Users\Evelyn\Desktop\Asana Issues.pdf
[2012/08/30 20:00:34 | 000,010,819 | ---- | C] () -- C:\Users\Evelyn\Desktop\arrowhead.png
[2012/08/30 18:54:26 | 000,163,870 | ---- | C] () -- C:\Users\Evelyn\Desktop\shoes.png
[2012/08/30 17:56:13 | 000,101,121 | ---- | C] () -- C:\Users\Evelyn\Desktop\asanaOverview.png
[2012/08/30 17:43:08 | 053,553,664 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\AdobeSetupUtility.zip.aamdownload
[2012/08/30 17:43:08 | 000,000,809 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
[2012/08/30 14:57:26 | 000,000,720 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate Preview.lnk
[2012/08/30 14:56:17 | 000,001,530 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2012/08/30 01:52:28 | 000,272,981 | ---- | C] () -- C:\Users\Evelyn\Desktop\boot.png
[2012/08/29 00:57:18 | 005,076,793 | ---- | C] () -- C:\Users\Evelyn\Desktop\Neo_Geo_full_on.psd
[2012/08/28 22:54:12 | 000,053,958 | ---- | C] () -- C:\Users\Evelyn\Desktop\Evie2.png
[2012/08/28 17:23:32 | 000,082,183 | ---- | C] () -- C:\Users\Evelyn\Desktop\vfavi.png
[2012/08/28 13:55:45 | 000,000,548 | ---- | C] () -- C:\Users\Public\Desktop\Mind Stereo.lnk
[2012/08/28 13:54:33 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\Neuro-Programmer 3.lnk
[2012/08/28 13:26:23 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\CSE HTML Validator v11.0.lnk
[2012/08/26 10:24:03 | 000,000,597 | ---- | C] () -- C:\Users\Evelyn\Desktop\Simfatic Forms.lnk
[2012/08/25 22:37:26 | 001,404,598 | ---- | C] () -- C:\Users\Evelyn\Desktop\mind_n.jpg
[2012/08/20 03:01:37 | 000,793,488 | ---- | C] () -- C:\Users\Evelyn\Desktop\timc.png
[2012/08/20 02:14:21 | 000,780,390 | ---- | C] () -- C:\Users\Evelyn\Desktop\tim.png
[2012/08/19 19:22:44 | 000,103,759 | ---- | C] () -- C:\Users\Evelyn\Documents\Untitled (3).wma
[2012/08/17 00:52:44 | 000,000,230 | ---- | C] () -- C:\Users\Evelyn\.tracker.prefs
[2012/08/17 00:52:44 | 000,000,000 | ---- | C] () -- C:\Users\Evelyn\.tracker_starter.prefs
[2012/08/14 21:44:58 | 000,000,533 | ---- | C] () -- C:\Users\Evelyn\Desktop\SitemapX.lnk
[2012/08/14 21:44:58 | 000,000,533 | ---- | C] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\SitemapX.lnk
[2012/08/14 20:52:27 | 000,002,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerMapper 5 Evaluation.lnk
[2012/08/04 20:29:38 | 000,036,679 | ---- | C] () -- C:\Users\Evelyn\Untitled Brushes.abr
[2012/07/31 14:59:34 | 000,073,392 | ---- | C] () -- C:\Users\Evelyn\acorn-2.ait
[2012/07/24 21:17:48 | 000,000,000 | RHS- | C] () -- C:\Windows\FFSSET.BIN
[2012/07/19 17:12:37 | 000,000,761 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/07/19 17:12:37 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/07/19 17:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/07/19 17:07:59 | 000,003,302 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/04/26 03:52:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/26 03:52:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/05 17:27:20 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2012/03/21 02:23:52 | 000,000,132 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/02/03 13:54:08 | 000,007,582 | ---- | C] () -- C:\Windows\aiptbl.ini
[2012/01/25 15:38:26 | 000,004,495 | ---- | C] () -- C:\Users\Evelyn\.recently-used.xbel
[2012/01/21 19:40:32 | 000,000,377 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/16 19:37:49 | 000,004,151 | ---- | C] () -- C:\ProgramData\gbervxow.qog
[2011/11/13 22:28:52 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\XDirTree.dll
[2011/11/13 22:28:52 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\XFileLst.dll
[2011/11/13 19:55:26 | 000,000,495 | ---- | C] () -- C:\Windows\citation.ini
[2011/10/09 16:36:47 | 000,000,088 | -H-- | C] () -- C:\Users\Evelyn\AppData\Roaming\icon_1.bmp
[2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/02 02:55:28 | 000,000,132 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/09/02 01:47:36 | 000,001,456 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/01 19:06:45 | 000,000,132 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/08/23 03:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2011/08/16 16:00:36 | 000,000,132 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 22:03:48 | 000,134,126 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2011/06/23 10:31:35 | 000,211,424 | ---- | C] () -- C:\Windows\Screen Calipers Uninstaller.exe
[2011/06/06 18:27:24 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/05/31 19:36:01 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2011/05/28 01:48:26 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/28 01:48:26 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/26 08:43:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/25 18:07:06 | 000,224,256 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\SharedSettings.ccs
[2011/05/25 18:06:51 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\xpysys.dll
[2011/05/21 08:15:41 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/21 08:15:41 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/17 14:41:00 | 000,000,094 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\fusioncache.dat
[2011/05/16 13:15:15 | 000,001,568 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\com.living-e.timeEdition.plist
[2011/05/15 14:18:10 | 000,000,600 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\winscp.rnd
[2011/05/15 13:53:13 | 000,012,800 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 20:26:45 | 000,001,912 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/14 20:07:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/14 18:38:29 | 000,800,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:157E1AD3
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:70CE55D8
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:9ABD7EE6

