Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI ransom infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 DanieD

DanieD

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 13 December 2012 - 11:59 PM

My computer (windows 7) has been infected with the new version of the FBI moneypack ransom virus. When I boot up the computer it goes straight into the ransom screen, I don't even make it into the desktop before it takes over. My wife attempted to close a pop-up that seemed to be a request from Google Chrome dealing with a Javascript issue concerning the site she was visiting. The only software changes that have been made recently was downloading the newest version of the Malwarebytes database/definitions which probably would have been updated yesterday afternoon.

I have already started the computer in safemode and run the Malwarebytes and removed any malware, viruses, or suspicious files that it may have detected. Once that was finished I restarted the computer and it again booted directly into the FBI moneypack virus screen.

After this failed I am sort of at a stand still and am typing this from Safemode with Networking.

Following is the log from Malwarebytes ran a second time while typing this:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.13.11

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Erin :: ERIN-PC [administrator]

12/13/2012 11:03:36 PM
mbam-log-2012-12-13 (23-03-36).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 414698
Time elapsed: 48 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yvniwoby (IPH.Trojan.Zbot.Rke) -> Data: C:\Users\Erin\AppData\Roaming\Tesy\mausy.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SonyAgent (Malware.Packer.gen) -> Data: C:\Windows\Temp\temp26.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Erin\LOCALS~1\Temp\msfuxo.cmd -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Erin\LOCALS~1\Temp\msfuxo.cmd -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 21
C:\Users\Erin\AppData\Roaming\Tesy\mausy.exe (IPH.Trojan.Zbot.Rke) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp26.exe (Malware.Packer.gen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\n (Trojan.0Access) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\ProgramData\ms00016A65.dat (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\ProgramData\ms02C8B50A.dat (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\0000e8d7.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\00010118.exe (Malware.Packer.gen) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\02c87d38.exe (Malware.Packer.gen) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\02c8cdf6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\9E42.tmp (Malware.Packer.gen) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\C746.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\tmp19d950c9\sev1.exe (Malware.Packer.gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp05.exe (Malware.Packer.gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp15.exe (Malware.Packer.gen) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Local\Temp\msfuxo.cmd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
C:\Users\Erin\Local Settings\Application Data\Temp\00010118.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.

(end)

Following is the DDS log I ran before typing this post:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16457
Run by Erin at 23:53:55 on 2012-12-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6596 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\$Recycle.Bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DAP\DAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uWindows: Load = C:\Users\Erin\LOCALS~1\Temp\msfuxo.cmd
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Grabber.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll
uRun: [Google Update] "C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Erin\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spotify] "C:\Users\Erin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Erin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [svhst] C:\Users\Erin\appdata\local\temp\02c8cdf6.exe
uRun: [WinRAR SFX] C:\Users\Erin\AppData\Roaming\8AE896\8AE896.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Erin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{32FE4BC2-2B89-483D-89E8-C91A75380E68} : DHCPNameServer = 192.168.1.199 209.18.47.61 209.18.47.62
TCP: Interfaces\{618A7F62-9548-48EB-BB5E-AE72F515F146} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{618A7F62-9548-48EB-BB5E-AE72F515F146}\44541402355727675696C616E63656026516E602320293 : DHCPNameServer = 192.168.1.199 209.18.47.61 209.18.47.62
TCP: Interfaces\{618A7F62-9548-48EB-BB5E-AE72F515F146}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D058B123-67CB-4C9F-8A71-1229383D6A01} : DHCPNameServer = 192.168.1.199 75.75.75.75 75.75.76.76
TCP: Interfaces\{FB26A97F-AC2D-4A2E-A876-A4E98F23856A} : DHCPNameServer = 192.168.1.199 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1301000.01C\SymDS64.sys [2012-8-15 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1301000.01C\SymEFA64.sys [2012-8-15 1084536]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-8-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys [2012-8-15 167048]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSviA64.sys [2012-9-14 513184]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.sys [2012-8-15 189560]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1301000.01C\symnets.sys [2012-8-15 401016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-21 399432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-21 676936]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2012-8-15 138760]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-8-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-8-7 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-8-7 79360]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;C:\Windows\System32\drivers\Envy24HF.sys [2007-3-15 150016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-16 138912]
S3 ksaud;Creative USB Audio Driver;C:\Windows\System32\drivers\ksaud.sys [2012-8-7 1587968]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-21 25928]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-11 1255736]
.
=============== Created Last 30 ================
.
2012-12-14 03:59:14 -------- d-----w- C:\Users\Erin\AppData\Roaming\Utgo
2012-12-14 03:59:14 -------- d-----w- C:\Users\Erin\AppData\Roaming\Tesy
2012-12-14 03:59:14 -------- d-----w- C:\Users\Erin\AppData\Roaming\Hyzak
2012-12-14 03:59:00 -------- d-----w- C:\Users\Erin\AppData\Local\{A85B374B-D22D-4216-9C0E-CAE9B998F1B7}
2012-12-13 21:19:16 -------- d-----w- C:\Users\Erin\AppData\Roaming\Yrsaan
2012-12-13 21:19:16 -------- d-----w- C:\Users\Erin\AppData\Roaming\Nefem
2012-12-13 21:19:16 -------- d-----w- C:\Users\Erin\AppData\Roaming\Kegab
2012-12-13 09:45:02 -------- d-----w- C:\Users\Erin\AppData\Local\{C5C80F5B-F7A4-41EA-BFD6-054BE1939B13}
2012-12-13 03:40:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-13 03:40:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-13 03:40:02 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-09 22:42:04 -------- d-----w- C:\Users\Erin\AppData\Local\Spotify
2012-12-09 22:41:12 -------- d-----w- C:\Users\Erin\AppData\Roaming\Spotify
2012-12-09 21:43:34 -------- d-----w- C:\Users\Erin\AppData\Local\{E6D2AAD7-BF12-426B-B144-442014510D43}
2012-12-09 09:43:10 -------- d-----w- C:\Users\Erin\AppData\Local\{94447619-F6D2-4A7E-9ADC-DC3AF3028426}
2012-12-08 19:59:40 -------- d-----w- C:\Users\Erin\AppData\Local\{5CF964E1-28F8-4AB8-A35A-D860DAEED311}
2012-12-08 07:59:17 -------- d-----w- C:\Users\Erin\AppData\Local\{E05D54EE-79AB-4BC7-85D0-3EA2FDFBF7B0}
2012-12-07 19:58:53 -------- d-----w- C:\Users\Erin\AppData\Local\{D8696EB6-2918-4BAF-95F3-09C64876A098}
2012-12-07 04:14:17 -------- d-----w- C:\Users\Erin\AppData\Local\{2205318D-19D4-4F5A-BE2D-A53D1A733128}
2012-12-07 03:18:26 -------- d-----w- C:\Users\Erin\AppData\Local\{AC674B72-4BDC-450D-A02D-B46F1381EDAD}
2012-12-06 20:32:29 -------- d-----w- C:\Users\Erin\AppData\Roaming\Ms_dir_
2012-12-06 20:32:09 -------- d-----w- C:\Users\Erin\AppData\Roaming\Magio
2012-12-06 20:32:09 -------- d-----w- C:\Users\Erin\AppData\Roaming\Kais
2012-12-06 20:32:09 -------- d-----w- C:\Users\Erin\AppData\Roaming\Guazm
2012-12-05 14:22:17 -------- d-----w- C:\Users\Erin\AppData\Local\{107FBD1B-B62C-404C-928B-7E4FC7CFE1A4}
2012-12-04 21:30:05 -------- d-----w- C:\Users\Erin\AppData\Local\{ACA70833-BA5C-4900-BEB4-49B35410FD19}
2012-12-04 09:45:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1893513B-4495-4F92-AEBD-C2B24B6E9D1E}\mpengine.dll
2012-12-04 09:29:54 -------- d-----w- C:\Users\Erin\AppData\Local\{DDF13B1B-A1FE-48BD-8BD2-140D24164FB4}
2012-12-03 21:29:44 -------- d-----w- C:\Users\Erin\AppData\Local\{378479A4-0D4C-4EAD-9B74-9B61E6C481BD}
2012-12-03 09:29:33 -------- d-----w- C:\Users\Erin\AppData\Local\{344698E3-6723-4AFF-ADCE-83E13204E473}
2012-12-02 21:29:22 -------- d-----w- C:\Users\Erin\AppData\Local\{05112253-35F1-4F84-9AF8-AA58A130B481}
2012-12-02 09:29:11 -------- d-----w- C:\Users\Erin\AppData\Local\{39B23EEE-631D-41D2-A2EF-AC6DDEECFE97}
2012-12-01 21:28:22 -------- d-----w- C:\Users\Erin\AppData\Local\{D6EF64B2-DC03-417E-A2D1-0C8D7B90A0A3}
2012-12-01 09:27:50 -------- d-----w- C:\Users\Erin\AppData\Local\{F7B58E94-F544-4A8F-8435-20A21031A7F2}
2012-11-30 21:27:27 -------- d-----w- C:\Users\Erin\AppData\Local\{570F4415-8AC7-4207-B518-F097194ACCA6}
2012-11-30 09:27:04 -------- d-----w- C:\Users\Erin\AppData\Local\{208C9311-EBCF-4B5B-AC7E-987F21E46D1A}
2012-11-29 21:26:13 -------- d-----w- C:\Users\Erin\AppData\Local\{AF31D773-C10B-492F-9CFA-1971E81F7347}
2012-11-29 03:08:00 -------- d-----w- C:\Users\Erin\AppData\Local\{452EC015-1B7C-4259-9756-808D222488EC}
2012-11-28 15:07:37 -------- d-----w- C:\Users\Erin\AppData\Local\{1DD9005E-7B72-48CC-B882-762092A312B3}
2012-11-28 03:07:13 -------- d-----w- C:\Users\Erin\AppData\Local\{A4622F9E-E815-41AC-A7F6-594F7D02EF26}
2012-11-27 15:07:03 -------- d-----w- C:\Users\Erin\AppData\Local\{552109F3-EA9E-49B4-A458-FFD4E0C11D05}
2012-11-27 03:06:52 -------- d-----w- C:\Users\Erin\AppData\Local\{EEBEEEA3-E8F1-4072-BFA0-38009AB47E57}
2012-11-26 15:06:32 -------- d-----w- C:\Users\Erin\AppData\Local\{A607FE4C-D73F-4AEB-9F84-071223179E07}
2012-11-26 03:06:21 -------- d-----w- C:\Users\Erin\AppData\Local\{E9E38CE4-38F8-46F2-A6BE-3F9A9548D8A8}
2012-11-23 21:17:17 -------- d-----w- C:\Users\Erin\AppData\Local\{06DCD527-2EFD-4043-9284-22836ECD4160}
2012-11-23 09:17:06 -------- d-----w- C:\Users\Erin\AppData\Local\{A27FA513-65E1-4737-8710-E081B42F1309}
2012-11-22 21:16:55 -------- d-----w- C:\Users\Erin\AppData\Local\{BC080019-EF08-486F-9AC2-EC841BC49564}
2012-11-22 09:16:45 -------- d-----w- C:\Users\Erin\AppData\Local\{88556D97-23FA-42A6-9AB1-866DCC65D218}
2012-11-22 01:55:47 -------- d-----w- C:\Users\Erin\AppData\Roaming\Malwarebytes
2012-11-22 01:55:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-22 01:55:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-22 01:55:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-21 21:16:34 -------- d-----w- C:\Users\Erin\AppData\Local\{5D1061CF-8DBE-4ABD-920F-20528658A1AF}
2012-11-21 09:16:23 -------- d-----w- C:\Users\Erin\AppData\Local\{4A1811BD-CED4-4AB2-80FA-B49615B9228E}
2012-11-21 03:54:10 -------- d-----w- C:\Users\Erin\AppData\Roaming\Electronic Arts
2012-11-21 03:51:55 -------- d-----w- C:\Users\Erin\AppData\Local\Unity
2012-11-20 21:16:00 -------- d-----w- C:\Users\Erin\AppData\Local\{5E621D39-A9FF-4AD1-8C6C-7CCC81B74005}
2012-11-20 08:29:59 -------- d-----w- C:\Users\Erin\AppData\Local\{2F441328-E4F3-4F5E-ABB6-97D7241C75EB}
2012-11-19 20:29:36 -------- d-----w- C:\Users\Erin\AppData\Local\{86F1B4B7-AEF3-45AF-B264-273EBAE51A36}
2012-11-19 08:42:56 -------- d-----w- C:\Users\Erin\The Walking Dead-Season 3, Episode 6 Hounded HDTV x264-LOL
2012-11-19 08:36:40 -------- d-----w- C:\Users\Erin\The Walking Dead-Season 3, Episode 5 Say the Word HDTV XviD-ASAP
2012-11-19 08:36:30 -------- d-----w- C:\Users\Erin\The Walking Dead - Season 3, Episode 4 Killer Within.HDTV.XviD-AFG
2012-11-19 08:33:59 -------- d-----w- C:\Users\Erin\The Walking Dead-Season 3, Episode 3 Walk with Me HDTV x264-LOL
2012-11-19 08:32:38 -------- d-----w- C:\Users\Erin\The Walking Dead - Season 3, Episode 2 Sick.HDTV.XviD.ASAP
2012-11-19 08:31:11 -------- d-----w- C:\Users\Erin\The Walking Dead-Season 3, Episode 1 Seed HDTV XviD-EVOLVE
2012-11-18 08:02:31 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-11-17 08:28:41 -------- d-----w- C:\Users\Erin\AppData\Local\{F729E1A2-0347-4E12-AE26-DD63EBA242D1}
2012-11-17 08:06:23 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 08:06:22 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 08:06:22 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 08:06:22 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 08:00:50 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 08:00:49 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 08:00:49 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 08:00:49 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-17 08:00:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-17 08:00:48 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 08:00:48 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 07:33:56 -------- d-----w- C:\Users\Erin\AppData\Local\{AC000494-69B2-4748-8F9C-53406FB91412}
2012-11-17 06:31:26 -------- d-----w- C:\Users\Erin\Revenge S02E01 HDTV x264 + Subtitles [GlowGaze]
2012-11-17 06:29:57 -------- d-----w- C:\Users\Erin\Revenge S02E02 HDTV x264 + Subtitles [GlowGaze]
2012-11-17 06:23:50 -------- d-----w- C:\Users\Erin\Revenge-Season 2, Episode 2 Resurrection HDTV XviD.x264-mSD
2012-11-17 06:20:17 -------- d-----w- C:\Users\Erin\Revenge-Season 2, Episode 2 Resurrection HDTV x264-ELiTE
2012-11-17 06:16:24 -------- d-----w- C:\Users\Erin\Revenge-Season 2, Episode 1 Destiny HDTV XviD-ELiTE
2012-11-16 19:33:45 -------- d-----w- C:\Users\Erin\AppData\Local\{F61E8065-8ADA-4B3C-B7FA-E11F0E9EBD2A}
2012-11-16 07:33:33 -------- d-----w- C:\Users\Erin\AppData\Local\{944B8115-E986-44C2-A806-B010813E7F39}
2012-11-15 19:33:21 -------- d-----w- C:\Users\Erin\AppData\Local\{7C6E85E3-DE76-496A-8452-D8C4B62F5A8E}
2012-11-15 07:33:10 -------- d-----w- C:\Users\Erin\AppData\Local\{1B1B210D-19E1-494E-AA7B-298A722B46A5}
2012-11-14 19:32:59 -------- d-----w- C:\Users\Erin\AppData\Local\{1E842736-8E8C-483A-B0FC-C7DB6F0C1EEE}
2012-11-14 07:32:47 -------- d-----w- C:\Users\Erin\AppData\Local\{C4CE5A48-95B8-42A9-BCE7-D0C823CCE75C}
.
==================== Find3M ====================
.
2012-12-12 00:21:19 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 00:21:19 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-03-29 20:57:38 1040814080 ---ha-w- C:\Program Files (x86)\Flyff_US_V18_20120109.exe.gpotato
.
============= FINISH: 23:54:14.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 14 December 2012 - 05:57 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DanieD

DanieD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 14 December 2012 - 10:07 PM

Thank you Gringo for your quick response and any help you may provide me. After running the programs you told me to run I am still unable to bypass the FBI ransom screens upon boot up and can only run the computer in safe mode. This is again being posted from safemode with networking. Here are the logs of the three programs you asked me to run in the order you asked me to run them. Please note that roguekiller created two log files, one after running and a second after rebooting, I have posted them both.

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 22
Java version out of Date!
Adobe Reader 10.1.2 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````






# AdwCleaner v2.100 - Logfile created 12/14/2012 at 21:32:06
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Erin - ERIN-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Erin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\Users\Erin\AppData\Local\Conduit
Folder Deleted : C:\Users\Erin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Erin\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Erin\AppData\LocalLow\uTorrentControl2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24580D20-88E4-4939-8595-2E3B8AE56BED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B88C6A95-6A92-49C3-BA0A-B14AB63A4448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9365 octets] - [14/12/2012 21:32:06]

########## EOF - C:\AdwCleaner[S1].txt - [9425 octets] ##########








RogueKiller V8.4.0 [Dec 14 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Erin [Admin rights]
Mode : Scan -- Date : 12/14/2012 21:58:35

Bad processes : 0

Registry Entries : 18
[RUN][SUSP PATH] HKCU\[...]\Run : Spotify ("C:\Users\Erin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : svhst (C:\Users\Erin\appdata\local\temp\02c8cdf6.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : WinRAR SFX (C:\Users\Erin\AppData\Roaming\8AE896\8AE896.exe) -> FOUND
[RUN][Rans.Gendarm] HKCU\[...]\Run : SonyAgent (C:\Windows\Temp\temp60.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-567866095-3943894801-3220069744-1000[...]\Run : Spotify ("C:\Users\Erin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-567866095-3943894801-3220069744-1000[...]\Run : svhst (C:\Users\Erin\appdata\local\temp\02c8cdf6.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-567866095-3943894801-3220069744-1000[...]\Run : WinRAR SFX (C:\Users\Erin\AppData\Roaming\8AE896\8AE896.exe) -> FOUND
[RUN][Rans.Gendarm] HKUS\S-1-5-21-567866095-3943894801-3220069744-1000[...]\Run : SonyAgent (C:\Windows\Temp\temp60.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Erin\LOCALS~1\Temp\msfuxo.cmd) -> FOUND
[SHELL][SUSP PATH] HKUS\S-1-5-21-567866095-3943894801-3220069744-1000[...]\Windows : Load (C:\Users\Erin\LOCALS~1\Temp\msfuxo.cmd) -> FOUND
[STARTUP][SUSP PATH] runctf.lnk @Erin : C:\Windows\System32\rundll32.exe|C:\Users\Erin\AppData\Local\Temp\E9D1.tmp,H1N1 -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\n.) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\L --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess|Rans.Gendarm

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST350032 0AS SCSI Disk Device +++++
--- User ---
[MBR] fdfa460127c6d1badfc44e7fd27ece51
[BSP] fc5406fb2074e7672e85ba8cbfdf9614 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12142012_02d2158.txt >>
RKreport[1]_S_12142012_02d2158.txt







RogueKiller V8.4.0 [Dec 14 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Erin [Admin rights]
Mode : Remove -- Date : 12/14/2012 21:59:48

Bad processes : 0

Registry Entries : 12
[RUN][SUSP PATH] HKCU\[...]\Run : Spotify ("C:\Users\Erin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : svhst (C:\Users\Erin\appdata\local\temp\02c8cdf6.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : WinRAR SFX (C:\Users\Erin\AppData\Roaming\8AE896\8AE896.exe) -> DELETED
[RUN][Rans.Gendarm] HKCU\[...]\Run : SonyAgent (C:\Windows\Temp\temp60.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : UpdReg (C:\Windows\Updreg.EXE) -> DELETED
[SHELL][SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Erin\LOCALS~1\Temp\msfuxo.cmd) -> DELETED
[STARTUP][SUSP PATH] runctf.lnk @Erin : C:\Windows\System32\rundll32.exe|C:\Users\Erin\AppData\Local\Temp\E9D1.tmp,H1N1 -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

Particular Files / Folders:
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\@ --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\U --> REMOVED
[Del.Parent][FILE] 00000001.@ : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U\00000001.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 800000cb.@ : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U\800000cb.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4fa74537c68db28c93f00af2c7c2777e\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-567866095-3943894801-3220069744-1000\$4fa74537c68db28c93f00af2c7c2777e\L --> REMOVED

Driver : [NOT LOADED]

Infection : ZeroAccess|Rans.Gendarm

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: ST350032 0AS SCSI Disk Device +++++
--- User ---
[MBR] fdfa460127c6d1badfc44e7fd27ece51
[BSP] fc5406fb2074e7672e85ba8cbfdf9614 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12142012_02d2159.txt >>
RKreport[1]_S_12142012_02d2158.txt ; RKreport[2]_D_12142012_02d2159.txt




If there is anything else you need me to do or information you need me to give you please don't hesitate to ask me. Again I appreciate the help you are providing.

Thank you
Dani

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 14 December 2012 - 10:33 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DanieD

DanieD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 December 2012 - 12:05 AM

As you told me to I ran combofix with no errors. I allowed the computer to reboot normally and was able to get into a normal windows session. The first attempt after the reboot I got the errors you warned me about after running combofix, so I restarted as you suggested and things seem to be running smoothly with no traces of the virus/rootkit/malware whatever it may have been. Thank you very much for your help. Below is the combofix log as requested. I will continue to watch this post until you tell me otherwise. Thank you again Gringo!



ComboFix 12-12-14.01 - Erin 12/14/2012 23:32:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6886 [GMT -5:00]
Running from: c:\users\Erin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\programdata\1D9E.pad
c:\programdata\863BA760sm.pad
c:\programdata\A05B8C20sm.pad
c:\users\Erin\AppData\Roaming\8AE896
c:\users\Erin\AppData\Roaming\8AE896\8AE896.exe
c:\users\Erin\AppData\Roaming\E9B8E49A.reg
c:\users\Erin\AppData\Roaming\Ms_dir_
c:\windows\SysWow64\tmp1E6.tmp
c:\windows\SysWow64\tmp8E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-14 03:59 . 2012-12-14 04:52 -------- d-----w- c:\users\Erin\AppData\Roaming\Tesy
2012-12-14 03:59 . 2012-12-14 03:59 -------- d-----w- c:\users\Erin\AppData\Roaming\Hyzak
2012-12-14 03:59 . 2012-12-14 03:59 -------- d-----w- c:\users\Erin\AppData\Roaming\Utgo
2012-12-13 21:19 . 2012-12-14 03:57 -------- d-----w- c:\users\Erin\AppData\Roaming\Kegab
2012-12-13 21:19 . 2012-12-13 21:19 -------- d-----w- c:\users\Erin\AppData\Roaming\Yrsaan
2012-12-13 21:19 . 2012-12-13 21:19 -------- d-----w- c:\users\Erin\AppData\Roaming\Nefem
2012-12-13 03:40 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 03:40 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 03:40 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-09 22:42 . 2012-12-09 23:05 -------- d-----w- c:\users\Erin\AppData\Local\Spotify
2012-12-09 22:41 . 2012-12-14 07:31 -------- d-----w- c:\users\Erin\AppData\Roaming\Spotify
2012-12-06 20:32 . 2012-12-07 04:12 -------- d-----w- c:\users\Erin\AppData\Roaming\Magio
2012-12-06 20:32 . 2012-12-07 03:18 -------- d-----w- c:\users\Erin\AppData\Roaming\Kais
2012-12-06 20:32 . 2012-12-06 20:32 -------- d-----w- c:\users\Erin\AppData\Roaming\Guazm
2012-12-04 09:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1893513B-4495-4F92-AEBD-C2B24B6E9D1E}\mpengine.dll
2012-11-30 20:07 . 2012-12-13 08:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-22 01:55 . 2012-11-22 01:55 -------- d-----w- c:\users\Erin\AppData\Roaming\Malwarebytes
2012-11-22 01:55 . 2012-11-22 01:55 -------- d-----w- c:\programdata\Malwarebytes
2012-11-22 01:55 . 2012-11-22 01:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-22 01:55 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-21 03:54 . 2012-11-21 03:54 -------- d-----w- c:\users\Erin\AppData\Roaming\Electronic Arts
2012-11-21 03:51 . 2012-11-30 20:11 -------- d-----w- c:\users\Erin\AppData\Local\Unity
2012-11-19 08:42 . 2012-11-19 08:42 -------- d-----w- c:\users\Erin\The Walking Dead-Season 3, Episode 6 Hounded HDTV x264-LOL
2012-11-19 08:36 . 2012-11-19 08:36 -------- d-----w- c:\users\Erin\The Walking Dead-Season 3, Episode 5 Say the Word HDTV XviD-ASAP
2012-11-19 08:36 . 2012-11-19 08:56 -------- d-----w- c:\users\Erin\The Walking Dead - Season 3, Episode 4 Killer Within.HDTV.XviD-AFG
2012-11-19 08:33 . 2012-11-19 08:33 -------- d-----w- c:\users\Erin\The Walking Dead-Season 3, Episode 3 Walk with Me HDTV x264-LOL
2012-11-19 08:32 . 2012-11-19 08:46 -------- d-----w- c:\users\Erin\The Walking Dead - Season 3, Episode 2 Sick.HDTV.XviD.ASAP
2012-11-19 08:31 . 2012-11-19 08:31 -------- d-----w- c:\users\Erin\The Walking Dead-Season 3, Episode 1 Seed HDTV XviD-EVOLVE
2012-11-18 08:02 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-17 08:06 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-17 08:06 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 08:06 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 08:06 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 06:31 . 2012-11-17 06:31 -------- d-----w- c:\users\Erin\Revenge S02E01 HDTV x264 + Subtitles [GlowGaze]
2012-11-17 06:29 . 2012-11-17 06:30 -------- d-----w- c:\users\Erin\Revenge S02E02 HDTV x264 + Subtitles [GlowGaze]
2012-11-17 06:23 . 2012-11-17 06:23 -------- d-----w- c:\users\Erin\Revenge-Season 2, Episode 2 Resurrection HDTV XviD.x264-mSD
2012-11-17 06:20 . 2012-11-17 06:20 -------- d-----w- c:\users\Erin\Revenge-Season 2, Episode 2 Resurrection HDTV x264-ELiTE
2012-11-17 06:16 . 2012-11-17 06:16 -------- d-----w- c:\users\Erin\Revenge-Season 2, Episode 1 Destiny HDTV XviD-ELiTE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 00:21 . 2012-04-07 01:12 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 00:21 . 2012-02-11 02:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 01:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 01:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 01:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2012-02-11 02:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2009-07-13 21:59 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2012-02-11 02:23 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2009-06-10 20:37 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-04 16:40 . 2012-12-13 03:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 19:51 . 2012-02-11 02:23 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-02-11 02:23 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-02-11 02:23 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-02-11 02:23 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-02-11 02:23 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-03-29 20:57 . 2012-03-29 20:53 1040814080 ---ha-w- c:\program files (x86)\Flyff_US_V18_20120109.exe.gpotato
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
2011-10-27 22:21 502424 ----a-w- c:\program files (x86)\SearchPredict\SearchPredict.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2012-02-11 15:46 2660016 ----a-w- c:\program files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-02-11 2980016]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-03 896912]
"Spotify Web Helper"="c:\users\Erin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-09 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
.
c:\users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-08-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-08 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-08-08 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-11 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-28 1084536]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-25 189560]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-25 401016]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys [2007-03-15 150016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-17 138912]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-08-11 1587968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 00:21]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-567866095-3943894801-3220069744-1000Core.job
- c:\users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 03:03]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-567866095-3943894801-3220069744-1000UA.job
- c:\users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-08-03 116224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Erin\AppData\Local\Akamai\netsession_win.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-12-14 23:44:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-15 04:44
.
Pre-Run: 269,461,094,400 bytes free
Post-Run: 271,546,863,616 bytes free
.
- - End Of File - - 6174B5F43C9209282A74772D70A8886C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 15 December 2012 - 12:40 AM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 21 December 2012 - 12:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 DanieD

DanieD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 22 December 2012 - 03:37 PM

Here is the TDSSKiller log:

15:02:02.0088 3132 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:02:02.0612 3132 ============================================================
15:02:02.0612 3132 Current date / time: 2012/12/21 15:02:02.0612
15:02:02.0612 3132 SystemInfo:
15:02:02.0612 3132
15:02:02.0612 3132 OS Version: 6.1.7601 ServicePack: 1.0
15:02:02.0612 3132 Product type: Workstation
15:02:02.0612 3132 ComputerName: ERIN-PC
15:02:02.0613 3132 UserName: Erin
15:02:02.0613 3132 Windows directory: C:\Windows
15:02:02.0613 3132 System windows directory: C:\Windows
15:02:02.0613 3132 Running under WOW64
15:02:02.0613 3132 Processor architecture: Intel x64
15:02:02.0613 3132 Number of processors: 4
15:02:02.0613 3132 Page size: 0x1000
15:02:02.0613 3132 Boot type: Normal boot
15:02:02.0613 3132 ============================================================
15:02:10.0940 3132 BG loaded
15:02:11.0299 3132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:11.0307 3132 ============================================================
15:02:11.0307 3132 \Device\Harddisk0\DR0:
15:02:11.0307 3132 MBR partitions:
15:02:11.0307 3132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
15:02:11.0307 3132 ============================================================
15:02:11.0323 3132 C: <-> \Device\Harddisk0\DR0\Partition1
15:02:11.0323 3132 ============================================================
15:02:11.0323 3132 Initialize success
15:02:11.0323 3132 ============================================================
15:02:23.0121 3172 ============================================================
15:02:23.0122 3172 Scan started
15:02:23.0122 3172 Mode: Manual;
15:02:23.0122 3172 ============================================================
15:02:31.0011 3172 ================ Scan system memory ========================
15:02:31.0012 3172 System memory - ok
15:02:31.0012 3172 ================ Scan services =============================
15:02:31.0787 3172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:02:31.0788 3172 1394ohci - ok
15:02:31.0830 3172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:02:31.0837 3172 ACPI - ok
15:02:31.0850 3172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:02:31.0852 3172 AcpiPmi - ok
15:02:31.0955 3172 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:02:31.0956 3172 AdobeARMservice - ok
15:02:32.0282 3172 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:32.0284 3172 AdobeFlashPlayerUpdateSvc - ok
15:02:32.0318 3172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:02:32.0333 3172 adp94xx - ok
15:02:32.0375 3172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:02:32.0382 3172 adpahci - ok
15:02:32.0406 3172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:02:32.0410 3172 adpu320 - ok
15:02:32.0459 3172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:02:32.0460 3172 AeLookupSvc - ok
15:02:32.0484 3172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:02:32.0488 3172 AFD - ok
15:02:32.0517 3172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:02:32.0527 3172 agp440 - ok
15:02:32.0546 3172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:02:32.0550 3172 ALG - ok
15:02:32.0563 3172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:02:32.0565 3172 aliide - ok
15:02:32.0589 3172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:02:32.0591 3172 amdide - ok
15:02:32.0610 3172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:02:32.0613 3172 AmdK8 - ok
15:02:32.0624 3172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:02:32.0627 3172 AmdPPM - ok
15:02:32.0648 3172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:02:32.0651 3172 amdsata - ok
15:02:32.0682 3172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:02:32.0687 3172 amdsbs - ok
15:02:32.0693 3172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:02:32.0695 3172 amdxata - ok
15:02:32.0718 3172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:02:32.0720 3172 AppID - ok
15:02:32.0757 3172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:02:32.0759 3172 AppIDSvc - ok
15:02:32.0782 3172 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:02:32.0783 3172 Appinfo - ok
15:02:32.0870 3172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:02:32.0875 3172 arc - ok
15:02:32.0918 3172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:02:32.0931 3172 arcsas - ok
15:02:32.0974 3172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:02:32.0980 3172 AsyncMac - ok
15:02:33.0014 3172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:02:33.0024 3172 atapi - ok
15:02:33.0184 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:02:33.0189 3172 AudioEndpointBuilder - ok
15:02:33.0288 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:02:33.0293 3172 AudioSrv - ok
15:02:33.0352 3172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:02:33.0356 3172 AxInstSV - ok
15:02:33.0399 3172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:02:33.0419 3172 b06bdrv - ok
15:02:33.0520 3172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:02:33.0536 3172 b57nd60a - ok
15:02:33.0565 3172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:02:33.0568 3172 BDESVC - ok
15:02:33.0598 3172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:02:33.0599 3172 Beep - ok
15:02:33.0656 3172 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:02:33.0661 3172 BFE - ok
15:02:34.0095 3172 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx64.sys
15:02:34.0102 3172 BHDrvx64 - ok
15:02:34.0202 3172 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:02:34.0208 3172 BITS - ok
15:02:34.0222 3172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:02:34.0223 3172 blbdrive - ok
15:02:34.0240 3172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:02:34.0240 3172 bowser - ok
15:02:34.0263 3172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:02:34.0269 3172 BrFiltLo - ok
15:02:34.0302 3172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:02:34.0308 3172 BrFiltUp - ok
15:02:34.0411 3172 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:02:34.0416 3172 BridgeMP - ok
15:02:34.0469 3172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:02:34.0470 3172 Browser - ok
15:02:34.0487 3172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:02:34.0495 3172 Brserid - ok
15:02:34.0528 3172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:02:34.0534 3172 BrSerWdm - ok
15:02:34.0556 3172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:02:34.0563 3172 BrUsbMdm - ok
15:02:34.0592 3172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:02:34.0600 3172 BrUsbSer - ok
15:02:34.0633 3172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:02:34.0638 3172 BTHMODEM - ok
15:02:34.0682 3172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:02:34.0685 3172 bthserv - ok
15:02:34.0694 3172 catchme - ok
15:02:34.0772 3172 [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
15:02:34.0774 3172 ccSet_NIS - ok
15:02:34.0790 3172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:02:34.0794 3172 cdfs - ok
15:02:34.0828 3172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:02:34.0829 3172 cdrom - ok
15:02:34.0863 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:02:34.0881 3172 CertPropSvc - ok
15:02:34.0913 3172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:02:34.0921 3172 circlass - ok
15:02:35.0018 3172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:02:35.0025 3172 CLFS - ok
15:02:35.0213 3172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:35.0248 3172 clr_optimization_v2.0.50727_32 - ok
15:02:35.0367 3172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:02:35.0414 3172 clr_optimization_v2.0.50727_64 - ok
15:02:36.0461 3172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:02:36.0543 3172 clr_optimization_v4.0.30319_32 - ok
15:02:36.0626 3172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:02:36.0631 3172 clr_optimization_v4.0.30319_64 - ok
15:02:36.0729 3172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:02:36.0732 3172 CmBatt - ok
15:02:36.0740 3172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:02:36.0743 3172 cmdide - ok
15:02:36.0789 3172 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:02:36.0811 3172 CNG - ok
15:02:36.0864 3172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:02:36.0873 3172 Compbatt - ok
15:02:36.0893 3172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:02:36.0893 3172 CompositeBus - ok
15:02:36.0910 3172 COMSysApp - ok
15:02:36.0935 3172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:02:36.0937 3172 crcdisk - ok
15:02:37.0069 3172 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:02:37.0103 3172 Creative ALchemy AL6 Licensing Service - ok
15:02:37.0202 3172 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:02:37.0244 3172 Creative Audio Engine Licensing Service - ok
15:02:37.0353 3172 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
15:02:37.0361 3172 Creative Media Toolbox 6 Licensing Service - ok
15:02:37.0521 3172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:02:37.0522 3172 CryptSvc - ok
15:02:37.0628 3172 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:02:37.0630 3172 CTAudSvcService - ok
15:02:37.0681 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:02:37.0684 3172 DcomLaunch - ok
15:02:37.0746 3172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:02:37.0753 3172 defragsvc - ok
15:02:37.0776 3172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:02:37.0777 3172 DfsC - ok
15:02:37.0802 3172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:02:37.0805 3172 Dhcp - ok
15:02:37.0815 3172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:02:37.0816 3172 discache - ok
15:02:37.0861 3172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:02:37.0869 3172 Disk - ok
15:02:37.0905 3172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:02:37.0907 3172 Dnscache - ok
15:02:37.0936 3172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:02:37.0942 3172 dot3svc - ok
15:02:37.0979 3172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:02:37.0980 3172 DPS - ok
15:02:38.0014 3172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:02:38.0016 3172 drmkaud - ok
15:02:38.0082 3172 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:02:38.0088 3172 DXGKrnl - ok
15:02:38.0136 3172 EagleX64 - ok
15:02:38.0159 3172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:02:38.0160 3172 EapHost - ok
15:02:38.0379 3172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:02:38.0453 3172 ebdrv - ok
15:02:38.0538 3172 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:02:38.0541 3172 eeCtrl - ok
15:02:38.0580 3172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:02:38.0581 3172 EFS - ok
15:02:38.0706 3172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:02:38.0725 3172 ehRecvr - ok
15:02:38.0741 3172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:02:38.0746 3172 ehSched - ok
15:02:38.0801 3172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:02:38.0812 3172 elxstor - ok
15:02:38.0844 3172 [ 947B36A9223D7730B73A7B03D5FFD269 ] Envy24HFS C:\Windows\system32\drivers\Envy24HF.sys
15:02:38.0845 3172 Envy24HFS - ok
15:02:38.0886 3172 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:02:38.0887 3172 EraserUtilRebootDrv - ok
15:02:38.0917 3172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:02:38.0919 3172 ErrDev - ok
15:02:38.0948 3172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:02:38.0951 3172 EventSystem - ok
15:02:38.0991 3172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:02:38.0996 3172 exfat - ok
15:02:39.0030 3172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:02:39.0044 3172 fastfat - ok
15:02:39.0115 3172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:02:39.0119 3172 Fax - ok
15:02:39.0135 3172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:02:39.0136 3172 fdc - ok
15:02:39.0159 3172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:02:39.0162 3172 fdPHost - ok
15:02:39.0171 3172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:02:39.0172 3172 FDResPub - ok
15:02:39.0188 3172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:02:39.0191 3172 FileInfo - ok
15:02:39.0204 3172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:02:39.0213 3172 Filetrace - ok
15:02:39.0230 3172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:02:39.0233 3172 flpydisk - ok
15:02:39.0266 3172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:02:39.0268 3172 FltMgr - ok
15:02:39.0329 3172 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:02:39.0336 3172 FontCache - ok
15:02:39.0435 3172 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:02:39.0441 3172 FontCache3.0.0.0 - ok
15:02:39.0462 3172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:02:39.0467 3172 FsDepends - ok
15:02:39.0544 3172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:02:39.0548 3172 Fs_Rec - ok
15:02:39.0567 3172 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:02:39.0573 3172 fvevol - ok
15:02:39.0585 3172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:02:39.0588 3172 gagp30kx - ok
15:02:39.0721 3172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:02:39.0725 3172 gpsvc - ok
15:02:39.0753 3172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:02:39.0755 3172 hcw85cir - ok
15:02:39.0798 3172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:02:39.0820 3172 HdAudAddService - ok
15:02:39.0857 3172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:02:39.0858 3172 HDAudBus - ok
15:02:39.0871 3172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:02:39.0875 3172 HidBatt - ok
15:02:39.0886 3172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:02:39.0890 3172 HidBth - ok
15:02:39.0912 3172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:02:39.0916 3172 HidIr - ok
15:02:39.0959 3172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:02:39.0960 3172 hidserv - ok
15:02:39.0988 3172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:02:39.0989 3172 HidUsb - ok
15:02:40.0038 3172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:02:40.0043 3172 hkmsvc - ok
15:02:40.0063 3172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:02:40.0070 3172 HomeGroupListener - ok
15:02:40.0124 3172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:02:40.0127 3172 HomeGroupProvider - ok
15:02:40.0146 3172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:02:40.0150 3172 HpSAMD - ok
15:02:40.0191 3172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:02:40.0195 3172 HTTP - ok
15:02:40.0228 3172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:02:40.0230 3172 hwpolicy - ok
15:02:40.0250 3172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:02:40.0254 3172 i8042prt - ok
15:02:40.0301 3172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:02:40.0315 3172 iaStorV - ok
15:02:40.0403 3172 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:02:40.0431 3172 idsvc - ok
15:02:40.0510 3172 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSvia64.sys
15:02:40.0514 3172 IDSVia64 - ok
15:02:40.0542 3172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:02:40.0545 3172 iirsp - ok
15:02:40.0600 3172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:02:40.0607 3172 IKEEXT - ok
15:02:40.0776 3172 [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:02:40.0803 3172 IntcAzAudAddService - ok
15:02:40.0823 3172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:02:40.0824 3172 intelide - ok
15:02:40.0840 3172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:02:40.0841 3172 intelppm - ok
15:02:40.0856 3172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:02:40.0860 3172 IPBusEnum - ok
15:02:40.0871 3172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:02:40.0874 3172 IpFilterDriver - ok
15:02:40.0935 3172 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:02:40.0939 3172 iphlpsvc - ok
15:02:40.0954 3172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:02:40.0957 3172 IPMIDRV - ok
15:02:40.0979 3172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:02:40.0983 3172 IPNAT - ok
15:02:40.0999 3172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:02:41.0000 3172 IRENUM - ok
15:02:41.0010 3172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:02:41.0012 3172 isapnp - ok
15:02:41.0037 3172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:02:41.0043 3172 iScsiPrt - ok
15:02:41.0063 3172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:02:41.0064 3172 kbdclass - ok
15:02:41.0079 3172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:02:41.0079 3172 kbdhid - ok
15:02:41.0095 3172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:02:41.0096 3172 KeyIso - ok
15:02:41.0186 3172 [ B53BB94C3C7ED08E771CEA82D0DB705A ] ksaud C:\Windows\system32\drivers\ksaud.sys
15:02:41.0195 3172 ksaud - ok
15:02:41.0231 3172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:02:41.0234 3172 KSecDD - ok
15:02:41.0247 3172 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:02:41.0251 3172 KSecPkg - ok
15:02:41.0266 3172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:02:41.0267 3172 ksthunk - ok
15:02:41.0314 3172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:02:41.0322 3172 KtmRm - ok
15:02:41.0355 3172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:02:41.0357 3172 LanmanServer - ok
15:02:41.0382 3172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:02:41.0384 3172 LanmanWorkstation - ok
15:02:41.0411 3172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:02:41.0412 3172 lltdio - ok
15:02:41.0435 3172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:02:41.0442 3172 lltdsvc - ok
15:02:41.0455 3172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:02:41.0456 3172 lmhosts - ok
15:02:41.0493 3172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:02:41.0496 3172 LSI_FC - ok
15:02:41.0505 3172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:02:41.0508 3172 LSI_SAS - ok
15:02:41.0535 3172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:02:41.0538 3172 LSI_SAS2 - ok
15:02:41.0549 3172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:02:41.0553 3172 LSI_SCSI - ok
15:02:41.0581 3172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:02:41.0582 3172 luafv - ok
15:02:41.0632 3172 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:02:41.0633 3172 MBAMProtector - ok
15:02:41.0732 3172 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:02:41.0734 3172 MBAMScheduler - ok
15:02:41.0804 3172 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:02:41.0808 3172 MBAMService - ok
15:02:41.0832 3172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:02:41.0837 3172 Mcx2Svc - ok
15:02:41.0868 3172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:02:41.0871 3172 megasas - ok
15:02:41.0890 3172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:02:41.0896 3172 MegaSR - ok
15:02:41.0940 3172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:02:41.0942 3172 MMCSS - ok
15:02:41.0980 3172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:02:41.0983 3172 Modem - ok
15:02:41.0999 3172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:02:42.0000 3172 monitor - ok
15:02:42.0017 3172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:02:42.0017 3172 mouclass - ok
15:02:42.0033 3172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:02:42.0034 3172 mouhid - ok
15:02:42.0063 3172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:02:42.0067 3172 mountmgr - ok
15:02:42.0077 3172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:02:42.0081 3172 mpio - ok
15:02:42.0092 3172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:02:42.0093 3172 mpsdrv - ok
15:02:42.0151 3172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:02:42.0157 3172 MpsSvc - ok
15:02:42.0195 3172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:02:42.0198 3172 MRxDAV - ok
15:02:42.0225 3172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:02:42.0226 3172 mrxsmb - ok
15:02:42.0247 3172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:02:42.0249 3172 mrxsmb10 - ok
15:02:42.0276 3172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:02:42.0277 3172 mrxsmb20 - ok
15:02:42.0291 3172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:02:42.0293 3172 msahci - ok
15:02:42.0308 3172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:02:42.0312 3172 msdsm - ok
15:02:42.0338 3172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:02:42.0341 3172 MSDTC - ok
15:02:42.0366 3172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:02:42.0367 3172 Msfs - ok
15:02:42.0372 3172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:02:42.0374 3172 mshidkmdf - ok
15:02:42.0390 3172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:02:42.0399 3172 msisadrv - ok
15:02:42.0438 3172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:02:42.0443 3172 MSiSCSI - ok
15:02:42.0450 3172 msiserver - ok
15:02:42.0489 3172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:02:42.0491 3172 MSKSSRV - ok
15:02:42.0512 3172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:02:42.0521 3172 MSPCLOCK - ok
15:02:42.0550 3172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:02:42.0552 3172 MSPQM - ok
15:02:42.0595 3172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:02:42.0605 3172 MsRPC - ok
15:02:42.0637 3172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:02:42.0638 3172 mssmbios - ok
15:02:42.0666 3172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:02:42.0667 3172 MSTEE - ok
15:02:42.0701 3172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:02:42.0714 3172 MTConfig - ok
15:02:42.0733 3172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:02:42.0736 3172 Mup - ok
15:02:42.0757 3172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:02:42.0771 3172 napagent - ok
15:02:42.0834 3172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:02:42.0837 3172 NativeWifiP - ok
15:02:42.0883 3172 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120914.024\ENG64.SYS
15:02:42.0887 3172 NAVENG - ok
15:02:42.0961 3172 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120914.024\EX64.SYS
15:02:43.0030 3172 NAVEX15 - ok
15:02:43.0145 3172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:02:43.0174 3172 NDIS - ok
15:02:43.0212 3172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:02:43.0214 3172 NdisCap - ok
15:02:43.0272 3172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:02:43.0273 3172 NdisTapi - ok
15:02:43.0296 3172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:02:43.0297 3172 Ndisuio - ok
15:02:43.0313 3172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:02:43.0314 3172 NdisWan - ok
15:02:43.0329 3172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:02:43.0329 3172 NDProxy - ok
15:02:43.0366 3172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:02:43.0366 3172 NetBIOS - ok
15:02:43.0411 3172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:02:43.0413 3172 NetBT - ok
15:02:43.0435 3172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:02:43.0437 3172 Netlogon - ok
15:02:43.0575 3172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:02:43.0578 3172 Netman - ok
15:02:43.0707 3172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:02:43.0710 3172 netprofm - ok
15:02:43.0817 3172 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
15:02:43.0822 3172 netr28ux - ok
15:02:43.0927 3172 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:02:43.0934 3172 NetTcpPortSharing - ok
15:02:43.0990 3172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:02:43.0993 3172 nfrd960 - ok
15:02:44.0115 3172 [ E127420B7FEB65C7F279EAAC183BBC0E ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
15:02:44.0116 3172 NIS - ok
15:02:44.0156 3172 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:02:44.0159 3172 NlaSvc - ok
15:02:44.0176 3172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:02:44.0177 3172 Npfs - ok
15:02:44.0201 3172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:02:44.0202 3172 nsi - ok
15:02:44.0222 3172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:02:44.0222 3172 nsiproxy - ok
15:02:44.0373 3172 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:02:44.0409 3172 Ntfs - ok
15:02:44.0419 3172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:02:44.0420 3172 Null - ok
15:02:44.0502 3172 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
15:02:44.0505 3172 NVENETFD - ok
15:02:45.0241 3172 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:02:45.0321 3172 nvlddmkm - ok
15:02:45.0364 3172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:02:45.0368 3172 nvraid - ok
15:02:45.0454 3172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:02:45.0455 3172 nvstor - ok
15:02:45.0573 3172 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
15:02:45.0580 3172 nvsvc - ok
15:02:45.0648 3172 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:02:45.0655 3172 nvUpdatusService - ok
15:02:45.0694 3172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:02:45.0698 3172 nv_agp - ok
15:02:45.0706 3172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:02:45.0709 3172 ohci1394 - ok
15:02:45.0745 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:02:45.0753 3172 p2pimsvc - ok
15:02:45.0798 3172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:02:45.0813 3172 p2psvc - ok
15:02:45.0827 3172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:02:45.0830 3172 Parport - ok
15:02:45.0870 3172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:02:45.0873 3172 partmgr - ok
15:02:45.0886 3172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:02:45.0888 3172 PcaSvc - ok
15:02:45.0900 3172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:02:45.0906 3172 pci - ok
15:02:45.0945 3172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:02:45.0947 3172 pciide - ok
15:02:45.0962 3172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:02:45.0967 3172 pcmcia - ok
15:02:45.0977 3172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:02:45.0979 3172 pcw - ok
15:02:46.0027 3172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:02:46.0031 3172 PEAUTH - ok
15:02:46.0190 3172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:02:46.0192 3172 PerfHost - ok
15:02:46.0229 3172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:02:46.0261 3172 pla - ok
15:02:46.0287 3172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:02:46.0290 3172 PlugPlay - ok
15:02:46.0305 3172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:02:46.0308 3172 PNRPAutoReg - ok
15:02:46.0318 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:02:46.0321 3172 PNRPsvc - ok
15:02:46.0356 3172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:02:46.0360 3172 PolicyAgent - ok
15:02:46.0396 3172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:02:46.0398 3172 Power - ok
15:02:46.0418 3172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:02:46.0419 3172 PptpMiniport - ok
15:02:46.0432 3172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:02:46.0439 3172 Processor - ok
15:02:46.0472 3172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:02:46.0474 3172 ProfSvc - ok
15:02:46.0492 3172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:02:46.0493 3172 ProtectedStorage - ok
15:02:46.0517 3172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:02:46.0518 3172 Psched - ok
15:02:46.0572 3172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:02:46.0611 3172 ql2300 - ok
15:02:46.0627 3172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:02:46.0631 3172 ql40xx - ok
15:02:46.0646 3172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:02:46.0652 3172 QWAVE - ok
15:02:46.0661 3172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:02:46.0663 3172 QWAVEdrv - ok
15:02:46.0669 3172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:02:46.0670 3172 RasAcd - ok
15:02:46.0702 3172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:46.0703 3172 RasAgileVpn - ok
15:02:46.0718 3172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:02:46.0726 3172 RasAuto - ok
15:02:46.0741 3172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:46.0742 3172 Rasl2tp - ok
15:02:46.0757 3172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:02:46.0761 3172 RasMan - ok
15:02:46.0773 3172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:46.0774 3172 RasPppoe - ok
15:02:46.0794 3172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:02:46.0795 3172 RasSstp - ok
15:02:46.0814 3172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:02:46.0816 3172 rdbss - ok
15:02:46.0826 3172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:02:46.0833 3172 rdpbus - ok
15:02:46.0846 3172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:46.0847 3172 RDPCDD - ok
15:02:46.0864 3172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:02:46.0864 3172 RDPENCDD - ok
15:02:46.0876 3172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:02:46.0877 3172 RDPREFMP - ok
15:02:46.0914 3172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:02:46.0930 3172 RDPWD - ok
15:02:46.0953 3172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:02:46.0960 3172 rdyboost - ok
15:02:47.0021 3172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:02:47.0024 3172 RemoteAccess - ok
15:02:47.0031 3172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:02:47.0036 3172 RemoteRegistry - ok