< End of report >



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 10 September 2012 - 12:47 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: J:\VLC\npvlc.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51
    @Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:157E1AD3
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:70CE55D8
    @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:9ABD7EE6
    IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110141&babsrc=SP_ss&mntrId=2221c4bf0000000000001c659d51961c
    IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{BD1198CA-D832-4963-9290-A3B9E382BA0B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102868&src=kw&q={searchTerms}&locale=&apn_ptnrs=5I&apn_dtid=YYYYYYYYUS&apn_uid=cd30412a-fff7-45ee-b7a7-fa3d609eaa48&apn_sauid=6F95E2E0-920A-4FDB-BE6D-F137F053F926
    IE - HKU\S-1-5-21-3216082692-2938019425-415009823-1001\..\SearchScopes\{FEB30129-1532-4FF0-ADEC-1A895D2AD672}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=ffa1fc9523294877932bb360938a7e70
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=ffa1fc9523294877932bb360938a7e70&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=ffa1fc9523294877932bb360938a7e70&subid=&Keywords={searchTerms}"
    FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
    [2012/09/07 01:36:57 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
    [2012/09/07 01:36:57 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com
    [2012/03/10 21:00:56 | 000,009,650 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\csscoverage@spaghetticoder.org.xpi
    [1832/11/29 00:37:17 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\occudbzlvn@occudbzlvn.org.xpi
    [2012/02/06 21:56:40 | 000,426,790 | ---- | M] () (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\wavetoolbar@webaim.org.xpi
    [2011/08/11 17:11:07 | 000,002,572 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\searchplugins\askcom.xml
    [2012/02/23 16:22:27 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 September 2012 - 01:05 AM

The beast is still redirecting. I haven't tried to update Java again yet as your original instructions said to stick to your order. Here is the report generated after running your custom code.

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51 not found.
ADS C:\ProgramData\TEMP:157E1AD3 deleted successfully.
ADS C:\ProgramData\TEMP:70CE55D8 deleted successfully.
ADS C:\ProgramData\TEMP:9ABD7EE6 deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3216082692-2938019425-415009823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3216082692-2938019425-415009823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BD1198CA-D832-4963-9290-A3B9E382BA0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD1198CA-D832-4963-9290-A3B9E382BA0B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3216082692-2938019425-415009823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FEB30129-1532-4FF0-ADEC-1A895D2AD672}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEB30129-1532-4FF0-ADEC-1A895D2AD672}\ not found.
Prefs.js: "Yahoo-Mp3Tube" removed from browser.search..order.1
Prefs.js: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=ffa1fc9523294877932bb360938a7e70&subid=&keywords={searchTerms}" removed from browser.search..selectedEngineURL
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=ffa1fc9523294877932bb360938a7e70&subid=&Keywords={searchTerms}" removed from browser.search.selectedEngineURL
Prefs.js: plugin@yontoo.com:1.20.00 removed from extensions.enabledAddons
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\META-INF folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\skin folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\content\locale folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome\content folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737}\chrome folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\{a018b213-6b46-4791-9298-519020db5737} folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\csscoverage@spaghetticoder.org.xpi moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\occudbzlvn@occudbzlvn.org.xpi moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\extensions\wavetoolbar@webaim.org.xpi moved successfully.
C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\jw438yxa.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Evelyn\Desktop\cmd.bat deleted successfully.
C:\Users\Evelyn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Evelyn
->Java cache emptied: 97745065 bytes

User: Public

Total Java Files Cleaned = 93.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Evelyn
->Flash cache emptied: 20866072 bytes

User: Public

Total Flash Files Cleaned = 20.00 mb


OTL by OldTimer - Version 3.2.61.3 log created on 09102012_015921


Edited by elbarney, 10 September 2012 - 01:06 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 10 September 2012 - 01:18 AM

which browsers are doing the redirecting



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 elbarney

elbarney
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 September 2012 - 02:10 AM

Chrome is my default browser, but I am an information designer and so often need to check layouts in others. Chrome is where the problem has been. Opera, Safari, IE and Firefox all seem okay (all latest updates) HOWEVER, when i opened IE (something i haven't done for a few days) I got a message saying that something had corrupted a DLL - and that Bing was no longer my default search (honestly i don't know what I had set as the IE default, I never used it to search) and gave me the option to deny permission for programs to suggest other search engines. (That may or may not be related, it seemed worth mentioning.) One other strange thing is that whenver I oppen Chrome now, I get two tabs, where I had only gotten one before, They both go to Google / ig (personalized start page) which has been my homepage for over a year.

I disabled desktop gadgets a few weeks ago (With an MS program that keeps them shut off) as I'd gotten word there was a vulnerability issue with them. Unfortunately, I found out about the Java vulnerability a day too late. I haven't tried to update Java since we started this process, but as I said I was unable to, even manually, before.

Thank you again, I sure hope we can find this sucker!

Edited by elbarney, 10 September 2012 - 02:15 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 10 September 2012 - 07:37 AM

Hello elbarney

based on the information you just gave me i want you to uninstall chrome and if it asks about user data or settings then remove that also

restart the computer and reinstall chrome and check it for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users