15:02:47.0052 3172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:02:47.0053 3172 RpcEptMapper - ok
15:02:47.0071 3172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:02:47.0073 3172 RpcLocator - ok
15:02:47.0094 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:02:47.0098 3172 RpcSs - ok
15:02:47.0110 3172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:02:47.0111 3172 rspndr - ok
15:02:47.0116 3172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:02:47.0117 3172 SamSs - ok
15:02:47.0127 3172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:02:47.0130 3172 sbp2port - ok
15:02:47.0142 3172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:02:47.0147 3172 SCardSvr - ok
15:02:47.0156 3172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:02:47.0157 3172 scfilter - ok
15:02:47.0188 3172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:02:47.0195 3172 Schedule - ok
15:02:47.0223 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:02:47.0224 3172 SCPolicySvc - ok
15:02:47.0239 3172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:02:47.0249 3172 SDRSVC - ok
15:02:47.0261 3172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:02:47.0261 3172 secdrv - ok
15:02:47.0277 3172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:02:47.0279 3172 seclogon - ok
15:02:47.0294 3172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:02:47.0296 3172 SENS - ok
15:02:47.0308 3172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:02:47.0312 3172 SensrSvc - ok
15:02:47.0331 3172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:02:47.0331 3172 Serenum - ok
15:02:47.0348 3172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:02:47.0349 3172 Serial - ok
15:02:47.0359 3172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:02:47.0362 3172 sermouse - ok
15:02:47.0383 3172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:02:47.0388 3172 SessionEnv - ok
15:02:47.0402 3172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:02:47.0436 3172 sffdisk - ok
15:02:47.0465 3172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:02:47.0467 3172 sffp_mmc - ok
15:02:47.0473 3172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:02:47.0475 3172 sffp_sd - ok
15:02:47.0483 3172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:02:47.0485 3172 sfloppy - ok
15:02:47.0537 3172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:02:47.0539 3172 SharedAccess - ok
15:02:47.0559 3172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:02:47.0562 3172 ShellHWDetection - ok
15:02:47.0594 3172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:02:47.0597 3172 SiSRaid2 - ok
15:02:47.0612 3172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:02:47.0615 3172 SiSRaid4 - ok
15:02:47.0714 3172 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:02:47.0733 3172 Skype C2C Service - ok
15:02:47.0762 3172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:02:47.0796 3172 Smb - ok
15:02:47.0812 3172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:02:47.0813 3172 SNMPTRAP - ok
15:02:47.0826 3172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:02:47.0828 3172 spldr - ok
15:02:47.0871 3172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:02:47.0875 3172 Spooler - ok
15:02:48.0018 3172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:02:48.0057 3172 sppsvc - ok
15:02:48.0079 3172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:02:48.0092 3172 sppuinotify - ok
15:02:48.0228 3172 [ 1321A6C3C92BBD3F3BBE1292CFF8E91A ] SRTSP C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
15:02:48.0254 3172 SRTSP - ok
15:02:48.0265 3172 [ BD129C22C3B8C2E584227269DFA77B09 ] SRTSPX C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
15:02:48.0266 3172 SRTSPX - ok
15:02:48.0289 3172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:02:48.0292 3172 srv - ok
15:02:48.0317 3172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:02:48.0320 3172 srv2 - ok
15:02:48.0352 3172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:02:48.0353 3172 srvnet - ok
15:02:48.0397 3172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:02:48.0415 3172 SSDPSRV - ok
15:02:48.0433 3172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:02:48.0435 3172 SstpSvc - ok
15:02:48.0546 3172 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:02:48.0548 3172 Stereo Service - ok
15:02:48.0559 3172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:02:48.0561 3172 stexstor - ok
15:02:48.0661 3172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:02:48.0683 3172 stisvc - ok
15:02:48.0698 3172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:02:48.0699 3172 swenum - ok
15:02:48.0812 3172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:02:48.0826 3172 swprv - ok
15:02:48.0860 3172 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
15:02:48.0877 3172 SymDS - ok
15:02:48.0999 3172 [ FE29B18BF86FFCD55D8733C9B01E5042 ] SymEFA C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
15:02:49.0028 3172 SymEFA - ok
15:02:49.0074 3172 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:02:49.0076 3172 SymEvent - ok
15:02:49.0121 3172 [ DD70DA422460FDED831D211DF151D560 ] SymIRON C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
15:02:49.0122 3172 SymIRON - ok
15:02:49.0161 3172 [ BCE4EB2EEF05E388959B46FD21388C2D ] SymNetS C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
15:02:49.0163 3172 SymNetS - ok
15:02:49.0263 3172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:02:49.0274 3172 SysMain - ok
15:02:49.0299 3172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:02:49.0303 3172 TabletInputService - ok
15:02:49.0318 3172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:02:49.0321 3172 TapiSrv - ok
15:02:49.0338 3172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:02:49.0342 3172 TBS - ok
15:02:49.0473 3172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:02:49.0518 3172 Tcpip - ok
15:02:49.0715 3172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:02:49.0726 3172 TCPIP6 - ok
15:02:49.0765 3172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:02:49.0766 3172 tcpipreg - ok
15:02:49.0786 3172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:02:49.0788 3172 TDPIPE - ok
15:02:49.0805 3172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:02:49.0807 3172 TDTCP - ok
15:02:49.0820 3172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:02:49.0822 3172 tdx - ok
15:02:49.0846 3172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:02:49.0847 3172 TermDD - ok
15:02:49.0875 3172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:02:49.0897 3172 TermService - ok
15:02:49.0918 3172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:02:49.0920 3172 Themes - ok
15:02:49.0936 3172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:02:49.0938 3172 THREADORDER - ok
15:02:49.0948 3172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:02:49.0950 3172 TrkWks - ok
15:02:50.0020 3172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:02:50.0021 3172 TrustedInstaller - ok
15:02:50.0029 3172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:50.0031 3172 tssecsrv - ok
15:02:50.0044 3172 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:02:50.0047 3172 TsUsbFlt - ok
15:02:50.0075 3172 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:02:50.0078 3172 TsUsbGD - ok
15:02:50.0092 3172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:02:50.0093 3172 tunnel - ok
15:02:50.0100 3172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:02:50.0103 3172 uagp35 - ok
15:02:50.0135 3172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:02:50.0143 3172 udfs - ok
15:02:50.0166 3172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:02:50.0170 3172 UI0Detect - ok
15:02:50.0183 3172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:02:50.0185 3172 uliagpkx - ok
15:02:50.0194 3172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:02:50.0196 3172 umbus - ok
15:02:50.0209 3172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:02:50.0211 3172 UmPass - ok
15:02:50.0258 3172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:02:50.0267 3172 upnphost - ok
15:02:50.0300 3172 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:02:50.0310 3172 usbaudio - ok
15:02:50.0345 3172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:50.0346 3172 usbccgp - ok
15:02:50.0369 3172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:02:50.0372 3172 usbcir - ok
15:02:50.0396 3172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:02:50.0397 3172 usbehci - ok
15:02:50.0429 3172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:02:50.0432 3172 usbhub - ok
15:02:50.0453 3172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:02:50.0455 3172 usbohci - ok
15:02:50.0468 3172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:02:50.0476 3172 usbprint - ok
15:02:50.0500 3172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:50.0504 3172 USBSTOR - ok
15:02:50.0529 3172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:02:50.0532 3172 usbuhci - ok
15:02:50.0549 3172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:02:50.0551 3172 UxSms - ok
15:02:50.0565 3172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:02:50.0566 3172 VaultSvc - ok
15:02:50.0579 3172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:02:50.0581 3172 vdrvroot - ok
15:02:50.0618 3172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:02:50.0647 3172 vds - ok
15:02:50.0662 3172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:50.0664 3172 vga - ok
15:02:50.0678 3172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:02:50.0679 3172 VgaSave - ok
15:02:50.0713 3172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:02:50.0718 3172 vhdmp - ok
15:02:50.0732 3172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:02:50.0739 3172 viaide - ok
15:02:50.0762 3172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:02:50.0764 3172 volmgr - ok
15:02:50.0781 3172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:02:50.0789 3172 volmgrx - ok
15:02:50.0806 3172 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:02:50.0812 3172 volsnap - ok
15:02:50.0847 3172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:02:50.0858 3172 vsmraid - ok
15:02:50.0912 3172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:02:50.0947 3172 VSS - ok
15:02:50.0959 3172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:02:50.0960 3172 vwifibus - ok
15:02:50.0992 3172 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:02:50.0993 3172 vwififlt - ok
15:02:51.0010 3172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:02:51.0018 3172 W32Time - ok
15:02:51.0048 3172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:02:51.0050 3172 WacomPen - ok
15:02:51.0072 3172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:02:51.0073 3172 WANARP - ok
15:02:51.0078 3172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:02:51.0079 3172 Wanarpv6 - ok
15:02:51.0157 3172 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:02:51.0211 3172 WatAdminSvc - ok
15:02:51.0282 3172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:02:51.0319 3172 wbengine - ok
15:02:51.0345 3172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:02:51.0350 3172 WbioSrvc - ok
15:02:51.0374 3172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:02:51.0382 3172 wcncsvc - ok
15:02:51.0409 3172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:02:51.0451 3172 WcsPlugInService - ok
15:02:51.0464 3172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:02:51.0468 3172 Wd - ok
15:02:51.0521 3172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:02:51.0541 3172 Wdf01000 - ok
15:02:51.0561 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:02:51.0563 3172 WdiServiceHost - ok
15:02:51.0569 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:02:51.0571 3172 WdiSystemHost - ok
15:02:51.0593 3172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:02:51.0600 3172 WebClient - ok
15:02:51.0624 3172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:02:51.0631 3172 Wecsvc - ok
15:02:51.0642 3172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:02:51.0646 3172 wercplsupport - ok
15:02:51.0665 3172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:02:51.0667 3172 WerSvc - ok
15:02:51.0694 3172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:51.0694 3172 WfpLwf - ok
15:02:51.0710 3172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:02:51.0711 3172 WIMMount - ok
15:02:51.0732 3172 WinDefend - ok
15:02:51.0736 3172 WinHttpAutoProxySvc - ok
15:02:51.0821 3172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:02:51.0823 3172 Winmgmt - ok
15:02:51.0883 3172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:02:51.0926 3172 WinRM - ok
15:02:51.0979 3172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:02:51.0985 3172 Wlansvc - ok
15:02:52.0118 3172 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:02:52.0133 3172 wlidsvc - ok
15:02:52.0145 3172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:02:52.0147 3172 WmiAcpi - ok
15:02:52.0194 3172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:02:52.0199 3172 wmiApSrv - ok
15:02:52.0223 3172 WMPNetworkSvc - ok
15:02:52.0236 3172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:02:52.0239 3172 WPCSvc - ok
15:02:52.0250 3172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:02:52.0253 3172 WPDBusEnum - ok
15:02:52.0263 3172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:02:52.0263 3172 ws2ifsl - ok
15:02:52.0285 3172 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:02:52.0296 3172 wscsvc - ok
15:02:52.0300 3172 WSearch - ok
15:02:52.0519 3172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:02:52.0565 3172 wuauserv - ok
15:02:52.0594 3172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:02:52.0595 3172 WudfPf - ok
15:02:52.0629 3172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:02:52.0634 3172 WUDFRd - ok
15:02:52.0667 3172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:02:52.0669 3172 wudfsvc - ok
15:02:52.0687 3172 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:02:52.0699 3172 WwanSvc - ok
15:02:52.0729 3172 ================ Scan global ===============================
15:02:52.0769 3172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:02:52.0808 3172 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:02:52.0824 3172 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:02:52.0862 3172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:02:52.0901 3172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:02:52.0905 3172 [Global] - ok
15:02:52.0906 3172 ================ Scan MBR ==================================
15:02:52.0919 3172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:02:54.0725 3172 \Device\Harddisk0\DR0 - ok
15:02:54.0725 3172 ================ Scan VBR ==================================
15:02:54.0729 3172 [ 5D90943845C8E27979F17B2A6DA5B2D3 ] \Device\Harddisk0\DR0\Partition1
15:02:54.0733 3172 \Device\Harddisk0\DR0\Partition1 - ok
15:02:54.0733 3172 ================ Scan active images ========================
15:02:54.0735 3172 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
15:02:54.0735 3172 C:\Windows\System32\drivers\crashdmp.sys - ok
15:02:54.0739 3172 [ 9BBD8B5855BC6578957F82341F9CDE5A ] C:\Windows\System32\drivers\Diskdump.sys
15:02:54.0739 3172 C:\Windows\System32\drivers\Diskdump.sys - ok
15:02:54.0744 3172 [ DAB0E87525C10052BF65F06152F37E4A ] C:\Windows\System32\drivers\nvstor.sys
15:02:54.0744 3172 C:\Windows\System32\drivers\nvstor.sys - ok
15:02:54.0750 3172 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
15:02:54.0750 3172 C:\Windows\System32\drivers\dumpfve.sys - ok
15:02:54.0757 3172 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
15:02:54.0757 3172 C:\Windows\System32\drivers\cdrom.sys - ok
15:02:54.0763 3172 [ A8AD33C9DD88C810CAC00ACC7F4329FB ] C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys
15:02:54.0763 3172 C:\Windows\System32\drivers\NISx64\1301000.01C\ccSetx64.sys - ok
15:02:54.0768 3172 [ DD70DA422460FDED831D211DF151D560 ] C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.sys
15:02:54.0768 3172 C:\Windows\System32\drivers\NISx64\1301000.01C\Ironx64.sys - ok
15:02:54.0772 3172 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
15:02:54.0772 3172 C:\Windows\System32\drivers\null.sys - ok
15:02:54.0776 3172 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
15:02:54.0776 3172 C:\Windows\System32\drivers\beep.sys - ok
15:02:54.0782 3172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
15:02:54.0783 3172 C:\Windows\System32\drivers\vga.sys - ok
15:02:54.0788 3172 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
15:02:54.0788 3172 C:\Windows\System32\drivers\videoprt.sys - ok
15:02:54.0794 3172 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
15:02:54.0794 3172 C:\Windows\System32\drivers\watchdog.sys - ok
15:02:54.0799 3172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
15:02:54.0799 3172 C:\Windows\System32\drivers\RDPCDD.sys - ok
15:02:54.0806 3172 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
15:02:54.0806 3172 C:\Windows\System32\drivers\RDPENCDD.sys - ok
15:02:54.0811 3172 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
15:02:54.0811 3172 C:\Windows\System32\drivers\RDPREFMP.sys - ok
15:02:54.0816 3172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
15:02:54.0816 3172 C:\Windows\System32\drivers\msfs.sys - ok
15:02:54.0823 3172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
15:02:54.0823 3172 C:\Windows\System32\drivers\npfs.sys - ok
15:02:54.0828 3172 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
15:02:54.0828 3172 C:\Windows\System32\drivers\tdi.sys - ok
15:02:54.0832 3172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
15:02:54.0832 3172 C:\Windows\System32\drivers\tdx.sys - ok
15:02:54.0840 3172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
15:02:54.0840 3172 C:\Windows\System32\drivers\afd.sys - ok
15:02:54.0844 3172 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
15:02:54.0844 3172 C:\Windows\System32\drivers\netbt.sys - ok
15:02:54.0849 3172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
15:02:54.0849 3172 C:\Windows\System32\drivers\ws2ifsl.sys - ok
15:02:54.0855 3172 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
15:02:54.0855 3172 C:\Windows\System32\drivers\wfplwf.sys - ok
15:02:54.0858 3172 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
15:02:54.0858 3172 C:\Windows\System32\drivers\pacer.sys - ok
15:02:54.0862 3172 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
15:02:54.0862 3172 C:\Windows\System32\drivers\vwififlt.sys - ok
15:02:54.0866 3172 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
15:02:54.0866 3172 C:\Windows\System32\drivers\netbios.sys - ok
15:02:54.0871 3172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
15:02:54.0871 3172 C:\Windows\System32\drivers\serial.sys - ok
15:02:54.0876 3172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
15:02:54.0876 3172 C:\Windows\System32\drivers\termdd.sys - ok
15:02:54.0879 3172 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
15:02:54.0879 3172 C:\Windows\System32\drivers\wanarp.sys - ok
15:02:54.0884 3172 [ BCE4EB2EEF05E388959B46FD21388C2D ] C:\Windows\System32\drivers\NISx64\1301000.01C\symnets.sys
15:02:54.0884 3172 C:\Windows\System32\drivers\NISx64\1301000.01C\symnets.sys - ok
15:02:54.0888 3172 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] C:\Windows\System32\drivers\SYMEVENT64x86.SYS
15:02:54.0888 3172 C:\Windows\System32\drivers\SYMEVENT64x86.SYS - ok
15:02:54.0895 3172 [ BD129C22C3B8C2E584227269DFA77B09 ] C:\Windows\System32\drivers\NISx64\1301000.01C\srtspx64.sys
15:02:54.0895 3172 C:\Windows\System32\drivers\NISx64\1301000.01C\srtspx64.sys - ok
15:02:54.0900 3172 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
15:02:54.0900 3172 C:\Windows\System32\drivers\nsiproxy.sys - ok
15:02:54.0906 3172 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
15:02:54.0906 3172 C:\Windows\System32\drivers\rdbss.sys - ok
15:02:54.0910 3172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
15:02:54.0910 3172 C:\Windows\System32\drivers\mssmbios.sys - ok
15:02:54.0916 3172 [ A48928D4CCA6F8B731989DB08CF2C0AB ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSviA64.sys
15:02:54.0917 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSviA64.sys - ok
15:02:54.0921 3172 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:02:54.0922 3172 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys - ok
15:02:54.0926 3172 [ C5BCCB378D0A896304A3E71BE7215983 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:02:54.0926 3172 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
15:02:54.0930 3172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
15:02:54.0930 3172 C:\Windows\System32\drivers\discache.sys - ok
15:02:54.0937 3172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
15:02:54.0937 3172 C:\Windows\System32\drivers\blbdrive.sys - ok
15:02:54.0940 3172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
15:02:54.0940 3172 C:\Windows\System32\drivers\dfsc.sys - ok
15:02:54.0944 3172 [ A45BE4E091636F6C86D6E4FC945D5A26 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx64.sys
15:02:54.0944 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx64.sys - ok
15:02:54.0948 3172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
15:02:54.0948 3172 C:\Windows\System32\drivers\tunnel.sys - ok
15:02:54.0954 3172 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
15:02:54.0954 3172 C:\Windows\System32\drivers\intelppm.sys - ok
15:02:54.0960 3172 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] C:\Windows\System32\drivers\nvlddmkm.sys
15:02:54.0960 3172 C:\Windows\System32\drivers\nvlddmkm.sys - ok
15:02:54.0965 3172 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
15:02:54.0965 3172 C:\Windows\System32\drivers\dxgkrnl.sys - ok
15:02:54.0968 3172 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
15:02:54.0968 3172 C:\Windows\System32\drivers\dxgmms1.sys - ok
15:02:54.0972 3172 [ D765D19CD8EF61F650C384F62FAC00AB ] C:\Windows\System32\drivers\fdc.sys
15:02:54.0972 3172 C:\Windows\System32\drivers\fdc.sys - ok
15:02:54.0977 3172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys
15:02:54.0977 3172 C:\Windows\System32\drivers\serenum.sys - ok
15:02:54.0983 3172 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
15:02:54.0983 3172 C:\Windows\System32\drivers\usbport.sys - ok
15:02:54.0988 3172 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
15:02:54.0988 3172 C:\Windows\System32\drivers\usbohci.sys - ok
15:02:54.0993 3172 [ A87D604AEA360176311474C87A63BB88 ] C:\Windows\System32\drivers\1394ohci.sys
15:02:54.0993 3172 C:\Windows\System32\drivers\1394ohci.sys - ok
15:02:54.0997 3172 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
15:02:54.0997 3172 C:\Windows\System32\drivers\usbehci.sys - ok
15:02:55.0004 3172 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
15:02:55.0004 3172 C:\Windows\System32\drivers\drmk.sys - ok
15:02:55.0008 3172 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
15:02:55.0008 3172 C:\Windows\System32\drivers\ks.sys - ok
15:02:55.0013 3172 [ 947B36A9223D7730B73A7B03D5FFD269 ] C:\Windows\System32\drivers\Envy24HF.sys
15:02:55.0013 3172 C:\Windows\System32\drivers\Envy24HF.sys - ok
15:02:55.0018 3172 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
15:02:55.0018 3172 C:\Windows\System32\drivers\portcls.sys - ok
15:02:55.0025 3172 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
15:02:55.0025 3172 C:\Windows\System32\drivers\ksthunk.sys - ok
15:02:55.0029 3172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
15:02:55.0029 3172 C:\Windows\System32\drivers\hdaudbus.sys - ok
15:02:55.0035 3172 [ A85B4F2EF3A7304A5399EF0526423040 ] C:\Windows\System32\drivers\nvm62x64.sys
15:02:55.0035 3172 C:\Windows\System32\drivers\nvm62x64.sys - ok
15:02:55.0039 3172 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
15:02:55.0039 3172 C:\Windows\System32\drivers\CompositeBus.sys - ok
15:02:55.0044 3172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
15:02:55.0044 3172 C:\Windows\System32\drivers\agilevpn.sys - ok
15:02:55.0052 3172 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
15:02:55.0052 3172 C:\Windows\System32\drivers\rasl2tp.sys - ok
15:02:55.0058 3172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
15:02:55.0058 3172 C:\Windows\System32\drivers\ndistapi.sys - ok
15:02:55.0063 3172 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
15:02:55.0063 3172 C:\Windows\System32\drivers\ndiswan.sys - ok
15:02:55.0068 3172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
15:02:55.0068 3172 C:\Windows\System32\drivers\raspppoe.sys - ok
15:02:55.0075 3172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
15:02:55.0075 3172 C:\Windows\System32\drivers\raspptp.sys - ok
15:02:55.0081 3172 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
15:02:55.0081 3172 C:\Windows\System32\drivers\rassstp.sys - ok
15:02:55.0088 3172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
15:02:55.0089 3172 C:\Windows\System32\drivers\kbdclass.sys - ok
15:02:55.0096 3172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
15:02:55.0096 3172 C:\Windows\System32\drivers\mouclass.sys - ok
15:02:55.0102 3172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
15:02:55.0102 3172 C:\Windows\System32\drivers\swenum.sys - ok
15:02:55.0111 3172 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
15:02:55.0111 3172 C:\Windows\System32\drivers\umbus.sys - ok
15:02:55.0118 3172 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
15:02:55.0118 3172 C:\Windows\System32\smss.exe - ok
15:02:55.0126 3172 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
15:02:55.0126 3172 C:\Windows\System32\ntdll.dll - ok
15:02:55.0131 3172 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
15:02:55.0131 3172 C:\Windows\System32\autochk.exe - ok
15:02:55.0135 3172 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
15:02:55.0135 3172 C:\Windows\System32\drivers\usbhub.sys - ok
15:02:55.0143 3172 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
15:02:55.0143 3172 C:\Windows\System32\ws2_32.dll - ok
15:02:55.0149 3172 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
15:02:55.0149 3172 C:\Windows\System32\msvcrt.dll - ok
15:02:55.0156 3172 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
15:02:55.0156 3172 C:\Windows\System32\urlmon.dll - ok
15:02:55.0161 3172 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
15:02:55.0161 3172 C:\Windows\System32\usp10.dll - ok
15:02:55.0167 3172 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
15:02:55.0167 3172 C:\Windows\System32\advapi32.dll - ok
15:02:55.0173 3172 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
15:02:55.0173 3172 C:\Windows\System32\clbcatq.dll - ok
15:02:55.0177 3172 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
15:02:55.0177 3172 C:\Windows\System32\nsi.dll - ok
15:02:55.0181 3172 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
15:02:55.0181 3172 C:\Windows\System32\iertutil.dll - ok
15:02:55.0188 3172 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
15:02:55.0188 3172 C:\Windows\System32\gdi32.dll - ok
15:02:55.0193 3172 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
15:02:55.0193 3172 C:\Windows\System32\ole32.dll - ok
15:02:55.0198 3172 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
15:02:55.0198 3172 C:\Windows\System32\msctf.dll - ok
15:02:55.0203 3172 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
15:02:55.0203 3172 C:\Windows\System32\shell32.dll - ok
15:02:55.0207 3172 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
15:02:55.0207 3172 C:\Windows\System32\psapi.dll - ok
15:02:55.0211 3172 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
15:02:55.0211 3172 C:\Windows\System32\lpk.dll - ok
15:02:55.0217 3172 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
15:02:55.0217 3172 C:\Windows\System32\setupapi.dll - ok
15:02:55.0225 3172 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
15:02:55.0225 3172 C:\Windows\System32\user32.dll - ok
15:02:55.0230 3172 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
15:02:55.0230 3172 C:\Windows\System32\Wldap32.dll - ok
15:02:55.0235 3172 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
15:02:55.0235 3172 C:\Windows\System32\oleaut32.dll - ok
15:02:55.0240 3172 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
15:02:55.0240 3172 C:\Windows\System32\comdlg32.dll - ok
15:02:55.0244 3172 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
15:02:55.0244 3172 C:\Windows\System32\shlwapi.dll - ok
15:02:55.0247 3172 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
15:02:55.0247 3172 C:\Windows\System32\normaliz.dll - ok
15:02:55.0254 3172 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
15:02:55.0254 3172 C:\Windows\System32\wininet.dll - ok
15:02:55.0260 3172 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
15:02:55.0260 3172 C:\Windows\System32\difxapi.dll - ok
15:02:55.0267 3172 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
15:02:55.0267 3172 C:\Windows\System32\imm32.dll - ok
15:02:55.0276 3172 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
15:02:55.0276 3172 C:\Windows\System32\imagehlp.dll - ok
15:02:55.0281 3172 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
15:02:55.0281 3172 C:\Windows\System32\rpcrt4.dll - ok
15:02:55.0290 3172 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
15:02:55.0290 3172 C:\Windows\System32\sechost.dll - ok
15:02:55.0295 3172 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
15:02:55.0295 3172 C:\Windows\System32\kernel32.dll - ok
15:02:55.0302 3172 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
15:02:55.0302 3172 C:\Windows\System32\comctl32.dll - ok
15:02:55.0310 3172 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
15:02:55.0310 3172 C:\Windows\System32\wintrust.dll - ok
15:02:55.0317 3172 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
15:02:55.0317 3172 C:\Windows\System32\crypt32.dll - ok
15:02:55.0326 3172 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
15:02:55.0326 3172 C:\Windows\System32\cfgmgr32.dll - ok
15:02:55.0334 3172 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
15:02:55.0334 3172 C:\Windows\System32\KernelBase.dll - ok
15:02:55.0342 3172 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
15:02:55.0342 3172 C:\Windows\System32\devobj.dll - ok
15:02:55.0349 3172 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
15:02:55.0349 3172 C:\Windows\System32\msasn1.dll - ok
15:02:55.0359 3172 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
15:02:55.0359 3172 C:\Windows\SysWOW64\normaliz.dll - ok
15:02:55.0365 3172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
15:02:55.0365 3172 C:\Windows\System32\drivers\ndproxy.sys - ok
15:02:55.0373 3172 [ 150AC23F21DBDBF8488408BA944B0D65 ] C:\Windows\System32\drivers\RTKVHD64.sys
15:02:55.0373 3172 C:\Windows\System32\drivers\RTKVHD64.sys - ok
15:02:55.0380 3172 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
15:02:55.0380 3172 C:\Windows\System32\drivers\dxapi.sys - ok
15:02:55.0386 3172 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
15:02:55.0386 3172 C:\Windows\System32\win32k.sys - ok
15:02:55.0391 3172 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
15:02:55.0391 3172 C:\Windows\System32\csrss.exe - ok
15:02:55.0398 3172 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
15:02:55.0400 3172 C:\Windows\System32\csrsrv.dll - ok
15:02:55.0405 3172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
15:02:55.0405 3172 C:\Windows\System32\basesrv.dll - ok
15:02:55.0410 3172 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
15:02:55.0410 3172 C:\Windows\System32\winsrv.dll - ok
15:02:55.0419 3172 [ 618C55B392238B9467F9113E13525C49 ] C:\Windows\System32\drivers\netr28ux.sys
15:02:55.0419 3172 C:\Windows\System32\drivers\netr28ux.sys - ok
15:02:55.0429 3172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
15:02:55.0429 3172 C:\Windows\System32\drivers\vwifibus.sys - ok
15:02:55.0437 3172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
15:02:55.0437 3172 C:\Windows\System32\drivers\monitor.sys - ok
15:02:55.0443 3172 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
15:02:55.0443 3172 C:\Windows\System32\drivers\usbd.sys - ok
15:02:55.0450 3172 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
15:02:55.0450 3172 C:\Windows\System32\drivers\usbccgp.sys - ok
15:02:55.0459 3172 [ B53BB94C3C7ED08E771CEA82D0DB705A ] C:\Windows\System32\drivers\ksaud.sys
15:02:55.0459 3172 C:\Windows\System32\drivers\ksaud.sys - ok
15:02:55.0472 3172 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
15:02:55.0472 3172 C:\Windows\System32\drivers\hidparse.sys - ok
15:02:55.0479 3172 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
15:02:55.0479 3172 C:\Windows\System32\drivers\hidclass.sys - ok
15:02:55.0485 3172 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
15:02:55.0485 3172 C:\Windows\System32\drivers\hidusb.sys - ok
15:02:55.0491 3172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
15:02:55.0491 3172 C:\Windows\System32\drivers\mouhid.sys - ok
15:02:55.0495 3172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
15:02:55.0495 3172 C:\Windows\System32\drivers\kbdhid.sys - ok
15:02:55.0501 3172 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
15:02:55.0501 3172 C:\Windows\System32\tsddd.dll - ok
15:02:55.0511 3172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
15:02:55.0511 3172 C:\Windows\System32\sxssrv.dll - ok
15:02:55.0524 3172 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
15:02:55.0524 3172 C:\Windows\System32\profapi.dll - ok
15:02:55.0532 3172 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
15:02:55.0532 3172 C:\Windows\System32\wininit.exe - ok
15:02:55.0542 3172 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
15:02:55.0543 3172 C:\Windows\System32\KBDUS.DLL - ok
15:02:55.0550 3172 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
15:02:55.0550 3172 C:\Windows\System32\RpcRtRemote.dll - ok
15:02:55.0558 3172 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
15:02:55.0558 3172 C:\Windows\System32\cdd.dll - ok
15:02:55.0562 3172 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
15:02:55.0562 3172 C:\Windows\System32\winlogon.exe - ok
15:02:55.0568 3172 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
15:02:55.0568 3172 C:\Windows\System32\winsta.dll - ok
15:02:55.0575 3172 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
15:02:55.0575 3172 C:\Windows\System32\sxs.dll - ok
15:02:55.0579 3172 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
15:02:55.0579 3172 C:\Windows\System32\WlS0WndH.dll - ok
15:02:55.0587 3172 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
15:02:55.0587 3172 C:\Windows\System32\cryptbase.dll - ok
15:02:55.0593 3172 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
15:02:55.0593 3172 C:\Windows\System32\apphelp.dll - ok
15:02:55.0598 3172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
15:02:55.0599 3172 C:\Windows\System32\services.exe - ok
15:02:55.0603 3172 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
15:02:55.0603 3172 C:\Windows\System32\lsasrv.dll - ok
15:02:55.0609 3172 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
15:02:55.0609 3172 C:\Windows\System32\lsass.exe - ok
15:02:55.0614 3172 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
15:02:55.0614 3172 C:\Windows\System32\lsm.exe - ok
15:02:55.0624 3172 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
15:02:55.0624 3172 C:\Windows\System32\sspisrv.dll - ok
15:02:55.0631 3172 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
15:02:55.0631 3172 C:\Windows\System32\sspicli.dll - ok
15:02:55.0640 3172 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
15:02:55.0640 3172 C:\Windows\System32\sysntfy.dll - ok
15:02:55.0645 3172 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
15:02:55.0645 3172 C:\Windows\System32\wmsgapi.dll - ok
15:02:55.0649 3172 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
15:02:55.0650 3172 C:\Windows\System32\samsrv.dll - ok
15:02:55.0657 3172 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
15:02:55.0657 3172 C:\Windows\System32\scesrv.dll - ok
15:02:55.0662 3172 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
15:02:55.0662 3172 C:\Windows\System32\scext.dll - ok
15:02:55.0668 3172 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
15:02:55.0668 3172 C:\Windows\System32\secur32.dll - ok
15:02:55.0672 3172 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
15:02:55.0672 3172 C:\Windows\System32\srvcli.dll - ok
15:02:55.0676 3172 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
15:02:55.0676 3172 C:\Windows\System32\cryptdll.dll - ok
15:02:55.0680 3172 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
15:02:55.0680 3172 C:\Windows\System32\wevtapi.dll - ok
15:02:55.0685 3172 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
15:02:55.0685 3172 C:\Windows\System32\authz.dll - ok
15:02:55.0689 3172 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
15:02:55.0689 3172 C:\Windows\System32\cngaudit.dll - ok
15:02:55.0694 3172 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
15:02:55.0694 3172 C:\Windows\System32\ncrypt.dll - ok
15:02:55.0698 3172 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
15:02:55.0698 3172 C:\Windows\System32\bcrypt.dll - ok
15:02:55.0701 3172 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
15:02:55.0701 3172 C:\Windows\System32\msprivs.dll - ok
15:02:55.0708 3172 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
15:02:55.0708 3172 C:\Windows\System32\netjoin.dll - ok
15:02:55.0713 3172 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
15:02:55.0713 3172 C:\Windows\System32\negoexts.dll - ok
15:02:55.0717 3172 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
15:02:55.0717 3172 C:\Windows\System32\kerberos.dll - ok
15:02:55.0720 3172 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
15:02:55.0720 3172 C:\Windows\System32\cryptsp.dll - ok
15:02:55.0725 3172 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
15:02:55.0725 3172 C:\Windows\System32\mswsock.dll - ok
15:02:55.0729 3172 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
15:02:55.0729 3172 C:\Windows\System32\msv1_0.dll - ok
15:02:55.0734 3172 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
15:02:55.0734 3172 C:\Windows\System32\wship6.dll - ok
15:02:55.0739 3172 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
15:02:55.0739 3172 C:\Windows\System32\netlogon.dll - ok
15:02:55.0744 3172 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
15:02:55.0744 3172 C:\Windows\System32\dnsapi.dll - ok
15:02:55.0751 3172 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
15:02:55.0751 3172 C:\Windows\System32\logoncli.dll - ok
15:02:55.0757 3172 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
15:02:55.0757 3172 C:\Windows\System32\schannel.dll - ok
15:02:55.0761 3172 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
15:02:55.0761 3172 C:\Windows\System32\wdigest.dll - ok
15:02:55.0766 3172 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
15:02:55.0766 3172 C:\Windows\System32\rsaenh.dll - ok
15:02:55.0770 3172 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
15:02:55.0770 3172 C:\Windows\System32\TSpkg.dll - ok
15:02:55.0775 3172 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
15:02:55.0775 3172 C:\Windows\System32\pku2u.dll - ok
15:02:55.0778 3172 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
15:02:55.0778 3172 C:\Windows\System32\LIVESSP.DLL - ok
15:02:55.0782 3172 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
15:02:55.0782 3172 C:\Windows\System32\bcryptprimitives.dll - ok
15:02:55.0786 3172 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
15:02:55.0786 3172 C:\Windows\System32\efslsaext.dll - ok
15:02:55.0791 3172 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
15:02:55.0791 3172 C:\Windows\System32\credssp.dll - ok
15:02:55.0796 3172 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
15:02:55.0796 3172 C:\Windows\System32\scecli.dll - ok
15:02:55.0800 3172 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
15:02:55.0800 3172 C:\Windows\System32\ubpm.dll - ok
15:02:55.0804 3172 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
15:02:55.0804 3172 C:\Windows\System32\svchost.exe - ok
15:02:55.0808 3172 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
15:02:55.0808 3172 C:\Windows\System32\umpnpmgr.dll - ok
15:02:55.0814 3172 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
15:02:55.0814 3172 C:\Windows\System32\devrtl.dll - ok
15:02:55.0817 3172 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
15:02:55.0817 3172 C:\Windows\System32\SPInf.dll - ok
15:02:55.0821 3172 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
15:02:55.0821 3172 C:\Windows\System32\gpapi.dll - ok
15:02:55.0825 3172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
15:02:55.0825 3172 C:\Windows\System32\umpo.dll - ok
15:02:55.0829 3172 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
15:02:55.0829 3172 C:\Windows\System32\userenv.dll - ok
15:02:55.0833 3172 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
15:02:55.0833 3172 C:\Windows\System32\pcwum.dll - ok
15:02:55.0837 3172 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
15:02:55.0837 3172 C:\Windows\System32\powrprof.dll - ok
15:02:55.0841 3172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
15:02:55.0841 3172 C:\Windows\System32\drivers\luafv.sys - ok
15:02:55.0846 3172 [ A8FE8F2783B2929B56F5370A89356CE9 ] C:\Windows\System32\drivers\mbam.sys
15:02:55.0846 3172 C:\Windows\System32\drivers\mbam.sys - ok
15:02:55.0851 3172 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
15:02:55.0851 3172 C:\Windows\System32\drivers\WUDFPf.sys - ok
15:02:55.0856 3172 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] C:\Windows\System32\nvvsvc.exe
15:02:55.0856 3172 C:\Windows\System32\nvvsvc.exe - ok
15:02:55.0861 3172 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
15:02:55.0861 3172 C:\Windows\System32\wtsapi32.dll - ok
15:02:55.0865 3172 [ F0359F7CE712D69ACEF0886BDB4792ED ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:02:55.0865 3172 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
15:02:55.0871 3172 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
15:02:55.0871 3172 C:\Windows\SysWOW64\ntdll.dll - ok
15:02:55.0877 3172 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
15:02:55.0877 3172 C:\Windows\System32\wow64.dll - ok
15:02:55.0881 3172 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
15:02:55.0881 3172 C:\Windows\System32\wow64win.dll - ok
15:02:55.0887 3172 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
15:02:55.0887 3172 C:\Windows\System32\wow64cpu.dll - ok
15:02:55.0892 3172 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
15:02:55.0892 3172 C:\Windows\SysWOW64\kernel32.dll - ok
15:02:55.0896 3172 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
15:02:55.0896 3172 C:\Windows\SysWOW64\KernelBase.dll - ok
15:02:55.0901 3172 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
15:02:55.0901 3172 C:\Windows\SysWOW64\version.dll - ok
15:02:55.0908 3172 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
15:02:55.0908 3172 C:\Windows\SysWOW64\msvcrt.dll - ok
15:02:55.0913 3172 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
15:02:55.0913 3172 C:\Windows\SysWOW64\setupapi.dll - ok
15:02:55.0920 3172 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
15:02:55.0920 3172 C:\Windows\SysWOW64\advapi32.dll - ok
15:02:55.0930 3172 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
15:02:55.0930 3172 C:\Windows\SysWOW64\cfgmgr32.dll - ok
15:02:55.0939 3172 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
15:02:55.0939 3172 C:\Windows\SysWOW64\cryptbase.dll - ok
15:02:55.0948 3172 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
15:02:55.0948 3172 C:\Windows\SysWOW64\gdi32.dll - ok
15:02:55.0955 3172 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
15:02:55.0955 3172 C:\Windows\SysWOW64\rpcrt4.dll - ok
15:02:55.0961 3172 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
15:02:55.0961 3172 C:\Windows\SysWOW64\sechost.dll - ok
15:02:55.0967 3172 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
15:02:55.0967 3172 C:\Windows\SysWOW64\sspicli.dll - ok
15:02:55.0974 3172 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
15:02:55.0974 3172 C:\Windows\SysWOW64\user32.dll - ok
15:02:55.0978 3172 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
15:02:55.0978 3172 C:\Windows\SysWOW64\lpk.dll - ok
15:02:55.0984 3172 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
15:02:55.0984 3172 C:\Windows\SysWOW64\oleaut32.dll - ok
15:02:55.0990 3172 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
15:02:55.0990 3172 C:\Windows\SysWOW64\usp10.dll - ok
15:02:55.0995 3172 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
15:02:55.0995 3172 C:\Windows\SysWOW64\ole32.dll - ok
15:02:56.0000 3172 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
15:02:56.0001 3172 C:\Windows\SysWOW64\devobj.dll - ok
15:02:56.0007 3172 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
15:02:56.0007 3172 C:\Windows\SysWOW64\imm32.dll - ok
15:02:56.0013 3172 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
15:02:56.0013 3172 C:\Windows\SysWOW64\msctf.dll - ok
15:02:56.0018 3172 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
15:02:56.0019 3172 C:\Windows\SysWOW64\winspool.drv - ok
15:02:56.0026 3172 [ 145E7826A07D98628924A9B06F6273AB ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll
15:02:56.0026 3172 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll - ok
15:02:56.0031 3172 [ 7AD857422AFA068A39A4B4BBF7FCC49C ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll
15:02:56.0031 3172 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll - ok
15:02:56.0037 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
15:02:56.0037 3172 C:\Windows\System32\rpcss.dll - ok
15:02:56.0044 3172 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
15:02:56.0044 3172 C:\Windows\SysWOW64\crypt32.dll - ok
15:02:56.0050 3172 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
15:02:56.0050 3172 C:\Windows\SysWOW64\wintrust.dll - ok
15:02:56.0055 3172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
15:02:56.0056 3172 C:\Windows\System32\RpcEpMap.dll - ok
15:02:56.0061 3172 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
15:02:56.0061 3172 C:\Windows\System32\wshqos.dll - ok
15:02:56.0066 3172 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
15:02:56.0066 3172 C:\Windows\System32\WSHTCPIP.DLL - ok
15:02:56.0073 3172 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
15:02:56.0073 3172 C:\Windows\System32\FirewallAPI.dll - ok
15:02:56.0080 3172 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
15:02:56.0080 3172 C:\Windows\System32\LogonUI.exe - ok
15:02:56.0086 3172 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
15:02:56.0086 3172 C:\Windows\System32\authui.dll - ok
15:02:56.0093 3172 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
15:02:56.0093 3172 C:\Windows\SysWOW64\msasn1.dll - ok
15:02:56.0100 3172 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
15:02:56.0100 3172 C:\Windows\SysWOW64\ntmarta.dll - ok
15:02:56.0110 3172 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
15:02:56.0110 3172 C:\Windows\SysWOW64\Wldap32.dll - ok
15:02:56.0117 3172 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
15:02:56.0117 3172 C:\Windows\System32\version.dll - ok
15:02:56.0122 3172 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
15:02:56.0123 3172 C:\Windows\System32\wevtsvc.dll - ok
15:02:56.0129 3172 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
15:02:56.0129 3172 C:\Windows\SysWOW64\devrtl.dll - ok
15:02:56.0133 3172 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\SysWOW64\SPInf.dll
15:02:56.0133 3172 C:\Windows\SysWOW64\SPInf.dll - ok
15:02:56.0138 3172 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
15:02:56.0138 3172 C:\Windows\System32\cryptui.dll - ok
15:02:56.0141 3172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
15:02:56.0141 3172 C:\Windows\System32\profsvc.dll - ok
15:02:56.0143 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
15:02:56.0143 3172 C:\Windows\System32\audiosrv.dll - ok
15:02:56.0149 3172 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
15:02:56.0149 3172 C:\Windows\System32\adtschema.dll - ok
15:02:56.0156 3172 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
15:02:56.0156 3172 C:\Windows\System32\avrt.dll - ok
15:02:56.0160 3172 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
15:02:56.0160 3172 C:\Windows\System32\mmcss.dll - ok
15:02:56.0164 3172 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
15:02:56.0164 3172 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
15:02:56.0168 3172 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
15:02:56.0169 3172 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
15:02:56.0174 3172 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
15:02:56.0174 3172 C:\Windows\System32\MMDevAPI.dll - ok
15:02:56.0179 3172 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
15:02:56.0179 3172 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
15:02:56.0183 3172 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
15:02:56.0183 3172 C:\Windows\System32\propsys.dll - ok
15:02:56.0187 3172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
15:02:56.0187 3172 C:\Windows\System32\netprofm.dll - ok
15:02:56.0192 3172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
15:02:56.0192 3172 C:\Windows\System32\wlansvc.dll - ok
15:02:56.0196 3172 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
15:02:56.0196 3172 C:\Windows\System32\drivers\fltMgr.sys - ok
15:02:56.0200 3172 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
15:02:56.0200 3172 C:\Windows\System32\samlib.dll - ok
15:02:56.0207 3172 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
15:02:56.0207 3172 C:\Windows\System32\shacct.dll - ok
15:02:56.0211 3172 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
15:02:56.0211 3172 C:\Windows\System32\PSHED.DLL - ok
15:02:56.0216 3172 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
15:02:56.0216 3172 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
15:02:56.0221 3172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
15:02:56.0221 3172 C:\Windows\System32\MPSSVC.dll - ok
15:02:56.0225 3172 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
15:02:56.0225 3172 C:\Windows\System32\uxtheme.dll - ok
15:02:56.0229 3172 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
15:02:56.0229 3172 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
15:02:56.0234 3172 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
15:02:56.0234 3172 C:\Windows\System32\dui70.dll - ok
15:02:56.0238 3172 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
15:02:56.0238 3172 C:\Windows\System32\duser.dll - ok
15:02:56.0244 3172 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
15:02:56.0244 3172 C:\Windows\System32\SndVolSSO.dll - ok
15:02:56.0250 3172 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
15:02:56.0250 3172 C:\Windows\System32\audiodg.exe - ok
15:02:56.0260 3172 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
15:02:56.0260 3172 C:\Windows\System32\dwmapi.dll - ok
15:02:56.0268 3172 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
15:02:56.0268 3172 C:\Windows\System32\hid.dll - ok
15:02:56.0274 3172 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
15:02:56.0275 3172 C:\Windows\System32\xmllite.dll - ok
15:02:56.0281 3172 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
15:02:56.0281 3172 C:\Windows\System32\ntmarta.dll - ok
15:02:56.0287 3172 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
15:02:56.0288 3172 C:\Windows\System32\WindowsCodecs.dll - ok
15:02:56.0293 3172 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
15:02:56.0293 3172 C:\Windows\System32\AudioSes.dll - ok
15:02:56.0300 3172 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
15:02:56.0300 3172 C:\Windows\System32\AudioEng.dll - ok
15:02:56.0307 3172 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
15:02:56.0307 3172 C:\Windows\System32\AUDIOKSE.dll - ok
15:02:56.0311 3172 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
15:02:56.0311 3172 C:\Windows\System32\ksuser.dll - ok
15:02:56.0316 3172 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
15:02:56.0316 3172 C:\Windows\System32\winbrand.dll - ok
15:02:56.0320 3172 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
15:02:56.0320 3172 C:\Windows\System32\VaultCredProvider.dll - ok
15:02:56.0323 3172 [ A0D1FC7ED767DD9D2E14C687FC9F77F2 ] C:\Windows\System32\KSAPO64.dll
15:02:56.0323 3172 C:\Windows\System32\KSAPO64.dll - ok
15:02:56.0327 3172 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
15:02:56.0327 3172 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
15:02:56.0333 3172 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
15:02:56.0333 3172 C:\Windows\System32\BioCredProv.dll - ok
15:02:56.0337 3172 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
15:02:56.0337 3172 C:\Windows\System32\IPHLPAPI.DLL - ok
15:02:56.0341 3172 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
15:02:56.0341 3172 C:\Windows\System32\winbio.dll - ok
15:02:56.0346 3172 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
15:02:56.0346 3172 C:\Windows\System32\credui.dll - ok
15:02:56.0351 3172 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
15:02:56.0351 3172 C:\Windows\System32\winnsi.dll - ok
15:02:56.0355 3172 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
15:02:56.0355 3172 C:\Windows\System32\vaultcli.dll - ok
15:02:56.0358 3172 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
15:02:56.0359 3172 C:\Windows\System32\netapi32.dll - ok
15:02:56.0364 3172 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
15:02:56.0364 3172 C:\Windows\System32\netutils.dll - ok
15:02:56.0369 3172 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
15:02:56.0370 3172 C:\Windows\System32\wkscli.dll - ok
15:02:56.0376 3172 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
15:02:56.0376 3172 C:\Windows\System32\samcli.dll - ok
15:02:56.0380 3172 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
15:02:56.0380 3172 C:\Windows\System32\certCredProvider.dll - ok
15:02:56.0384 3172 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:02:56.0385 3172 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe - ok
15:02:56.0389 3172 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
15:02:56.0389 3172 C:\Windows\SysWOW64\shell32.dll - ok
15:02:56.0393 3172 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
15:02:56.0393 3172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
15:02:56.0396 3172 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
15:02:56.0396 3172 C:\Windows\System32\rasplap.dll - ok
15:02:56.0401 3172 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
15:02:56.0401 3172 C:\Windows\System32\rasapi32.dll - ok
15:02:56.0407 3172 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
15:02:56.0407 3172 C:\Windows\System32\rasman.dll - ok
15:02:56.0410 3172 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
15:02:56.0410 3172 C:\Windows\System32\rtutils.dll - ok
15:02:56.0415 3172 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
15:02:56.0415 3172 C:\Windows\SysWOW64\shlwapi.dll - ok
15:02:56.0418 3172 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
15:02:56.0418 3172 C:\Windows\SysWOW64\dsound.dll - ok
15:02:56.0423 3172 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
15:02:56.0423 3172 C:\Windows\SysWOW64\winmm.dll - ok
15:02:56.0427 3172 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
15:02:56.0427 3172 C:\Windows\SysWOW64\powrprof.dll - ok
15:02:56.0430 3172 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
15:02:56.0430 3172 C:\Windows\SysWOW64\oleacc.dll - ok
15:02:56.0437 3172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
15:02:56.0437 3172 C:\Windows\System32\gpsvc.dll - ok
15:02:56.0441 3172 [ 773212B2AAA24C1E31F10246B15B276C ] C:\Windows\servicing\TrustedInstaller.exe
15:02:56.0441 3172 C:\Windows\servicing\TrustedInstaller.exe - ok
15:02:56.0447 3172 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
15:02:56.0447 3172 C:\Windows\System32\nlaapi.dll - ok
15:02:56.0455 3172 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
15:02:56.0455 3172 C:\Windows\System32\themeservice.dll - ok
15:02:56.0459 3172 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
15:02:56.0459 3172 C:\Windows\System32\atl.dll - ok
15:02:56.0463 3172 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
15:02:56.0463 3172 C:\Windows\System32\dsrole.dll - ok
15:02:56.0468 3172 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
15:02:56.0468 3172 C:\Windows\System32\slc.dll - ok
15:02:56.0475 3172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
15:02:56.0475 3172 C:\Windows\System32\es.dll - ok
15:02:56.0479 3172 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
15:02:56.0479 3172 C:\Windows\System32\wdscore.dll - ok
15:02:56.0483 3172 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
15:02:56.0483 3172 C:\Windows\System32\comres.dll - ok
15:02:56.0488 3172 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
15:02:56.0488 3172 C:\Windows\System32\Sens.dll - ok
15:02:56.0492 3172 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
15:02:56.0492 3172 C:\Windows\System32\dbghelp.dll - ok
15:02:56.0497 3172 [ 288ADDED26C80FDC135CAB4340161686 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll
15:02:56.0497 3172 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll - ok
15:02:56.0501 3172 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
15:02:56.0501 3172 C:\Windows\System32\ktmw32.dll - ok
15:02:56.0506 3172 [ 6369F960C28A16F4502C480EEDE3652C ] C:\Windows\System32\dpx.dll
15:02:56.0506 3172 C:\Windows\System32\dpx.dll - ok
15:02:56.0510 3172 [ 7957A194B8421BC070FABBF1C55DB68B ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll
15:02:56.0510 3172 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll - ok
15:02:56.0514 3172 [ 9297F004FCE79FB7B26DAC6968FB5FEB ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll
15:02:56.0514 3172 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll - ok
15:02:56.0520 3172 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
15:02:56.0520 3172 C:\Windows\System32\mpr.dll - ok
15:02:56.0526 3172 [ FC6C5D860CDB82411DA626821201BDF0 ] C:\Windows\System32\srclient.dll
15:02:56.0526 3172 C:\Windows\System32\srclient.dll - ok
15:02:56.0531 3172 [ B7AC66C1CCD87D7C49256B5451DED4FA ] C:\Windows\System32\spp.dll
15:02:56.0531 3172 C:\Windows\System32\spp.dll - ok
15:02:56.0535 3172 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
15:02:56.0536 3172 C:\Windows\System32\vssapi.dll - ok
15:02:56.0539 3172 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
15:02:56.0539 3172 C:\Windows\System32\vsstrace.dll - ok
15:02:56.0544 3172 [ 943F48CC3A59169E52A054946C2F59B8 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll
15:02:56.0545 3172 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll - ok
15:02:56.0550 3172 [ 6685DD5CC357D45EEE30FD089E8A111A ] C:\Windows\System32\sxsstore.dll
15:02:56.0550 3172 C:\Windows\System32\sxsstore.dll - ok
15:02:56.0557 3172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
15:02:56.0557 3172 C:\Windows\System32\uxsms.dll - ok
15:02:56.0561 3172 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
15:02:56.0561 3172 C:\Windows\System32\WUDFSvc.dll - ok
15:02:56.0567 3172 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
15:02:56.0567 3172 C:\Windows\System32\WUDFPlatform.dll - ok
15:02:56.0576 3172 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
15:02:56.0576 3172 C:\Windows\System32\sqmapi.dll - ok
15:02:56.0582 3172 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
15:02:56.0582 3172 C:\Windows\System32\drivers\lltdio.sys - ok
15:02:56.0586 3172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
15:02:56.0586 3172 C:\Windows\System32\drivers\nwifi.sys - ok
15:02:56.0591 3172 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
15:02:56.0591 3172 C:\Windows\System32\drivers\ndisuio.sys - ok
15:02:56.0595 3172 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
15:02:56.0595 3172 C:\Windows\System32\drivers\rspndr.sys - ok
15:02:56.0598 3172 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
15:02:56.0598 3172 C:\Windows\System32\lmhsvc.dll - ok
15:02:56.0604 3172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
15:02:56.0604 3172 C:\Windows\System32\nsisvc.dll - ok
15:02:56.0608 3172 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
15:02:56.0608 3172 C:\Windows\System32\nrpsrv.dll - ok
15:02:56.0613 3172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
15:02:56.0613 3172 C:\Windows\System32\dhcpcore.dll - ok
15:02:56.0618 3172 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
15:02:56.0618 3172 C:\Windows\System32\keyiso.dll - ok
15:02:56.0622 3172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
15:02:56.0622 3172 C:\Windows\System32\dnsrslvr.dll - ok
15:02:56.0628 3172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
15:02:56.0628 3172 C:\Windows\System32\eapsvc.dll - ok
15:02:56.0632 3172 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
15:02:56.0632 3172 C:\Windows\System32\eapphost.dll - ok
15:02:56.0636 3172 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
15:02:56.0636 3172 C:\Windows\System32\dhcpcore6.dll - ok
15:02:56.0640 3172 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
15:02:56.0640 3172 C:\Windows\System32\FWPUCLNT.DLL - ok
15:02:56.0644 3172 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
15:02:56.0644 3172 C:\Windows\System32\umb.dll - ok
15:02:56.0646 3172 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
15:02:56.0646 3172 C:\Windows\System32\wlanmsm.dll - ok
15:02:56.0653 3172 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
15:02:56.0653 3172 C:\Windows\System32\dnsext.dll - ok
15:02:56.0658 3172 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
15:02:56.0658 3172 C:\Windows\System32\wlansec.dll - ok
15:02:56.0663 3172 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
15:02:56.0663 3172 C:\Windows\System32\dhcpcsvc.dll - ok
15:02:56.0667 3172 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
15:02:56.0668 3172 C:\Windows\System32\dhcpcsvc6.dll - ok
15:02:56.0674 3172 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
15:02:56.0674 3172 C:\Windows\System32\onex.dll - ok
15:02:56.0678 3172 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
15:02:56.0678 3172 C:\Windows\System32\eappprxy.dll - ok
15:02:56.0683 3172 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
15:02:56.0683 3172 C:\Windows\System32\eappcfg.dll - ok
15:02:56.0688 3172 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
15:02:56.0688 3172 C:\Windows\System32\wlgpclnt.dll - ok
15:02:56.0692 3172 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
15:02:56.0692 3172 C:\Windows\System32\l2gpstore.dll - ok
15:02:56.0696 3172 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
15:02:56.0696 3172 C:\Windows\System32\wlanutil.dll - ok
15:02:56.0699 3172 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
15:02:56.0699 3172 C:\Windows\System32\WinSCard.dll - ok
15:02:56.0703 3172 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
15:02:56.0704 3172 C:\Windows\System32\msxml6.dll - ok
15:02:56.0709 3172 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
15:02:56.0709 3172 C:\Windows\System32\shsvcs.dll - ok
15:02:56.0712 3172 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
15:02:56.0712 3172 C:\Windows\System32\schedsvc.dll - ok
15:02:56.0717 3172 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
15:02:56.0717 3172 C:\Windows\System32\fveapi.dll - ok
15:02:56.0723 3172 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
15:02:56.0723 3172 C:\Windows\System32\tbs.dll - ok
15:02:56.0727 3172 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
15:02:56.0727 3172 C:\Windows\System32\fvecerts.dll - ok
15:02:56.0732 3172 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
15:02:56.0732 3172 C:\Windows\System32\wiarpc.dll - ok
15:02:56.0737 3172 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
15:02:56.0737 3172 C:\Windows\System32\taskcomp.dll - ok
15:02:56.0740 3172 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
15:02:56.0740 3172 C:\Windows\System32\netcfgx.dll - ok
15:02:56.0746 3172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
15:02:56.0746 3172 C:\Windows\System32\drivers\http.sys - ok
15:02:56.0753 3172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
15:02:56.0753 3172 C:\Windows\System32\spoolsv.exe - ok
15:02:56.0758 3172 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
15:02:56.0758 3172 C:\Windows\System32\BFE.DLL - ok
15:02:56.0762 3172 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
15:02:56.0762 3172 C:\Windows\System32\drivers\srvnet.sys - ok
15:02:56.0767 3172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
15:02:56.0767 3172 C:\Windows\System32\drivers\bowser.sys - ok
15:02:56.0771 3172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
15:02:56.0771 3172 C:\Windows\System32\drivers\mpsdrv.sys - ok
15:02:56.0778 3172 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
15:02:56.0778 3172 C:\Windows\System32\drivers\mrxsmb.sys - ok
15:02:56.0783 3172 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
15:02:56.0783 3172 C:\Windows\System32\drivers\mrxsmb10.sys - ok
15:02:56.0789 3172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
15:02:56.0789 3172 C:\Windows\System32\drivers\mrxsmb20.sys - ok
15:02:56.0793 3172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
15:02:56.0793 3172 C:\Windows\System32\drivers\srv2.sys - ok
15:02:56.0798 3172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
15:02:56.0799 3172 C:\Windows\System32\drivers\srv.sys - ok
15:02:56.0803 3172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
15:02:56.0803 3172 C:\Windows\System32\wkssvc.dll - ok
15:02:56.0808 3172 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
15:02:56.0808 3172 C:\Windows\System32\wfapigp.dll - ok
15:02:56.0815 3172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
15:02:56.0815 3172 C:\Windows\System32\srvsvc.dll - ok
15:02:56.0821 3172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
15:02:56.0821 3172 C:\Windows\System32\browser.dll - ok
15:02:56.0828 3172 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
15:02:56.0828 3172 C:\Windows\System32\netmsg.dll - ok
15:02:56.0832 3172 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
15:02:56.0832 3172 C:\Windows\System32\mscms.dll - ok
15:02:56.0838 3172 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
15:02:56.0838 3172 C:\Windows\System32\sscore.dll - ok
15:02:56.0842 3172 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
15:02:56.0843 3172 C:\Windows\System32\clusapi.dll - ok
15:02:56.0847 3172 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
15:02:56.0847 3172 C:\Windows\System32\pcasvc.dll - ok
15:02:56.0851 3172 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
15:02:56.0851 3172 C:\Windows\System32\resutils.dll - ok
15:02:56.0857 3172 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
15:02:56.0857 3172 C:\Windows\System32\snmptrap.exe - ok
15:02:56.0861 3172 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
15:02:56.0861 3172 C:\Windows\System32\provsvc.dll - ok
15:02:56.0865 3172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
15:02:56.0865 3172 C:\Windows\System32\sstpsvc.dll - ok
15:02:56.0870 3172 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
15:02:56.0871 3172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
15:02:56.0876 3172 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:02:56.0876 3172 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
15:02:56.0879 3172 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
15:02:56.0880 3172 C:\Windows\System32\rasadhlp.dll - ok
15:02:56.0884 3172 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
15:02:56.0884 3172 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
15:02:56.0889 3172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
15:02:56.0889 3172 C:\Windows\System32\cryptsvc.dll - ok
15:02:56.0892 3172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
15:02:56.0892 3172 C:\Windows\System32\dps.dll - ok
15:02:56.0894 3172 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
15:02:56.0894 3172 C:\Windows\System32\cryptnet.dll - ok
15:02:56.0898 3172 [ 85B16A92B117A5A800032ECD904B86DB ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:02:56.0898 3172 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
15:02:56.0903 3172 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
15:02:56.0903 3172 C:\Windows\System32\taskschd.dll - ok
15:02:56.0908 3172 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
15:02:56.0908 3172 C:\Windows\System32\FDResPub.dll - ok
15:02:56.0911 3172 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
15:02:56.0911 3172 C:\Windows\System32\IKEEXT.DLL - ok
15:02:56.0916 3172 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
15:02:56.0916 3172 C:\Windows\System32\WSDApi.dll - ok
15:02:56.0920 3172 [ C0F7C25EEFB1C5FD554AAA801201A83C ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
15:02:56.0920 3172 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
15:02:56.0924 3172 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
15:02:56.0925 3172 C:\Windows\System32\webservices.dll - ok
15:02:56.0929 3172 [ A8AD2773202A3913D1E1564BD5703183 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
15:02:56.0929 3172 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
15:02:56.0934 3172 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
15:02:56.0934 3172 C:\Windows\System32\vpnikeapi.dll - ok
15:02:56.0939 3172 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
15:02:56.0939 3172 C:\Windows\System32\fundisc.dll - ok
15:02:56.0943 3172 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
15:02:56.0943 3172 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
15:02:56.0946 3172 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
15:02:56.0946 3172 C:\Windows\SysWOW64\nsi.dll - ok
15:02:56.0950 3172 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
15:02:56.0950 3172 C:\Windows\SysWOW64\winnsi.dll - ok
15:02:56.0955 3172 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
15:02:56.0956 3172 C:\Windows\SysWOW64\ws2_32.dll - ok
15:02:56.0960 3172 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
15:02:56.0960 3172 C:\Windows\SysWOW64\wtsapi32.dll - ok
15:02:56.0965 3172 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
15:02:56.0965 3172 C:\Windows\SysWOW64\userenv.dll - ok
15:02:56.0968 3172 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
15:02:56.0968 3172 C:\Windows\SysWOW64\profapi.dll - ok
15:02:56.0973 3172 [ 20E2469DB709FC675E655CEAA11BE312 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:02:56.0973 3172 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
15:02:56.0978 3172 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
15:02:56.0978 3172 C:\Windows\SysWOW64\cryptsp.dll - ok
15:02:56.0982 3172 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
15:02:56.0982 3172 C:\Windows\SysWOW64\rsaenh.dll - ok
15:02:56.0987 3172 [ 8EB9DF4D405524D5EF69AE9ECB0EDD16 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
15:02:56.0987 3172 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
15:02:56.0991 3172 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
15:02:56.0991 3172 C:\Windows\SysWOW64\mpr.dll - ok
15:02:56.0995 3172 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
15:02:56.0995 3172 C:\Windows\SysWOW64\psapi.dll - ok
15:02:56.0998 3172 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
15:02:56.0998 3172 C:\Windows\System32\netman.dll - ok
15:02:57.0004 3172 [ E127420B7FEB65C7F279EAAC183BBC0E ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
15:02:57.0004 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe - ok
15:02:57.0008 3172 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
15:02:57.0008 3172 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
15:02:57.0013 3172 [ F6914429533842B964C98062B657FB1B ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccL110U.dll
15:02:57.0013 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccL110U.dll - ok
15:02:57.0016 3172 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
15:02:57.0016 3172 C:\Windows\SysWOW64\dbghelp.dll - ok
15:02:57.0020 3172 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
15:02:57.0020 3172 C:\Windows\SysWOW64\winsta.dll - ok
15:02:57.0025 3172 [ 47A2726C35EA4FF56EF1B5D89981992C ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccVrTrst.dll
15:02:57.0025 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccVrTrst.dll - ok
15:02:57.0031 3172 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
15:02:57.0031 3172 C:\Windows\System32\aepic.dll - ok
15:02:57.0035 3172 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
15:02:57.0035 3172 C:\Windows\System32\sfc.dll - ok
15:02:57.0039 3172 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
15:02:57.0039 3172 C:\Windows\System32\sfc_os.dll - ok
15:02:57.0044 3172 [ 372FEB5FBE60B5B696EC9B2AC06BD09D ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\EFACli.dll
15:02:57.0044 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\EFACli.dll - ok
15:02:57.0048 3172 [ 0EAD8118270D275149CA1422978BD642 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvc.dll
15:02:57.0048 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvc.dll - ok
15:02:57.0053 3172 [ CE31A8785554D2B546113031606A99E7 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Srtsp32.dll
15:02:57.0053 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Srtsp32.dll - ok
15:02:57.0058 3172 [ 58C8D469EDCA6C4396FC941107065AFA ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccIPC.dll
15:02:57.0058 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccIPC.dll - ok
15:02:57.0062 3172 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
15:02:57.0062 3172 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
15:02:57.0068 3172 [ 06FBEA51086D11F76B72A8A665CD4C9E ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll
15:02:57.0068 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll - ok
15:02:57.0072 3172 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
15:02:57.0072 3172 C:\Windows\SysWOW64\secur32.dll - ok
15:02:57.0076 3172 [ BAC6EEDE73F2D61583982A07E6382015 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSet.dll
15:02:57.0076 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSet.dll - ok
15:02:57.0080 3172 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
15:02:57.0080 3172 C:\Windows\SysWOW64\clbcatq.dll - ok
15:02:57.0084 3172 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
15:02:57.0084 3172 C:\Windows\System32\winhttp.dll - ok
15:02:57.0088 3172 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
15:02:57.0088 3172 C:\Windows\System32\aeevts.dll - ok
15:02:57.0093 3172 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
15:02:57.0093 3172 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
15:02:57.0098 3172 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
15:02:57.0098 3172 C:\Windows\SysWOW64\wbemcomn.dll - ok
15:02:57.0104 3172 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
15:02:57.0104 3172 C:\Windows\System32\nlasvc.dll - ok
15:02:57.0108 3172 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
15:02:57.0108 3172 C:\Windows\System32\ncsi.dll - ok
15:02:57.0111 3172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
15:02:57.0111 3172 C:\Windows\System32\drivers\PEAuth.sys - ok
15:02:57.0116 3172 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
15:02:57.0116 3172 C:\Windows\System32\drivers\secdrv.sys - ok
15:02:57.0121 3172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
15:02:57.0121 3172 C:\Windows\System32\seclogon.dll - ok
15:02:57.0126 3172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
15:02:57.0126 3172 C:\Windows\System32\IPSECSVC.DLL - ok
15:02:57.0130 3172 [ 183F04C6742902F33039913A96F5B574 ] C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:02:57.0130 3172 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe - ok
15:02:57.0134 3172 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
15:02:57.0134 3172 C:\Windows\System32\webio.dll - ok
15:02:57.0139 3172 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
15:02:57.0139 3172 C:\Windows\System32\httpapi.dll - ok
15:02:57.0144 3172 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
15:02:57.0144 3172 C:\Windows\System32\SensApi.dll - ok
15:02:57.0147 3172 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
15:02:57.0147 3172 C:\Windows\System32\ssdpapi.dll - ok
15:02:57.0150 3172 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
15:02:57.0150 3172 C:\Windows\System32\FwRemoteSvr.dll - ok
15:02:57.0154 3172 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
15:02:57.0154 3172 C:\Windows\SysWOW64\msi.dll - ok
15:02:57.0159 3172 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
15:02:57.0159 3172 C:\Windows\SysWOW64\winhttp.dll - ok
15:02:57.0164 3172 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
15:02:57.0164 3172 C:\Windows\SysWOW64\webio.dll - ok
15:02:57.0168 3172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
15:02:57.0168 3172 C:\Windows\System32\drivers\tcpipreg.sys - ok
15:02:57.0173 3172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
15:02:57.0173 3172 C:\Windows\System32\sysmain.dll - ok
15:02:57.0178 3172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
15:02:57.0178 3172 C:\Windows\System32\tapisrv.dll - ok
15:02:57.0183 3172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
15:02:57.0183 3172 C:\Windows\System32\trkwks.dll - ok
15:02:57.0189 3172 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
15:02:57.0189 3172 C:\Program Files\Windows Defender\MpSvc.dll - ok
15:02:57.0194 3172 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
15:02:57.0194 3172 C:\Windows\System32\wbem\WMIsvc.dll - ok
15:02:57.0199 3172 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:02:57.0199 3172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
15:02:57.0204 3172 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
15:02:57.0204 3172 C:\Windows\System32\wbemcomn.dll - ok
15:02:57.0208 3172 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
15:02:57.0208 3172 C:\Windows\System32\wbem\WinMgmtR.dll - ok
15:02:57.0212 3172 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
15:02:57.0212 3172 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
15:02:57.0216 3172 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
15:02:57.0216 3172 C:\Windows\System32\wbem\wbemcore.dll - ok
15:02:57.0221 3172 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
15:02:57.0221 3172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
15:02:57.0226 3172 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
15:02:57.0226 3172 C:\Windows\System32\wer.dll - ok
15:02:57.0231 3172 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
15:02:57.0231 3172 C:\Windows\System32\wbem\esscli.dll - ok
15:02:57.0237 3172 [ 079FD1D59EAD19270C979AF174D881A3 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
15:02:57.0237 3172 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
15:02:57.0241 3172 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
15:02:57.0241 3172 C:\Program Files\Windows Defender\MpClient.dll - ok
15:02:57.0246 3172 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
15:02:57.0246 3172 C:\Windows\System32\esent.dll - ok
15:02:57.0250 3172 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
15:02:57.0250 3172 C:\Windows\System32\msxml3.dll - ok
15:02:57.0256 3172 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
15:02:57.0256 3172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
15:02:57.0261 3172 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
15:02:57.0261 3172 C:\Windows\System32\wbem\fastprox.dll - ok
15:02:57.0266 3172 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
15:02:57.0266 3172 C:\Windows\System32\ntdsapi.dll - ok
15:02:57.0270 3172 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
15:02:57.0270 3172 C:\Windows\System32\iphlpsvc.dll - ok
15:02:57.0274 3172 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
15:02:57.0274 3172 C:\Windows\System32\wbem\wbemprox.dll - ok
15:02:57.0278 3172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
15:02:57.0278 3172 C:\Windows\System32\rasmans.dll - ok
15:02:57.0284 3172 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
15:02:57.0284 3172 C:\Windows\System32\wbem\wbemsvc.dll - ok
15:02:57.0288 3172 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
15:02:57.0288 3172 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
15:02:57.0293 3172 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
15:02:57.0293 3172 C:\Windows\System32\rastapi.dll - ok
15:02:57.0297 3172 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
15:02:57.0297 3172 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
15:02:57.0301 3172 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
15:02:57.0301 3172 C:\Windows\System32\tapi32.dll - ok
15:02:57.0307 3172 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
15:02:57.0307 3172 C:\Windows\SysWOW64\ntdsapi.dll - ok
15:02:57.0312 3172 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
15:02:57.0312 3172 C:\Windows\System32\hnetcfg.dll - ok
15:02:57.0317 3172 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
15:02:57.0317 3172 C:\Windows\System32\wbem\wmiutils.dll - ok
15:02:57.0323 3172 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
15:02:57.0323 3172 C:\Windows\System32\wbem\repdrvfs.dll - ok
15:02:57.0328 3172 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
15:02:57.0328 3172 C:\Windows\System32\unimdm.tsp - ok
15:02:57.0332 3172 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
15:02:57.0332 3172 C:\Windows\System32\uniplat.dll - ok
15:02:57.0338 3172 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
15:02:57.0338 3172 C:\Windows\System32\nci.dll - ok
15:02:57.0344 3172 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
15:02:57.0344 3172 C:\Windows\System32\kmddsp.tsp - ok
15:02:57.0348 3172 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
15:02:57.0348 3172 C:\Windows\System32\ndptsp.tsp - ok
15:02:57.0354 3172 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
15:02:57.0354 3172 C:\Windows\System32\hidphone.tsp - ok
15:02:57.0358 3172 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
15:02:57.0358 3172 C:\Windows\System32\winmm.dll - ok
15:02:57.0363 3172 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
15:02:57.0363 3172 C:\Windows\System32\rasppp.dll - ok
15:02:57.0367 3172 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
15:02:57.0368 3172 C:\Windows\System32\vpnike.dll - ok
15:02:57.0373 3172 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
15:02:57.0373 3172 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
15:02:57.0379 3172 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
15:02:57.0379 3172 C:\Windows\System32\ncobjapi.dll - ok
15:02:57.0384 3172 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
15:02:57.0384 3172 C:\Windows\System32\raschap.dll - ok
15:02:57.0389 3172 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
15:02:57.0389 3172 C:\Windows\System32\wbem\wbemess.dll - ok
15:02:57.0395 3172 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
15:02:57.0399 3172 C:\Windows\System32\ipnathlp.dll - ok
15:02:57.0402 3172 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
15:02:57.0403 3172 C:\Windows\System32\mprapi.dll - ok
15:02:57.0407 3172 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
15:02:57.0407 3172 C:\Windows\System32\netshell.dll - ok
15:02:57.0412 3172 [ D8585EF6124B0A08387F4E57542C86DE ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\drvstore.dll
15:02:57.0412 3172 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\drvstore.dll - ok
15:02:57.0416 3172 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
15:02:57.0416 3172 C:\Windows\System32\hidserv.dll - ok
15:02:57.0420 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
15:02:57.0420 3172 C:\Windows\System32\wdi.dll - ok
15:02:57.0425 3172 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
15:02:57.0425 3172 C:\Windows\System32\wpdbusenum.dll - ok
15:02:57.0429 3172 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
15:02:57.0429 3172 C:\Windows\System32\npmproxy.dll - ok
15:02:57.0434 3172 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
15:02:57.0434 3172 C:\Windows\System32\PortableDeviceApi.dll - ok
15:02:57.0439 3172 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
15:02:57.0439 3172 C:\Windows\System32\diagperf.dll - ok
15:02:57.0443 3172 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
15:02:57.0443 3172 C:\Windows\System32\perftrack.dll - ok
15:02:57.0447 3172 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
15:02:57.0447 3172 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
15:02:57.0450 3172 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
15:02:57.0450 3172 C:\Windows\System32\Apphlpdm.dll - ok
15:02:57.0456 3172 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
15:02:57.0456 3172 C:\Windows\System32\pnpts.dll - ok
15:02:57.0460 3172 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
15:02:57.0460 3172 C:\Windows\System32\wdiasqmmodule.dll - ok
15:02:57.0465 3172 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
15:02:57.0465 3172 C:\Windows\System32\qmgr.dll - ok
15:02:57.0469 3172 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
15:02:57.0470 3172 C:\Windows\System32\bitsperf.dll - ok
15:02:57.0474 3172 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
15:02:57.0474 3172 C:\Windows\System32\bitsigd.dll - ok
15:02:57.0477 3172 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
15:02:57.0478 3172 C:\Windows\System32\upnp.dll - ok
15:02:57.0481 3172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
15:02:57.0481 3172 C:\Windows\System32\ssdpsrv.dll - ok
15:02:57.0486 3172 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
15:02:57.0486 3172 C:\Windows\System32\WinSATAPI.dll - ok
15:02:57.0489 3172 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
15:02:57.0489 3172 C:\Windows\System32\dxgi.dll - ok
15:02:57.0494 3172 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
15:02:57.0494 3172 C:\Windows\System32\taskhost.exe - ok
15:02:57.0498 3172 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
15:02:57.0498 3172 C:\Windows\System32\UXInit.dll - ok
15:02:57.0505 3172 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
15:02:57.0505 3172 C:\Windows\System32\dimsjob.dll - ok
15:02:57.0508 3172 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
15:02:57.0508 3172 C:\Windows\System32\imageres.dll - ok
15:02:57.0512 3172 [ DA962E6301C2B887F545DA88BEB8D5D5 ] C:\Windows\servicing\CbsMsg.dll
15:02:57.0512 3172 C:\Windows\servicing\CbsMsg.dll - ok
15:02:57.0516 3172 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
15:02:57.0516 3172 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
15:02:57.0520 3172 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
15:02:57.0520 3172 C:\Windows\System32\wbem\cimwin32.dll - ok
15:02:57.0524 3172 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
15:02:57.0524 3172 C:\Windows\System32\framedynos.dll - ok
15:02:57.0528 3172 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
15:02:57.0529 3172 C:\Windows\System32\NapiNSP.dll - ok
15:02:57.0532 3172 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
15:02:57.0532 3172 C:\Windows\System32\pautoenr.dll - ok
15:02:57.0539 3172 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
15:02:57.0539 3172 C:\Windows\System32\certcli.dll - ok
15:02:57.0544 3172 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
15:02:57.0544 3172 C:\Windows\System32\CertEnroll.dll - ok
15:02:57.0548 3172 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
15:02:57.0548 3172 C:\Program Files\Windows Defender\MpRTP.dll - ok
15:02:57.0552 3172 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll

#9 DanieD

DanieD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 22 December 2012 - 03:38 PM

Here is the rest of the TDSSKiller log:

15:02:57.0552 3172 C:\Windows\System32\tdh.dll - ok
15:02:57.0557 3172 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E8E482-B426-4288-97AF-5FF70D1FCE47}\mpengine.dll
15:02:57.0557 3172 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E8E482-B426-4288-97AF-5FF70D1FCE47}\mpengine.dll - ok
15:02:57.0561 3172 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E8E482-B426-4288-97AF-5FF70D1FCE47}\mpasbase.vdm
15:02:57.0561 3172 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E8E482-B426-4288-97AF-5FF70D1FCE47}\mpasbase.vdm - ok
15:02:57.0566 3172 [ 806AF96BAE4DE51B778D49721D28AA71 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E8E482-B426-4288-97AF-5FF70D1FCE47}\mpasdlta.vdm
15:02:57.0566 3172 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E8E482-B426-4288-97AF-5FF70D1FCE47}\mpasdlta.vdm - ok
15:02:57.0570 3172 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
15:02:57.0570 3172 C:\Windows\System32\ndiscapCfg.dll - ok
15:02:57.0574 3172 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
15:02:57.0574 3172 C:\Windows\System32\rascfg.dll - ok
15:02:57.0577 3172 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
15:02:57.0577 3172 C:\Windows\System32\pnrpnsp.dll - ok
15:02:57.0581 3172 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
15:02:57.0581 3172 C:\Windows\System32\winrnr.dll - ok
15:02:57.0586 3172 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
15:02:57.0586 3172 C:\Windows\System32\mprmsg.dll - ok
15:02:57.0590 3172 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
15:02:57.0590 3172 C:\Windows\System32\radardt.dll - ok
15:02:57.0594 3172 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
15:02:57.0594 3172 C:\Program Files\Windows Defender\MsMpLics.dll - ok
15:02:57.0599 3172 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
15:02:57.0599 3172 C:\Windows\System32\wscapi.dll - ok
15:02:57.0604 3172 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
15:02:57.0604 3172 C:\Windows\System32\tcpipcfg.dll - ok
15:02:57.0608 3172 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
15:02:57.0608 3172 C:\Windows\System32\qmgrprxy.dll - ok
15:02:57.0613 3172 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
15:02:57.0613 3172 C:\Windows\SysWOW64\qmgrprxy.dll - ok
15:02:57.0617 3172 [ DF3E3167B03804F32AD274C33F77B308 ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
15:02:57.0618 3172 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok
15:02:57.0623 3172 [ 4CE5C4F80620D6DBBB054003EAD71F95 ] C:\Windows\System32\nvsvc64.dll
15:02:57.0623 3172 C:\Windows\System32\nvsvc64.dll - ok
15:02:57.0628 3172 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
15:02:57.0628 3172 C:\Windows\System32\dllhost.exe - ok
15:02:57.0632 3172 [ 11205381BBBF98F0CA1C672056808B8F ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
15:02:57.0632 3172 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok
15:02:57.0638 3172 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
15:02:57.0638 3172 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
15:02:57.0643 3172 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
15:02:57.0643 3172 C:\Windows\System32\IDStore.dll - ok
15:02:57.0648 3172 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
15:02:57.0648 3172 C:\Windows\SysWOW64\apphelp.dll - ok
15:02:57.0650 3172 [ 12E33DD823D74680DE6F33BFA359EFB3 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
15:02:57.0650 3172 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe - ok
15:02:57.0655 3172 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
15:02:57.0655 3172 C:\Windows\System32\PlaySndSrv.dll - ok
15:02:57.0659 3172 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
15:02:57.0659 3172 C:\Windows\System32\MsCtfMonitor.dll - ok
15:02:57.0663 3172 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
15:02:57.0663 3172 C:\Windows\System32\msutb.dll - ok
15:02:57.0666 3172 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
15:02:57.0666 3172 C:\Windows\System32\AtBroker.exe - ok
15:02:57.0670 3172 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
15:02:57.0670 3172 C:\Windows\System32\userinit.exe - ok
15:02:57.0676 3172 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
15:02:57.0676 3172 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
15:02:57.0680 3172 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
15:02:57.0680 3172 C:\Windows\System32\HotStartUserAgent.dll - ok
15:02:57.0685 3172 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
15:02:57.0685 3172 C:\Windows\System32\dwm.exe - ok
15:02:57.0690 3172 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
15:02:57.0690 3172 C:\Windows\System32\dwmredir.dll - ok
15:02:57.0694 3172 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
15:02:57.0694 3172 C:\Windows\System32\dwmcore.dll - ok
15:02:57.0698 3172 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
15:02:57.0698 3172 C:\Windows\System32\msimg32.dll - ok
15:02:57.0701 3172 [ E6E9DC01812ABA16DBAE5EFA4EF63E57 ] C:\Windows\System32\nvapi64.dll
15:02:57.0701 3172 C:\Windows\System32\nvapi64.dll - ok
15:02:57.0707 3172 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
15:02:57.0707 3172 C:\Windows\explorer.exe - ok
15:02:57.0711 3172 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
15:02:57.0711 3172 C:\Windows\SysWOW64\uxtheme.dll - ok
15:02:57.0718 3172 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
15:02:57.0718 3172 C:\Windows\SysWOW64\dwmapi.dll - ok
15:02:57.0722 3172 [ E2BD184136BCFEEFCCD622D4763622EC ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\NPCTray.dll
15:02:57.0722 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\NPCTray.dll - ok
15:02:57.0726 3172 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
15:02:57.0727 3172 C:\Windows\System32\d3d10_1.dll - ok
15:02:57.0730 3172 [ EB6FE693246965D529B73074752A62ED ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\NPCStats.dll
15:02:57.0730 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\NPCStats.dll - ok
15:02:57.0735 3172 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
15:02:57.0735 3172 C:\Windows\System32\d3d10_1core.dll - ok
15:02:57.0739 3172 [ 40965B72A0A33DDB8423B85F93E4C136 ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
15:02:57.0739 3172 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
15:02:57.0743 3172 [ D7CA52F89A7F4520610FF3682F0E42EE ] C:\Windows\System32\nvsvcr.dll
15:02:57.0743 3172 C:\Windows\System32\nvsvcr.dll - ok
15:02:57.0747 3172 [ 8BAA3C14F6ED61575E7AA35AB1022331 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\isDataPr.dll
15:02:57.0747 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\isDataPr.dll - ok
15:02:57.0751 3172 [ 80ED288D61ABCBB9B2DD3FCDDBB71E1E ] C:\Windows\System32\nvwgf2umx.dll
15:02:57.0751 3172 C:\Windows\System32\nvwgf2umx.dll - ok
15:02:57.0756 3172 [ BCBFA19C60ED9B3538DCC90AEC7B0B4D ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymHTML.dll
15:02:57.0756 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymHTML.dll - ok
15:02:57.0760 3172 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
15:02:57.0760 3172 C:\Windows\System32\wscisvif.dll - ok
15:02:57.0764 3172 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
15:02:57.0764 3172 C:\Windows\System32\wscproxystub.dll - ok
15:02:57.0767 3172 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
15:02:57.0767 3172 C:\Windows\System32\ExplorerFrame.dll - ok
15:02:57.0771 3172 [ BC2A18841494B3756894627FF279C65E ] C:\Windows\System32\nvcpl.dll
15:02:57.0771 3172 C:\Windows\System32\nvcpl.dll - ok
15:02:57.0775 3172 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
15:02:57.0775 3172 C:\Windows\System32\winspool.drv - ok
15:02:57.0778 3172 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
15:02:57.0778 3172 C:\Windows\SysWOW64\wininet.dll - ok
15:02:57.0783 3172 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
15:02:57.0783 3172 C:\Windows\System32\oleacc.dll - ok
15:02:57.0788 3172 [ C946428303FDBD85D6F17C9F104938D7 ] C:\Program Files\NVIDIA Corporation\Display\nvuir.dll
15:02:57.0788 3172 C:\Program Files\NVIDIA Corporation\Display\nvuir.dll - ok
15:02:57.0791 3172 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
15:02:57.0791 3172 C:\Windows\SysWOW64\iertutil.dll - ok
15:02:57.0796 3172 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
15:02:57.0796 3172 C:\Windows\System32\EhStorShell.dll - ok
15:02:57.0800 3172 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
15:02:57.0800 3172 C:\Windows\System32\ntshrui.dll - ok
15:02:57.0804 3172 [ C765A8406048E3094501ED8F17BFA4D6 ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
15:02:57.0804 3172 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok
15:02:57.0808 3172 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
15:02:57.0808 3172 C:\Windows\System32\cscapi.dll - ok
15:02:57.0811 3172 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
15:02:57.0811 3172 C:\Windows\System32\IconCodecService.dll - ok
15:02:57.0815 3172 [ 3B3DE5C189F896A7961A12BA74851BCB ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
15:02:57.0815 3172 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok
15:02:57.0819 3172 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
15:02:57.0819 3172 C:\Windows\SysWOW64\urlmon.dll - ok
15:02:57.0823 3172 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
15:02:57.0823 3172 C:\Windows\System32\appinfo.dll - ok
15:02:57.0827 3172 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
15:02:57.0827 3172 C:\Windows\SysWOW64\comdlg32.dll - ok
15:02:57.0831 3172 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
15:02:57.0831 3172 C:\Windows\System32\runonce.exe - ok
15:02:57.0836 3172 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
15:02:57.0836 3172 C:\Windows\System32\uDWM.dll - ok
15:02:57.0841 3172 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
15:02:57.0841 3172 C:\Windows\SysWOW64\runonce.exe - ok
15:02:57.0844 3172 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
15:02:57.0844 3172 C:\Windows\SysWOW64\propsys.dll - ok
15:02:57.0849 3172 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
15:02:57.0849 3172 C:\Windows\SysWOW64\cmd.exe - ok
15:02:57.0854 3172 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
15:02:57.0854 3172 C:\Windows\System32\conhost.exe - ok
15:02:57.0858 3172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
15:02:57.0858 3172 C:\Windows\System32\aelupsvc.dll - ok
15:02:57.0861 3172 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
15:02:57.0861 3172 C:\Windows\SysWOW64\winbrand.dll - ok
15:02:57.0865 3172 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
15:02:57.0865 3172 C:\Windows\SysWOW64\ieframe.dll - ok
15:02:57.0868 3172 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
15:02:57.0868 3172 C:\Windows\SysWOW64\shdocvw.dll - ok
15:02:57.0872 3172 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Erin\AppData\Local\Temp\9E93D5A4-26F8-4FB0-AE96-27265D0556F7.exe
15:02:57.0872 3172 C:\Users\Erin\AppData\Local\Temp\9E93D5A4-26F8-4FB0-AE96-27265D0556F7.exe - ok
15:02:57.0875 3172 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
15:02:57.0875 3172 C:\Windows\SysWOW64\imagehlp.dll - ok
15:02:57.0879 3172 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
15:02:57.0879 3172 C:\Windows\SysWOW64\ncrypt.dll - ok
15:02:57.0882 3172 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
15:02:57.0882 3172 C:\Windows\SysWOW64\bcrypt.dll - ok
15:02:57.0886 3172 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
15:02:57.0886 3172 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
15:02:57.0890 3172 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
15:02:57.0890 3172 C:\Windows\SysWOW64\gpapi.dll - ok
15:02:57.0895 3172 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
15:02:57.0895 3172 C:\Windows\SysWOW64\cryptnet.dll - ok
15:02:57.0899 3172 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
15:02:57.0899 3172 C:\Windows\SysWOW64\SensApi.dll - ok
15:02:57.0902 3172 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
15:02:57.0902 3172 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
15:02:57.0907 3172 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
15:02:57.0908 3172 C:\Windows\SysWOW64\EhStorShell.dll - ok
15:02:57.0911 3172 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
15:02:57.0911 3172 C:\Windows\SysWOW64\ntshrui.dll - ok
15:02:57.0915 3172 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
15:02:57.0915 3172 C:\Windows\SysWOW64\srvcli.dll - ok
15:02:57.0919 3172 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
15:02:57.0919 3172 C:\Windows\SysWOW64\cscapi.dll - ok
15:02:57.0924 3172 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
15:02:57.0924 3172 C:\Windows\SysWOW64\slc.dll - ok
15:02:57.0927 3172 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
15:02:57.0927 3172 C:\Windows\SysWOW64\imageres.dll - ok
15:02:57.0931 3172 [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\SysWOW64\taskeng.exe
15:02:57.0931 3172 C:\Windows\SysWOW64\taskeng.exe - ok
15:02:57.0935 3172 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
15:02:57.0935 3172 C:\Windows\System32\taskeng.exe - ok
15:02:57.0941 3172 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
15:02:57.0941 3172 C:\Windows\SysWOW64\mswsock.dll - ok
15:02:57.0947 3172 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
15:02:57.0947 3172 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
15:02:57.0951 3172 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
15:02:57.0951 3172 C:\Windows\SysWOW64\wship6.dll - ok
15:02:57.0957 3172 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
15:02:57.0957 3172 C:\Windows\SysWOW64\rasadhlp.dll - ok
15:02:57.0961 3172 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
15:02:57.0961 3172 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
15:02:57.0964 3172 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\SysWOW64\dssenh.dll
15:02:57.0964 3172 C:\Windows\SysWOW64\dssenh.dll - ok
15:02:57.0968 3172 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
15:02:57.0968 3172 C:\Windows\System32\dssenh.dll - ok
15:02:57.0972 3172 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
15:02:57.0972 3172 C:\Windows\SysWOW64\atl.dll - ok
15:02:57.0977 3172 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
15:02:57.0977 3172 C:\Windows\SysWOW64\credssp.dll - ok
15:02:57.0988 3172 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
15:02:57.0988 3172 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
15:02:57.0995 3172 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\SysWOW64\apisetschema.dll
15:02:57.0995 3172 C:\Windows\SysWOW64\apisetschema.dll - ok
15:02:58.0008 3172 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
15:02:58.0008 3172 C:\Windows\System32\localspl.dll - ok
15:02:58.0014 3172 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
15:02:58.0014 3172 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
15:02:58.0020 3172 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
15:02:58.0020 3172 C:\Windows\System32\spoolss.dll - ok
15:02:58.0027 3172 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
15:02:58.0027 3172 C:\Windows\System32\PrintIsolationProxy.dll - ok
15:02:58.0033 3172 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
15:02:58.0033 3172 C:\Windows\System32\FXSMON.dll - ok
15:02:58.0039 3172 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
15:02:58.0039 3172 C:\Windows\System32\tcpmon.dll - ok
15:02:58.0044 3172 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\SysWOW64\ktmw32.dll
15:02:58.0044 3172 C:\Windows\SysWOW64\ktmw32.dll - ok
15:02:58.0050 3172 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\SysWOW64\snmpapi.dll
15:02:58.0050 3172 C:\Windows\SysWOW64\snmpapi.dll - ok
15:02:58.0057 3172 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
15:02:58.0057 3172 C:\Windows\System32\snmpapi.dll - ok
15:02:58.0063 3172 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
15:02:58.0063 3172 C:\Windows\SysWOW64\wevtapi.dll - ok
15:02:58.0071 3172 [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\SysWOW64\wsnmp32.dll
15:02:58.0071 3172 C:\Windows\SysWOW64\wsnmp32.dll - ok
15:02:58.0076 3172 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
15:02:58.0077 3172 C:\Windows\System32\wsnmp32.dll - ok
15:02:58.0081 3172 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\SysWOW64\msxml6.dll
15:02:58.0081 3172 C:\Windows\SysWOW64\msxml6.dll - ok
15:02:58.0089 3172 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
15:02:58.0089 3172 C:\Windows\System32\usbmon.dll - ok
15:02:58.0094 3172 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\SysWOW64\WlS0WndH.dll
15:02:58.0094 3172 C:\Windows\SysWOW64\WlS0WndH.dll - ok
15:02:58.0100 3172 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
15:02:58.0100 3172 C:\Windows\System32\WSDMon.dll - ok
15:02:58.0107 3172 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\SysWOW64\WSDApi.dll
15:02:58.0108 3172 C:\Windows\SysWOW64\WSDApi.dll - ok
15:02:58.0114 3172 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\SysWOW64\webservices.dll
15:02:58.0115 3172 C:\Windows\SysWOW64\webservices.dll - ok
15:02:58.0122 3172 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\SysWOW64\TSChannel.dll
15:02:58.0122 3172 C:\Windows\SysWOW64\TSChannel.dll - ok
15:02:58.0129 3172 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
15:02:58.0129 3172 C:\Windows\SysWOW64\FirewallAPI.dll - ok
15:02:58.0134 3172 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
15:02:58.0134 3172 C:\Windows\SysWOW64\xmllite.dll - ok
15:02:58.0141 3172 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\SysWOW64\fundisc.dll
15:02:58.0141 3172 C:\Windows\SysWOW64\fundisc.dll - ok
15:02:58.0147 3172 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\SysWOW64\fdPnp.dll
15:02:58.0147 3172 C:\Windows\SysWOW64\fdPnp.dll - ok
15:02:58.0151 3172 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
15:02:58.0152 3172 C:\Windows\System32\fdPnp.dll - ok
15:02:58.0159 3172 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
15:02:58.0159 3172 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
15:02:58.0165 3172 [ 9A7B54D57594233EEB17892BAD309970 ] C:\Windows\SysWOW64\mprmsg.dll
15:02:58.0165 3172 C:\Windows\SysWOW64\mprmsg.dll - ok
15:02:58.0170 3172 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\SysWOW64\dsrole.dll
15:02:58.0170 3172 C:\Windows\SysWOW64\dsrole.dll - ok
15:02:58.0175 3172 [ F02A533F517EB38333CB12A9E8963773 ] C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe
15:02:58.0175 3172 C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe - ok
15:02:58.0180 3172 [ BE3953C7DAE4ECC89134CF64A903F8ED ] C:\Windows\SysWOW64\win32spl.dll
15:02:58.0180 3172 C:\Windows\SysWOW64\win32spl.dll - ok
15:02:58.0184 3172 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
15:02:58.0185 3172 C:\Windows\System32\win32spl.dll - ok
15:02:58.0190 3172 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:58.0190 3172 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - ok
15:02:58.0194 3172 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
15:02:58.0194 3172 C:\Windows\System32\inetpp.dll - ok
15:02:58.0199 3172 [ E1EF320CBB1A6623DF040D5539DDA8F4 ] C:\Windows\SysWOW64\TaskSchdPS.dll
15:02:58.0199 3172 C:\Windows\SysWOW64\TaskSchdPS.dll - ok
15:02:58.0204 3172 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
15:02:58.0204 3172 C:\Windows\SysWOW64\netutils.dll - ok
15:02:58.0209 3172 [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe
15:02:58.0209 3172 C:\Windows\System32\consent.exe - ok
15:02:58.0212 3172 [ 3CB79D40140E4BE4E56146109CD44715 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\bbRGen.dll
15:02:58.0212 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\bbRGen.dll - ok
15:02:58.0218 3172 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
15:02:58.0218 3172 C:\Windows\System32\TSChannel.dll - ok
15:02:58.0223 3172 [ FA1877D7A5F49FA5E9EF599AA109C176 ] C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
15:02:58.0223 3172 C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe - ok
15:02:58.0228 3172 [ EE9EB8972F85CC33AC49C520FF0957E8 ] C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBupd.dll
15:02:58.0228 3172 C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBupd.dll - ok
15:02:58.0232 3172 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
15:02:58.0232 3172 C:\Windows\SysWOW64\dnsapi.dll - ok
15:02:58.0237 3172 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\SysWOW64\svchost.exe
15:02:58.0237 3172 C:\Windows\SysWOW64\svchost.exe - ok
15:02:58.0240 3172 [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
15:02:58.0240 3172 C:\Windows\System32\wersvc.dll - ok
15:02:58.0246 3172 [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\SysWOW64\Faultrep.dll
15:02:58.0246 3172 C:\Windows\SysWOW64\Faultrep.dll - ok
15:02:58.0250 3172 [ F152755F131ADFE452D534F4E9383590 ] C:\Windows\System32\Faultrep.dll
15:02:58.0251 3172 C:\Windows\System32\Faultrep.dll - ok
15:02:58.0257 3172 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
15:02:58.0257 3172 C:\Windows\SysWOW64\wer.dll - ok
15:02:58.0261 3172 [ 5FEAB868CAEDBBD1B7A145CA8261E4AA ] C:\Windows\SysWOW64\WerFault.exe
15:02:58.0261 3172 C:\Windows\SysWOW64\WerFault.exe - ok
15:02:58.0266 3172 [ 50B7051CDF0A0669CB344705D9049231 ] C:\Windows\SysWOW64\en-US\WerFault.exe.mui
15:02:58.0266 3172 C:\Windows\SysWOW64\en-US\WerFault.exe.mui - ok
15:02:58.0270 3172 [ 32B24CBB45516F762DFFF7E02889B186 ] C:\Program Files (x86)\Ventrilo\Ventrilo.exe
15:02:58.0270 3172 C:\Program Files (x86)\Ventrilo\Ventrilo.exe - ok
15:02:58.0274 3172 [ BB3C7E48088D37417EB37F1A9E3D2449 ] C:\Windows\SysWOW64\werui.dll
15:02:58.0274 3172 C:\Windows\SysWOW64\werui.dll - ok
15:02:58.0277 3172 [ C3C34087258D99DBC2160BFB089A5025 ] C:\Windows\SysWOW64\en-US\werui.dll.mui
15:02:58.0277 3172 C:\Windows\SysWOW64\en-US\werui.dll.mui - ok
15:02:58.0283 3172 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
15:02:58.0283 3172 C:\Windows\SysWOW64\dui70.dll - ok
15:02:58.0287 3172 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
15:02:58.0287 3172 C:\Windows\SysWOW64\duser.dll - ok
15:02:58.0292 3172 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
15:02:58.0292 3172 C:\Windows\SysWOW64\riched20.dll - ok
15:02:58.0296 3172 [ F0385ECFE4D4A734C5E6FCC575F01763 ] C:\Windows\SysWOW64\en-US\duser.dll.mui
15:02:58.0296 3172 C:\Windows\SysWOW64\en-US\duser.dll.mui - ok
15:02:58.0300 3172 [ 8D08F057D2927914E6D413F98969ACAD ] C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui
15:02:58.0300 3172 C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui - ok
15:02:58.0306 3172 [ 8E8C92DD50F6B34907813AFDC0C8F7DD ] C:\Windows\SysWOW64\dbgeng.dll
15:02:58.0306 3172 C:\Windows\SysWOW64\dbgeng.dll - ok
15:02:58.0309 3172 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\SysWOW64\schannel.dll
15:02:58.0309 3172 C:\Windows\SysWOW64\schannel.dll - ok
15:02:58.0314 3172 [ 8784236EED5079493DA9FC95B28B89F8 ] C:\Windows\System32\WerFault.exe
15:02:58.0314 3172 C:\Windows\System32\WerFault.exe - ok
15:02:58.0318 3172 [ 47BB23927747B934C6690F86C33E3C16 ] C:\Windows\SysWOW64\fthsvc.dll
15:02:58.0319 3172 C:\Windows\SysWOW64\fthsvc.dll - ok
15:02:58.0322 3172 [ EDF4DEC1041EEAF78A0B1E16C1BB4CC4 ] C:\Windows\System32\fthsvc.dll
15:02:58.0322 3172 C:\Windows\System32\fthsvc.dll - ok
15:02:58.0326 3172 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
15:02:58.0326 3172 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
15:02:58.0331 3172 [ B6663FC132F0262A5EF48DB2D0187DE3 ] C:\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll
15:02:58.0331 3172 C:\Program Files\NVIDIA Corporation\Display\nvsmartmax64.dll - ok
15:02:58.0336 3172 [ A77BA10A0D610BBB6101AEA1E633ABE1 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
15:02:58.0336 3172 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok
15:02:58.0340 3172 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
15:02:58.0340 3172 C:\Windows\SysWOW64\msimg32.dll - ok
15:02:58.0345 3172 [ 90FB1802D488FFA9029854A77D4F3F27 ] C:\Windows\SysWOW64\oleaccrc.dll
15:02:58.0345 3172 C:\Windows\SysWOW64\oleaccrc.dll - ok
15:02:58.0349 3172 [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\SysWOW64\tzres.dll
15:02:58.0349 3172 C:\Windows\SysWOW64\tzres.dll - ok
15:02:58.0353 3172 [ AE0A2DE2BB518D204F94DDCF93BBCC4C ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
15:02:58.0353 3172 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
15:02:58.0357 3172 [ B720B4D1C97FBE02BE32812B580F1849 ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU64.dll
15:02:58.0357 3172 C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU64.dll - ok
15:02:58.0362 3172 [ EC248BC9C9C225FD289F250756503146 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
15:02:58.0362 3172 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
15:02:58.0366 3172 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
15:02:58.0366 3172 C:\Windows\SysWOW64\nlaapi.dll - ok
15:02:58.0370 3172 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
15:02:58.0370 3172 C:\Windows\SysWOW64\NapiNSP.dll - ok
15:02:58.0374 3172 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
15:02:58.0375 3172 C:\Windows\SysWOW64\pnrpnsp.dll - ok
15:02:58.0379 3172 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
15:02:58.0379 3172 C:\Windows\SysWOW64\winrnr.dll - ok
15:02:58.0383 3172 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
15:02:58.0383 3172 C:\Windows\System32\wbem\NCProv.dll - ok
15:02:58.0386 3172 [ F67024C08DCF4B837C002ED0081C58D0 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coSvcPlg.dll
15:02:58.0387 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coSvcPlg.dll - ok
15:02:58.0391 3172 [ BBFED4A3A7CC264599F35D0C11AF5758 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccGEvt.dll
15:02:58.0391 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccGEvt.dll - ok
15:02:58.0398 3172 [ 469135FBA4528BA090A07D772781D345 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coFFPlgn.dll
15:02:58.0398 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coFFPlgn.dll - ok
15:02:58.0402 3172 [ 8A43F5DA0D4DE4FB472ECD9DDB55E949 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccGLog.dll
15:02:58.0402 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccGLog.dll - ok
15:02:58.0405 3172 [ 469135FBA4528BA090A07D772781D345 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\components\coFFPlgn.dll
15:02:58.0405 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\components\coFFPlgn.dll - ok
15:02:58.0410 3172 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\SysWOW64\actxprxy.dll
15:02:58.0410 3172 C:\Windows\SysWOW64\actxprxy.dll - ok
15:02:58.0414 3172 [ 59E52B5C6A70F28D8B6C0D1E5A7AFCBF ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccJobMgr.dll
15:02:58.0414 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccJobMgr.dll - ok
15:02:58.0418 3172 [ 522C3488C9D906A9E98F1124F202AE34 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSubEng.dll
15:02:58.0418 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSubEng.dll - ok
15:02:58.0422 3172 [ 528D6509B7B2B67B6B1A1C1DEE6FB27F ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccEmlPxy.dll
15:02:58.0422 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccEmlPxy.dll - ok
15:02:58.0426 3172 [ C628CB2DC16DAC094D5A07649B4AAFA5 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Iron.dll
15:02:58.0426 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Iron.dll - ok
15:02:58.0432 3172 [ A10EA193A7DBA12FCB1B3FDB283ED0D8 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SNDSvc.dll
15:02:58.0432 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SNDSvc.dll - ok
15:02:58.0436 3172 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
15:02:58.0436 3172 C:\Windows\SysWOW64\rasapi32.dll - ok
15:02:58.0439 3172 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
15:02:58.0439 3172 C:\Windows\SysWOW64\rasman.dll - ok
15:02:58.0444 3172 [ 9619C246E961A9DBD77F0B34C1E6093F ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymRedir.dll
15:02:58.0444 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymRedir.dll - ok
15:02:58.0449 3172 [ 712BE2D6C5B5CF51F6EC31880176A499 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymRdrSv.dll
15:02:58.0449 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymRdrSv.dll - ok
15:02:58.0454 3172 [ AE630EAF869789948DF3E867185C5D71 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\hncore.dll
15:02:58.0454 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\hncore.dll - ok
15:02:58.0459 3172 [ FB7B291AB9BEFBC3A6E22E98A6BA5270 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymNeti.dll
15:02:58.0459 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymNeti.dll - ok
15:02:58.0464 3172 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\SysWOW64\wshqos.dll
15:02:58.0464 3172 C:\Windows\SysWOW64\wshqos.dll - ok
15:02:58.0469 3172 [ F5E278DDBC3F7E55677D6B03E7546021 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AppMgr32.dll
15:02:58.0469 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AppMgr32.dll - ok
15:02:58.0474 3172 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\SysWOW64\SearchIndexer.exe
15:02:58.0474 3172 C:\Windows\SysWOW64\SearchIndexer.exe - ok
15:02:58.0478 3172 [ D5031AE6AFB7783ACBFF54952C231788 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\NCW.dll
15:02:58.0478 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\NCW.dll - ok
15:02:58.0481 3172 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
15:02:58.0481 3172 C:\Windows\System32\SearchIndexer.exe - ok
15:02:58.0486 3172 [ CC2224C39CFA35A058FA9B5384CE6899 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVPSVC32.dll
15:02:58.0486 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVPSVC32.dll - ok
15:02:58.0491 3172 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
15:02:58.0491 3172 C:\Windows\SysWOW64\rtutils.dll - ok
15:02:58.0496 3172 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\SysWOW64\esent.dll
15:02:58.0496 3172 C:\Windows\SysWOW64\esent.dll - ok
15:02:58.0500 3172 [ 439F80E8D18E265E0AB3130D6C8EABF6 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVModule.dll
15:02:58.0500 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVModule.dll - ok
15:02:58.0505 3172 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\SysWOW64\mssrch.dll
15:02:58.0506 3172 C:\Windows\SysWOW64\mssrch.dll - ok
15:02:58.0509 3172 [ 21E2585138971BBB928AC57EE1772ADD ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVMail.dll
15:02:58.0509 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVMail.dll - ok
15:02:58.0514 3172 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
15:02:58.0514 3172 C:\Windows\SysWOW64\msidle.dll - ok
15:02:58.0518 3172 [ 71C4F42DC8DB668E826DA79462EA741E ] C:\Windows\SysWOW64\KBDUS.DLL
15:02:58.0518 3172 C:\Windows\SysWOW64\KBDUS.DLL - ok
15:02:58.0523 3172 [ 02C2F6A93DD206632A296D58CBACBBA2 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\cltPE.dll
15:02:58.0523 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\cltPE.dll - ok
15:02:58.0528 3172 [ EC1593B3039A522D4DC9C76E25374935 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\asEngine.dll
15:02:58.0528 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\asEngine.dll - ok
15:02:58.0532 3172 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
15:02:58.0532 3172 C:\Windows\SysWOW64\mssprxy.dll - ok
15:02:58.0536 3172 [ C016495110E998ECFE322A8A7A12DB12 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\DefUtDCD.dll
15:02:58.0536 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\DefUtDCD.dll - ok
15:02:58.0541 3172 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\SysWOW64\tquery.dll
15:02:58.0541 3172 C:\Windows\SysWOW64\tquery.dll - ok
15:02:58.0546 3172 [ A65A246A193E05FDA94C2F63F47F4381 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ducclib.dll
15:02:58.0546 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ducclib.dll - ok
15:02:58.0551 3172 [ F19BED67FA18F3D81211EFF893FFD9B9 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVifc.dll
15:02:58.0551 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVifc.dll - ok
15:02:58.0557 3172 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\SysWOW64\en-US\tquery.dll.mui
15:02:58.0557 3172 C:\Windows\SysWOW64\en-US\tquery.dll.mui - ok
15:02:58.0562 3172 [ 22D5E4F12682B7E24A2C066AA87982C4 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\sqsvc.dll
15:02:58.0562 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\sqsvc.dll - ok
15:02:58.0566 3172 [ 14D289F63D9538306CB560C4CD12172F ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSxpx86.dll
15:02:58.0566 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSxpx86.dll - ok
15:02:58.0570 3172 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
15:02:58.0570 3172 C:\Windows\System32\tquery.dll - ok
15:02:58.0574 3172 [ D79CF54729006BB2BE3A02EAE0C57EFE ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coDataPr.dll
15:02:58.0574 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coDataPr.dll - ok
15:02:58.0579 3172 [ 3EADECB481864E5372DC39F066CCA0EE ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coShdObj.dll
15:02:58.0579 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coShdObj.dll - ok
15:02:58.0584 3172 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
15:02:58.0584 3172 C:\Windows\System32\mssrch.dll - ok
15:02:58.0589 3172 [ C84A5C60883395B875F01140F48BB887 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120914.024\NAVENG32.DLL
15:02:58.0589 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120914.024\NAVENG32.DLL - ok
15:02:58.0593 3172 [ D0C0C17E2A31C33FA495D3AB8A0D5BB2 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\BHClient.dll
15:02:58.0593 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\BHClient.dll - ok
15:02:58.0597 3172 [ 136E1D3C93CF382730EAF4085D879CD4 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\QSPlugin.dll
15:02:58.0597 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\QSPlugin.dll - ok
15:02:58.0600 3172 [ 3422CDCE2C0F15AEBF560D3D7F0C3EA6 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\cltLMS.dll
15:02:58.0600 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\cltLMS.dll - ok
15:02:58.0606 3172 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
15:02:58.0606 3172 C:\Windows\System32\msidle.dll - ok
15:02:58.0609 3172 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
15:02:58.0609 3172 C:\Windows\System32\mssprxy.dll - ok
15:02:58.0613 3172 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
15:02:58.0613 3172 C:\Windows\System32\en-US\tquery.dll.mui - ok
15:02:58.0617 3172 [ 1F761DA08B1855DDBDD97204D69B48DD ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\BHSvcPlg.dll
15:02:58.0617 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\BHSvcPlg.dll - ok
15:02:58.0621 3172 [ C3F59351AE3DDABEA9EDCC24D08D2990 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SpocClnt.dll
15:02:58.0621 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SpocClnt.dll - ok
15:02:58.0627 3172 [ 5E0C5B5BE5304E133968D6D6F8840B28 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\DSCli.dll
15:02:58.0627 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\DSCli.dll - ok
15:02:58.0632 3172 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
15:02:58.0632 3172 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - ok
15:02:58.0636 3172 [ 3971C9C14B311E09251EA523FE7AD25C ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\DataStor.dll
15:02:58.0636 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\DataStor.dll - ok
15:02:58.0641 3172 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\SysWOW64\ncobjapi.dll
15:02:58.0641 3172 C:\Windows\SysWOW64\ncobjapi.dll - ok
15:02:58.0646 3172 [ C0C48E092C3AF40B2BD36C392AE3CA4F ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Comm.dll
15:02:58.0646 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Comm.dll - ok
15:02:58.0650 3172 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
15:02:58.0650 3172 C:\Windows\SysWOW64\netapi32.dll - ok
15:02:58.0655 3172 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
15:02:58.0655 3172 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
15:02:58.0657 3172 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
15:02:58.0657 3172 C:\Windows\SysWOW64\wkscli.dll - ok
15:02:58.0662 3172 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
15:02:58.0662 3172 C:\Windows\SysWOW64\samcli.dll - ok
15:02:58.0666 3172 [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\SysWOW64\browcli.dll
15:02:58.0666 3172 C:\Windows\SysWOW64\browcli.dll - ok
15:02:58.0672 3172 [ 741930EE4DBF692E181B1FCEA8633760 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SQLite.dll
15:02:58.0672 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SQLite.dll - ok
15:02:58.0676 3172 [ 2D5D0A0609F4A3332195116F5FCAD24A ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\UserLog.dll
15:02:58.0676 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\UserLog.dll - ok
15:02:58.0680 3172 [ 185B1A57D7DED8128E2D7AA866A55670 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPSPlug.dll
15:02:58.0680 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPSPlug.dll - ok
15:02:58.0685 3172 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
15:02:58.0685 3172 C:\Windows\System32\wbem\wmiprov.dll - ok
15:02:58.0689 3172 [ 6E8B6B3816041CE282FCFABA8B21AD3A ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ISDataSv.dll
15:02:58.0689 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ISDataSv.dll - ok
15:02:58.0693 3172 [ 92214E2E38E417DDE316C324044D0D27 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWCore.dll
15:02:58.0693 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWCore.dll - ok
15:02:58.0698 3172 [ F224C781E09F95F7972897D9A113A8DD ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWGenPlg.dll
15:02:58.0698 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWGenPlg.dll - ok
15:02:58.0703 3172 [ B7786248FE914A486CC33DFD24CE3FDB ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWSetup.dll
15:02:58.0703 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWSetup.dll - ok
15:02:58.0707 3172 [ B92ED640E6C9F84E237F7997D86858B1 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWHelper.dll
15:02:58.0707 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWHelper.dll - ok
15:02:58.0711 3172 [ D0C45D0542CDCCBB444CC691DB4D8E31 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\asHelper.dll
15:02:58.0711 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\asHelper.dll - ok
15:02:58.0716 3172 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\SysWOW64\vssapi.dll
15:02:58.0716 3172 C:\Windows\SysWOW64\vssapi.dll - ok
15:02:58.0720 3172 [ 02896052E43E1452893806F6D2DA8786 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHEngine.dll
15:02:58.0720 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHEngine.dll - ok
15:02:58.0724 3172 [ 1D2C72B70417890BE0B99AECBB132DB8 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\asOEHook.dll
15:02:58.0724 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\asOEHook.dll - ok
15:02:58.0729 3172 [ F18F196F1C49B7904BC297B375B1B349 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPSFFPl.dll
15:02:58.0729 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPSFFPl.dll - ok
15:02:58.0734 3172 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\SysWOW64\vsstrace.dll
15:02:58.0734 3172 C:\Windows\SysWOW64\vsstrace.dll - ok
15:02:58.0737 3172 [ 422AA88C28C2FCFA6BA0F0E16EFE1840 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVPAPP32.dll
15:02:58.0738 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\AVPAPP32.dll - ok
15:02:58.0743 3172 [ 8C6B3E7CE7FA66EBD40549AEEBB51B8B ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\components\IPSFFPl.dll
15:02:58.0743 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\components\IPSFFPl.dll - ok
15:02:58.0747 3172 [ E1AC89F6C5252057E6062843E36A6701 ] C:\Windows\SysWOW64\SearchProtocolHost.exe
15:02:58.0747 3172 C:\Windows\SysWOW64\SearchProtocolHost.exe - ok
15:02:58.0751 3172 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
15:02:58.0751 3172 C:\Windows\SysWOW64\samlib.dll - ok
15:02:58.0755 3172 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
15:02:58.0755 3172 C:\Windows\System32\SearchProtocolHost.exe - ok
15:02:58.0759 3172 [ D0B147CC179796C209D6006EBA2EB70B ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\cltAlDis.dll
15:02:58.0759 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\cltAlDis.dll - ok
15:02:58.0764 3172 [ 3EC4B1DD82509EFA41A7657988C02B45 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IDSAux.dll
15:02:58.0764 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IDSAux.dll - ok
15:02:58.0769 3172 [ 8C6B3E7CE7FA66EBD40549AEEBB51B8B ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IPSFFPl.dll
15:02:58.0769 3172 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IPSFFPl.dll - ok
15:02:58.0774 3172 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
15:02:58.0774 3172 C:\Windows\SysWOW64\es.dll - ok
15:02:58.0779 3172 [ 8C7C395286813B7F696AA1CC7DE04DF0 ] C:\Program Files (x86)\Norton Internet Security\MUI\19.1.0.28\09\01\cltRes.loc
15:02:58.0779 3172 C:\Program Files (x86)\Norton Internet Security\MUI\19.1.0.28\09\01\cltRes.loc - ok
15:02:58.0784 3172 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\SysWOW64\msshooks.dll
15:02:58.0784 3172 C:\Windows\SysWOW64\msshooks.dll - ok
15:02:58.0788 3172 [ A5F03C6BD36FEF4A4EBA281B547B13CA ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\isPwd.dll
15:02:58.0788 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\isPwd.dll - ok
15:02:58.0793 3172 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
15:02:58.0793 3172 C:\Windows\System32\msshooks.dll - ok
15:02:58.0797 3172 [ 39C395B2D4ED1B236090B85A97C5B75E ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\diStRptr.dll
15:02:58.0797 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\diStRptr.dll - ok
15:02:58.0801 3172 [ 5AA8FEBD6F3D549A9962A721C25300BE ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWSesAl.dll
15:02:58.0801 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\FWSesAl.dll - ok
15:02:58.0807 3172 [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\SysWOW64\SearchFilterHost.exe
15:02:58.0807 3172 C:\Windows\SysWOW64\SearchFilterHost.exe - ok
15:02:58.0811 3172 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
15:02:58.0811 3172 C:\Windows\System32\SearchFilterHost.exe - ok
15:02:58.0817 3172 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
15:02:58.0817 3172 C:\Windows\SysWOW64\mscoree.dll - ok
15:02:58.0820 3172 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
15:02:58.0821 3172 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
15:02:58.0825 3172 [ 7A853F715E8281DFE62E3B893D6C7657 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\naHelper.dll
15:02:58.0825 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\naHelper.dll - ok
15:02:58.0829 3172 [ 70A49D1E1F66D5E5A34B1A570D335A5E ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coActMgr.dll
15:02:58.0829 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coActMgr.dll - ok
15:02:58.0834 3172 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
15:02:58.0834 3172 C:\Windows\System32\mscoree.dll - ok
15:02:58.0839 3172 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
15:02:58.0839 3172 C:\Windows\SysWOW64\sfc.dll - ok
15:02:58.0843 3172 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
15:02:58.0843 3172 C:\Windows\SysWOW64\sfc_os.dll - ok
15:02:58.0847 3172 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
15:02:58.0847 3172 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
15:02:58.0853 3172 [ DB67C7C62038BDE813CB6486581A7611 ] C:\Windows\SysWOW64\mssph.dll
15:02:58.0853 3172 C:\Windows\SysWOW64\mssph.dll - ok
15:02:58.0856 3172 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
15:02:58.0856 3172 C:\Windows\System32\mssph.dll - ok
15:02:58.0860 3172 [ 35D4E987BAD565D3186DFE552F113687 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SDKCmn.dll
15:02:58.0860 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SDKCmn.dll - ok
15:02:58.0864 3172 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\SysWOW64\prnfldr.dll
15:02:58.0864 3172 C:\Windows\SysWOW64\prnfldr.dll - ok
15:02:58.0867 3172 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\SysWOW64\mapi32.dll
15:02:58.0867 3172 C:\Windows\SysWOW64\mapi32.dll - ok
15:02:58.0871 3172 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
15:02:58.0871 3172 C:\Windows\SysWOW64\linkinfo.dll - ok
15:02:58.0876 3172 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
15:02:58.0876 3172 C:\Windows\System32\mapi32.dll - ok
15:02:58.0881 3172 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
15:02:58.0881 3172 C:\Windows\System32\ie4uinit.exe - ok
15:02:58.0886 3172 [ 28EC1ABDCEECA1DCD3B62A0322D539EC ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\uiAlert.dll
15:02:58.0886 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\uiAlert.dll - ok
15:02:58.0890 3172 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
15:02:58.0890 3172 C:\Windows\System32\iedkcs32.dll - ok
15:02:58.0896 3172 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\SysWOW64\authz.dll
15:02:58.0896 3172 C:\Windows\SysWOW64\authz.dll - ok
15:02:58.0900 3172 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\SysWOW64\SndVolSSO.dll
15:02:58.0900 3172 C:\Windows\SysWOW64\SndVolSSO.dll - ok
15:02:58.0905 3172 [ C3766FC99AC75F205355135F12AF3FA5 ] C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\UserCtxt.dll
15:02:58.0905 3172 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\UserCtxt.dll - ok
15:02:58.0907 3172 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
15:02:58.0908 3172 C:\Windows\SysWOW64\hid.dll - ok
15:02:58.0911 3172 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
15:02:58.0911 3172 C:\Windows\SysWOW64\MMDevAPI.dll - ok
15:02:58.0915 3172 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\SysWOW64\timedate.cpl
15:02:58.0916 3172 C:\Windows\SysWOW64\timedate.cpl - ok
15:02:58.0920 3172 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
15:02:58.0920 3172 C:\Windows\System32\timedate.cpl - ok
15:02:58.0924 3172 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
15:02:58.0924 3172 C:\Windows\System32\actxprxy.dll - ok
15:02:58.0929 3172 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
15:02:58.0929 3172 C:\Windows\System32\shdocvw.dll - ok
15:02:58.0933 3172 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
15:02:58.0933 3172 C:\Windows\System32\linkinfo.dll - ok
15:02:58.0938 3172 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\SysWOW64\shacct.dll
15:02:58.0938 3172 C:\Windows\SysWOW64\shacct.dll - ok
15:02:58.0941 3172 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
15:02:58.0941 3172 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
15:02:58.0946 3172 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\SysWOW64\msftedit.dll
15:02:58.0946 3172 C:\Windows\SysWOW64\msftedit.dll - ok
15:02:58.0951 3172 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
15:02:58.0951 3172 C:\Windows\System32\msftedit.dll - ok
15:02:58.0956 3172 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
15:02:58.0956 3172 C:\Windows\SysWOW64\msls31.dll - ok
15:02:58.0960 3172 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
15:02:58.0960 3172 C:\Windows\System32\msls31.dll - ok
15:02:58.0964 3172 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\SysWOW64\gameux.dll
15:02:58.0965 3172 C:\Windows\SysWOW64\gameux.dll - ok
15:02:58.0969 3172 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
15:02:58.0969 3172 C:\Windows\System32\gameux.dll - ok
15:02:58.0974 3172 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
15:02:58.0974 3172 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
15:02:58.0978 3172 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\SysWOW64\authui.dll
15:02:58.0978 3172 C:\Windows\SysWOW64\authui.dll - ok
15:02:58.0982 3172 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
15:02:58.0982 3172 C:\Windows\SysWOW64\cryptui.dll - ok
15:02:58.0985 3172 [ D007799BCE71206A5783DD510D4BC36A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:02:58.0985 3172 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
15:02:58.0989 3172 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
15:02:58.0989 3172 C:\Windows\System32\DeviceCenter.dll - ok
15:02:58.0994 3172 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\90566995.sys
15:02:58.0994 3172 C:\Windows\System32\drivers\90566995.sys - ok
15:02:58.0998 3172 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
15:02:58.0998 3172 C:\Windows\System32\ieframe.dll - ok
15:02:59.0002 3172 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
15:02:59.0002 3172 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
15:02:59.0008 3172 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\SysWOW64\rundll32.exe
15:02:59.0008 3172 C:\Windows\SysWOW64\rundll32.exe - ok
15:02:59.0013 3172 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\SysWOW64\msiltcfg.dll
15:02:59.0013 3172 C:\Windows\SysWOW64\msiltcfg.dll - ok
15:02:59.0017 3172 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
15:02:59.0017 3172 C:\Windows\System32\dsound.dll - ok
15:02:59.0021 3172 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
15:02:59.0021 3172 C:\Windows\System32\msiltcfg.dll - ok
15:02:59.0025 3172 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
15:02:59.0025 3172 C:\Windows\System32\msi.dll - ok
15:02:59.0030 3172 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
15:02:59.0030 3172 C:\Windows\System32\rundll32.exe - ok
15:02:59.0034 3172 [ AD7EEEF83189209B991049E259C8CB5A ] C:\Windows\System32\SBAVMon.dll
15:02:59.0034 3172 C:\Windows\System32\SBAVMon.dll - ok
15:02:59.0039 3172 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\SysWOW64\opengl32.dll
15:02:59.0039 3172 C:\Windows\SysWOW64\opengl32.dll - ok
15:02:59.0043 3172 [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
15:02:59.0043 3172 C:\Windows\System32\opengl32.dll - ok
15:02:59.0047 3172 [ 505F03C9B60B104107C83A3402850E19 ] C:\Windows\System32\CmdRtr64.DLL
15:02:59.0047 3172 C:\Windows\System32\CmdRtr64.DLL - ok
15:02:59.0051 3172 [ C873F915B8C7FFB75A321A914BF438FB ] C:\Windows\System32\APOMgr64.DLL
15:02:59.0051 3172 C:\Windows\System32\APOMgr64.DLL - ok
15:02:59.0056 3172 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\SysWOW64\glu32.dll
15:02:59.0056 3172 C:\Windows\SysWOW64\glu32.dll - ok
15:02:59.0060 3172 [ 68FF91952711788439C7CE477A63CD72 ] C:\Windows\System32\KSVSPI64.dll
15:02:59.0060 3172 C:\Windows\System32\KSVSPI64.dll - ok
15:02:59.0065 3172 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\SysWOW64\networkexplorer.dll
15:02:59.0065 3172 C:\Windows\SysWOW64\networkexplorer.dll - ok
15:02:59.0069 3172 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
15:02:59.0069 3172 C:\Windows\SysWOW64\AudioSes.dll - ok
15:02:59.0073 3172 [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
15:02:59.0073 3172 C:\Windows\System32\glu32.dll - ok
15:02:59.0077 3172 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
15:02:59.0077 3172 C:\Windows\SysWOW64\ddraw.dll - ok
15:02:59.0082 3172 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
15:02:59.0082 3172 C:\Windows\System32\networkexplorer.dll - ok
15:02:59.0087 3172 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
15:02:59.0087 3172 C:\Windows\System32\ddraw.dll - ok
15:02:59.0090 3172 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
15:02:59.0090 3172 C:\Windows\SysWOW64\dciman32.dll - ok
15:02:59.0095 3172 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
15:02:59.0095 3172 C:\Windows\System32\dciman32.dll - ok
15:02:59.0098 3172 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
15:02:59.0098 3172 C:\Windows\SysWOW64\oledlg.dll - ok
15:02:59.0102 3172 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\SysWOW64\thumbcache.dll
15:02:59.0102 3172 C:\Windows\SysWOW64\thumbcache.dll - ok
15:02:59.0106 3172 [ B8D06346FADEEB85898F5EF05DE5DE73 ] C:\Program Files (x86)\DAP\DAP.exe
15:02:59.0106 3172 C:\Program Files (x86)\DAP\DAP.exe - ok
15:02:59.0110 3172 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
15:02:59.0110 3172 C:\Windows\System32\oledlg.dll - ok
15:02:59.0113 3172 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
15:02:59.0113 3172 C:\Windows\System32\thumbcache.dll - ok
15:02:59.0117 3172 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\SysWOW64\UIAnimation.dll
15:02:59.0117 3172 C:\Windows\SysWOW64\UIAnimation.dll - ok
15:02:59.0121 3172 [ 0805289E121F3E3C458C970B08314EB2 ] C:\Windows\System32\RtkCfg64.dll
15:02:59.0121 3172 C:\Windows\System32\RtkCfg64.dll - ok
15:02:59.0125 3172 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
15:02:59.0125 3172 C:\Windows\System32\UIAnimation.dll - ok
15:02:59.0129 3172 [ BF7DDBE14FA4B68AAB6A3C78EF5C96B8 ] C:\Windows\SysWOW64\inetmib1.dll
15:02:59.0129 3172 C:\Windows\SysWOW64\inetmib1.dll - ok
15:02:59.0135 3172 [ 2C1EF6485EEB834187FC69556A64EAFE ] C:\Program Files (x86)\uTorrent\uTorrent.exe
15:02:59.0135 3172 C:\Program Files (x86)\uTorrent\uTorrent.exe - ok
15:02:59.0140 3172 [ BAE541DA859606E5EE7360946755032B ] C:\Windows\System32\RtkAPO64.dll
15:02:59.0140 3172 C:\Windows\System32\RtkAPO64.dll - ok
15:02:59.0145 3172 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\SysWOW64\AudioEng.dll
15:02:59.0145 3172 C:\Windows\SysWOW64\AudioEng.dll - ok
15:02:59.0148 3172 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\SysWOW64\wdmaud.drv
15:02:59.0148 3172 C:\Windows\SysWOW64\wdmaud.drv - ok
15:02:59.0152 3172 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
15:02:59.0152 3172 C:\Windows\SysWOW64\avrt.dll - ok
15:02:59.0156 3172 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
15:02:59.0156 3172 C:\Windows\System32\wdmaud.drv - ok
15:02:59.0161 3172 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
15:02:59.0161 3172 C:\Windows\SysWOW64\ksuser.dll - ok
15:02:59.0165 3172 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
15:02:59.0165 3172 C:\Windows\SysWOW64\dllhost.exe - ok
15:02:59.0168 3172 [ 8FEDBE7A5D3E5F91FD4B96DAFA4DD197 ] C:\Users\Erin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
15:02:59.0168 3172 C:\Users\Erin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe - ok
15:02:59.0173 3172 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\SysWOW64\stobject.dll
15:02:59.0173 3172 C:\Windows\SysWOW64\stobject.dll - ok
15:02:59.0178 3172 [ 4965107D112666D3835308A831A29274 ] C:\Program Files (x86)\DAP\zlib.dll
15:02:59.0178 3172 C:\Program Files (x86)\DAP\zlib.dll - ok
15:02:59.0181 3172 [ FCC8F25A5F5A4D6BD57D917DB7A00D78 ] C:\Windows\SysWOW64\crtdll.dll
15:02:59.0181 3172 C:\Windows\SysWOW64\crtdll.dll - ok
15:02:59.0185 3172 [ FBB160D9FC7BA584B627E0267D0B8043 ] C:\Program Files (x86)\DAP\libeay32.dll
15:02:59.0185 3172 C:\Program Files (x86)\DAP\libeay32.dll - ok
15:02:59.0190 3172 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
15:02:59.0190 3172 C:\Windows\System32\stobject.dll - ok
15:02:59.0194 3172 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\SysWOW64\batmeter.dll
15:02:59.0194 3172 C:\Windows\SysWOW64\batmeter.dll - ok
15:02:59.0198 3172 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
15:02:59.0198 3172 C:\Windows\SysWOW64\wsock32.dll - ok
15:02:59.0201 3172 [ 3B5F0BF4125688A531FA21C823EA6193 ] C:\Program Files (x86)\DAP\dbghelp.dll
15:02:59.0201 3172 C:\Program Files (x86)\DAP\dbghelp.dll - ok
15:02:59.0207 3172 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
15:02:59.0207 3172 C:\Windows\System32\batmeter.dll - ok
15:02:59.0211 3172 [ 24CAEDCD73B5B0E22226283B7B2468C7 ] C:\Windows\SysWOW64\mfc42u.dll
15:02:59.0211 3172 C:\Windows\SysWOW64\mfc42u.dll - ok
15:02:59.0215 3172 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\SysWOW64\hnetcfg.dll
15:02:59.0215 3172 C:\Windows\SysWOW64\hnetcfg.dll - ok
15:02:59.0220 3172 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
15:02:59.0220 3172 C:\Windows\SysWOW64\msacm32.drv - ok
15:02:59.0225 3172 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
15:02:59.0225 3172 C:\Windows\SysWOW64\odbc32.dll - ok
15:02:59.0229 3172 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
15:02:59.0229 3172 C:\Windows\System32\msacm32.drv - ok
15:02:59.0234 3172 [ 24B1666FD14CC71C7B0679AC61625B90 ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
15:02:59.0234 3172 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe - ok
15:02:59.0238 3172 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
15:02:59.0238 3172 C:\Windows\SysWOW64\msacm32.dll - ok
15:02:59.0243 3172 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
15:02:59.0243 3172 C:\Windows\SysWOW64\odbcint.dll - ok
15:02:59.0247 3172 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
15:02:59.0247 3172 C:\Windows\System32\msacm32.dll - ok
15:02:59.0253 3172 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
15:02:59.0253 3172 C:\Windows\SysWOW64\midimap.dll - ok
15:02:59.0257 3172 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
15:02:59.0257 3172 C:\Windows\SysWOW64\npmproxy.dll - ok
15:02:59.0261 3172 [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\SysWOW64\msvcp60.dll
15:02:59.0261 3172 C:\Windows\SysWOW64\msvcp60.dll - ok
15:02:59.0265 3172 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
15:02:59.0265 3172 C:\Windows\System32\midimap.dll - ok
15:02:59.0271 3172 [ F7DCE54077EE9D8A351C4B1FFA866EE7 ] C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
15:02:59.0271 3172 C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ok
15:02:59.0276 3172 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\SysWOW64\IconCodecService.dll
15:02:59.0276 3172 C:\Windows\SysWOW64\IconCodecService.dll - ok
15:02:59.0281 3172 [ 93DB1FF92B03D24738A71E6E4992DFD3 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:02:59.0281 3172 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
15:02:59.0285 3172 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
15:02:59.0285 3172 C:\Windows\System32\prnfldr.dll - ok
15:02:59.0289 3172 [ B8E421C0890356CD4A793D8A346D9096 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:02:59.0289 3172 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
15:02:59.0294 3172 [ 11E8D8272FDBE213ADE3DAD91427CE35 ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
15:02:59.0294 3172 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe - ok
15:02:59.0298 3172 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
15:02:59.0298 3172 C:\Windows\System32\DXP.dll - ok
15:02:59.0303 3172 [ B5506B451BFE7148ECA7056BDA2970BD ] C:\Windows\SysWOW64\riched32.dll
15:02:59.0303 3172 C:\Windows\SysWOW64\riched32.dll - ok
15:02:59.0308 3172 [ 0E67B5018A7FEA608D46466EDCAC89C1 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
15:02:59.0309 3172 C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe - ok
15:02:59.0313 3172 [ E1B152251BD9D60D46DC19C0371F846E ] C:\Program Files (x86)\DAP\dapres32.dll
15:02:59.0313 3172 C:\Program Files (x86)\DAP\dapres32.dll - ok
15:02:59.0317 3172 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\SysWOW64\Syncreg.dll
15:02:59.0317 3172 C:\Windows\SysWOW64\Syncreg.dll - ok
15:02:59.0321 3172 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
15:02:59.0321 3172 C:\Windows\System32\Syncreg.dll - ok
15:02:59.0326 3172 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
15:02:59.0327 3172 C:\Windows\ehome\ehSSO.dll - ok
15:02:59.0331 3172 [ F24A3379567365B1CD4E9167ADF4B763 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTAudSeu.dll
15:02:59.0331 3172 C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTAudSeu.dll - ok
15:02:59.0337 3172 [ FE1897800D8FCA8579CCABC83A0CA181 ] C:\Program Files\WinRAR\WinRAR.exe
15:02:59.0337 3172 C:\Program Files\WinRAR\WinRAR.exe - ok
15:02:59.0342 3172 [ F5BCE1C11BA2F018E07C3BB6CA4EC3F6 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTAudEp.dll
15:02:59.0342 3172 C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTAudEp.dll - ok
15:02:59.0346 3172 [ 2337EC951C4AF6E1AF65D10BD9615BEB ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
15:02:59.0346 3172 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin - ok
15:02:59.0350 3172 [ F0244A52289E8229E66E18978EDA9D27 ] C:\Program Files (x86)\Norton Internet Security\Engine64\19.1.0.28\uiStub.exe
15:02:59.0350 3172 C:\Program Files (x86)\Norton Internet Security\Engine64\19.1.0.28\uiStub.exe - ok
15:02:59.0356 3172 [ 49580D70135C05F8E1C19B8EBFE01D37 ] C:\Program Files (x86)\DAP\MCMgr.dll
15:02:59.0356 3172 C:\Program Files (x86)\DAP\MCMgr.dll - ok
15:02:59.0360 3172 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\SysWOW64\netshell.dll
15:02:59.0360 3172 C:\Windows\SysWOW64\netshell.dll - ok
15:02:59.0365 3172 [ ABAAC2BDA49E97F2682E777036E02DB0 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTIniFu.dll
15:02:59.0365 3172 C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTIniFu.dll - ok
15:02:59.0368 3172 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\SysWOW64\WPDShServiceObj.dll
15:02:59.0369 3172 C:\Windows\SysWOW64\WPDShServiceObj.dll - ok
15:02:59.0374 3172 [ 45406FFD87F6BA4345B018E303A64FF1 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\wlidcli.dll
15:02:59.0374 3172 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\wlidcli.dll - ok
15:02:59.0378 3172 [ A190DA6546501CB4146BBCC0B6A3F48B ] C:\Windows\System32\msiexec.exe
15:02:59.0378 3172 C:\Windows\System32\msiexec.exe - ok
15:02:59.0383 3172 [ FD0D2E1FAEBAE5031BE2EB8000D973F1 ] C:\Program Files\Internet Explorer\iexplore.exe
15:02:59.0383 3172 C:\Program Files\Internet Explorer\iexplore.exe - ok
15:02:59.0387 3172 [ 12DA3A7A6F5A899A391D73863501787A ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
15:02:59.0387 3172 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll - ok
15:02:59.0393 3172 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
15:02:59.0397 3172 C:\Windows\System32\WPDShServiceObj.dll - ok
15:02:59.0400 3172 [ 8E6ECAE52FD4E8C9F83673D3308E8EA6 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanel.crl
15:02:59.0400 3172 C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanel.crl - ok
15:02:59.0405 3172 [ 746394A3A96CCB5C7DCF5F0494A12122 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
15:02:59.0405 3172 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll - ok
15:02:59.0407 3172 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\SysWOW64\PortableDeviceTypes.dll
15:02:59.0407 3172 C:\Windows\SysWOW64\PortableDeviceTypes.dll - ok
15:02:59.0413 3172 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
15:02:59.0413 3172 C:\Windows\SysWOW64\sxs.dll - ok
15:02:59.0418 3172 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
15:02:59.0418 3172 C:\Windows\System32\PortableDeviceTypes.dll - ok
15:02:59.0423 3172 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\SysWOW64\WinSCard.dll
15:02:59.0423 3172 C:\Windows\SysWOW64\WinSCard.dll - ok
15:02:59.0427 3172 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\SysWOW64\AltTab.dll
15:02:59.0427 3172 C:\Windows\SysWOW64\AltTab.dll - ok
15:02:59.0431 3172 [ 3329E733706B889DE2AF3E01732B0EFE ] C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadiEp.dll
15:02:59.0431 3172 C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadiEp.dll - ok
15:02:59.0436 3172 [ D25C90F166CB25DCB85755F3DAA984B3 ] C:\Program Files (x86)\Windows Live\Shared\wldlog.dll
15:02:59.0437 3172 C:\Program Files (x86)\Windows Live\Shared\wldlog.dll - ok
15:02:59.0440 3172 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
15:02:59.0440 3172 C:\Windows\System32\AltTab.dll - ok
15:02:59.0444 3172 [ FE02416988970A924C302C8E448BB703 ] C:\Windows\SysWOW64\CmdRtr.DLL
15:02:59.0444 3172 C:\Windows\SysWOW64\CmdRtr.DLL - ok
15:02:59.0447 3172 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\SysWOW64\PortableDeviceApi.dll
15:02:59.0447 3172 C:\Windows\SysWOW64\PortableDeviceApi.dll - ok
15:02:59.0451 3172 [ 145562A6AF82E172D793AB6B00F23399 ] C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
15:02:59.0451 3172 C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll - ok
15:02:59.0456 3172 [ 07F649CD36F266BBE33B814FA678AA43 ] C:\Windows\SysWOW64\mshtml.dll
15:02:59.0456 3172 C:\Windows\SysWOW64\mshtml.dll - ok
15:02:59.0460 3172 [ 8EB5E95365AC5796E0C8175267D50744 ] C:\Program Files (x86)\Windows Live\Messenger\shareanything.dll
15:02:59.0460 3172 C:\Program Files (x86)\Windows Live\Messenger\shareanything.dll - ok
15:02:59.0464 3172 [ FB988877749721FBE134C2580C412F53 ] C:\Users\Erin\Desktop\winrar-x64-420.exe
15:02:59.0464 3172 C:\Users\Erin\Desktop\winrar-x64-420.exe - ok
15:02:59.0470 3172 [ 5C80A403B02097768673B0A41BF00B8E ] C:\Windows\SysWOW64\APOMngr.DLL
15:02:59.0470 3172 C:\Windows\SysWOW64\APOMngr.DLL - ok
15:02:59.0475 3172 [ 62452E21B792EBB4CCCE082178E3A2EC ] C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll
15:02:59.0475 3172 C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll - ok
15:02:59.0478 3172 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\SysWOW64\pnidui.dll
15:02:59.0478 3172 C:\Windows\SysWOW64\pnidui.dll - ok
15:02:59.0484 3172 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
15:02:59.0484 3172 C:\Windows\System32\pnidui.dll - ok
15:02:59.0488 3172 [ ACEB5E6F416223806421D8864FC0EEB4 ] C:\Program Files (x86)\Windows Live\Shared\uxcore.dll
15:02:59.0488 3172 C:\Program Files (x86)\Windows Live\Shared\uxcore.dll - ok
15:02:59.0494 3172 [ 31FEB1D9EE837AB4135B71DEAF9857D6 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
15:02:59.0494 3172 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll - ok
15:02:59.0497 3172 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\SysWOW64\QUTIL.DLL
15:02:59.0497 3172 C:\Windows\SysWOW64\QUTIL.DLL - ok
15:02:59.0502 3172 [ 741448D25D25ADE4AF58CCDC3BCAFAF5 ] C:\Windows\SysWOW64\KSVSPI32.dll
15:02:59.0502 3172 C:\Windows\SysWOW64\KSVSPI32.dll - ok
15:02:59.0507 3172 [ 59F00BD027D5E634D002013E86870227 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
15:02:59.0507 3172 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll - ok
15:02:59.0511 3172 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
15:02:59.0511 3172 C:\Windows\System32\QUTIL.DLL - ok
15:02:59.0515 3172 [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\SysWOW64\d2d1.dll
15:02:59.0515 3172 C:\Windows\SysWOW64\d2d1.dll - ok
15:02:59.0520 3172 [ 6B3E799939DBE197FC0B5C26744ADA80 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
15:02:59.0520 3172 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll - ok
15:02:59.0524 3172 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
15:02:59.0524 3172 C:\Windows\SysWOW64\netprofm.dll - ok
15:02:59.0528 3172 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\SysWOW64\srchadmin.dll
15:02:59.0529 3172 C:\Windows\SysWOW64\srchadmin.dll - ok
15:02:59.0534 3172 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\SysWOW64\d3d10_1.dll
15:02:59.0534 3172 C:\Windows\SysWOW64\d3d10_1.dll - ok
15:02:59.0538 3172 [ 49CFB397EBDA20EEC4CCB24DDB89D53C ] C:\Windows\SysWOW64\KSAPO32.dll
15:02:59.0538 3172 C:\Windows\SysWOW64\KSAPO32.dll - ok
15:02:59.0542 3172 [ 9D8838B0D9395AE3AD6DCA065034F470 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
15:02:59.0542 3172 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll - ok
15:02:59.0547 3172 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
15:02:59.0547 3172 C:\Windows\System32\srchadmin.dll - ok
15:02:59.0551 3172 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\SysWOW64\d3d10_1core.dll
15:02:59.0551 3172 C:\Windows\SysWOW64\d3d10_1core.dll - ok
15:02:59.0556 3172 [ 385694549E625977B0B938B3C049A41B ] C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
15:02:59.0556 3172 C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll - ok
15:02:59.0561 3172 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\SysWOW64\taskschd.dll
15:02:59.0561 3172 C:\Windows\SysWOW64\taskschd.dll - ok
15:02:59.0565 3172 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\SysWOW64\dxgi.dll
15:02:59.0565 3172 C:\Windows\SysWOW64\dxgi.dll - ok
15:02:59.0570 3172 [ 100C60AB554ED4D5FF061DA146236C6A ] C:\Program Files (x86)\Creative\ShareDLL\CADI\DBACS.dll
15:02:59.0570 3172 C:\Program Files (x86)\Creative\ShareDLL\CADI\DBACS.dll - ok
15:02:59.0574 3172 [ 499AD7C15EB42835AE15657B4D4916F5 ] C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
15:02:59.0575 3172 C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll - ok
15:02:59.0579 3172 [ 1AA571774936717EE776DBED51E9EDF4 ] C:\Windows\SysWOW64\d3dx10_41.dll
15:02:59.0579 3172 C:\Windows\SysWOW64\d3dx10_41.dll - ok
15:02:59.0582 3172 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
15:02:59.0582 3172 C:\Windows\System32\FXSST.dll - ok
15:02:59.0586 3172 [ 3494C165F17A9C417E47552D40E99A88 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
15:02:59.0586 3172 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
15:02:59.0590 3172 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\SysWOW64\FXSAPI.dll
15:02:59.0590 3172 C:\Windows\SysWOW64\FXSAPI.dll - ok
15:02:59.0593 3172 [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\SysWOW64\DWrite.dll
15:02:59.0593 3172 C:\Windows\SysWOW64\DWrite.dll - ok
15:02:59.0597 3172 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
15:02:59.0597 3172 C:\Windows\SysWOW64\mlang.dll - ok
15:02:59.0600 3172 [ 7CAF76BA1EB0B458A25F4778C3954CF2 ] C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll
15:02:59.0601 3172 C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll - ok
15:02:59.0606 3172 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
15:02:59.0606 3172 C:\Windows\System32\FXSAPI.dll - ok
15:02:59.0609 3172 [ 60283A3B8EAB8FE967AE06BD0D6056ED ] C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll
15:02:59.0609 3172 C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll - ok
15:02:59.0615 3172 [ 9DBD149CAF43D2E7C874C5F40600825C ] C:\Program Files (x86)\Windows Live\Shared\wldcore.dll
15:02:59.0615 3172 C:\Program Files (x86)\Windows Live\Shared\wldcore.dll - ok
15:02:59.0620 3172 [ C8841EF9357DD13468CDAFC28BFBC86F ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
15:02:59.0620 3172 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
15:02:59.0624 3172 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\SysWOW64\FXSRESM.dll
15:02:59.0624 3172 C:\Windows\SysWOW64\FXSRESM.dll - ok
15:02:59.0628 3172 [ 334C89A0EE2BA50D451680C0975BAF6F ] C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
15:02:59.0628 3172 C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll - ok
15:02:59.0632 3172 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
15:02:59.0632 3172 C:\Windows\SysWOW64\msimtf.dll - ok
15:02:59.0638 3172 [ 51AE7FB541762F4E66303146E03AD15C ] C:\Program Files (x86)\Windows Live\Shared\uxctl.dll
15:02:59.0638 3172 C:\Program Files (x86)\Windows Live\Shared\uxctl.dll - ok
15:02:59.0643 3172 [ EBEF2F4C992886EE621F949E2F9E189D ] C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll
15:02:59.0643 3172 C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll - ok
15:02:59.0647 3172 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
15:02:59.0647 3172 C:\Windows\System32\FXSRESM.dll - ok
15:02:59.0653 3172 [ 18C49CF5352BF8DE47BD2B1E5A912886 ] C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll
15:02:59.0653 3172 C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll - ok
15:02:59.0657 3172 [ 829A47BDC6A19C53D6630B7192FB20BA ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
15:02:59.0657 3172 C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll - ok
15:02:59.0660 3172 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\SysWOW64\bthprops.cpl
15:02:59.0660 3172 C:\Windows\SysWOW64\bthprops.cpl - ok
15:02:59.0665 3172 [ D779D935A3109B2D20FD84EA097E3E4A ] C:\Program Files (x86)\Windows Live\Shared\uxcalendar.dll
15:02:59.0665 3172 C:\Program Files (x86)\Windows Live\Shared\uxcalendar.dll - ok
15:02:59.0670 3172 [ 19080C1203569E19F0A81AB6D2B4C783 ] C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
15:02:59.0670 3172 C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll - ok
15:02:59.0675 3172 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
15:02:59.0675 3172 C:\Windows\System32\FntCache.dll - ok
15:02:59.0679 3172 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
15:02:59.0679 3172 C:\Windows\System32\bthprops.cpl - ok
15:02:59.0684 3172 [ EB24684437EC448D680A7CACBDE94C94 ] C:\Program Files (x86)\Windows Live\Shared\wlidux.dll
15:02:59.0684 3172 C:\Program Files (x86)\Windows Live\Shared\wlidux.dll - ok
15:02:59.0688 3172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
15:02:59.0688 3172 C:\Windows\System32\FXSSVC.exe - ok
15:02:59.0692 3172 [ F35945FEA89586BF2FEBF78460D65FD2 ] C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
15:02:59.0692 3172 C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll - ok
15:02:59.0696 3172 [ B3DD214F23037E3D3C27D6C9447B40B5 ] C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
15:02:59.0696 3172 C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe - ok
15:02:59.0699 3172 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\SysWOW64\webcheck.dll
15:02:59.0700 3172 C:\Windows\SysWOW64\webcheck.dll - ok
15:02:59.0705 3172 [ ED27D1D75BF5E683AD3EDD9E3123520A ] C:\Windows\SysWOW64\inetcomm.dll
15:02:59.0705 3172 C:\Windows\SysWOW64\inetcomm.dll - ok
15:02:59.0710 3172 [ BC38C1FC933097B20411755E10544BED ] C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll
15:02:59.0710 3172 C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll - ok
15:02:59.0713 3172 [ EEE470F2A771FC0B543BDEEF74FCECA0 ] C:\Windows\SysWOW64\msiexec.exe
15:02:59.0713 3172 C:\Windows\SysWOW64\msiexec.exe - ok
15:02:59.0718 3172 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
15:02:59.0719 3172 C:\Windows\System32\webcheck.dll - ok
15:02:59.0724 3172 [ BC50A1F7930E9A4BBE954B498051D4ED ] C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
15:02:59.0724 3172 C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll - ok
15:02:59.0728 3172 [ B7592E80772071D66336B3EC9B82101D ] C:\Windows\SysWOW64\msoert2.dll
15:02:59.0728 3172 C:\Windows\SysWOW64\msoert2.dll - ok
15:02:59.0734 3172 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
15:02:59.0734 3172 C:\Windows\System32\mlang.dll - ok
15:02:59.0739 3172 [ 9CB30A4E79BE55751312991DE827F6ED ] C:\Windows\SysWOW64\INETRES.dll
15:02:59.0739 3172 C:\Windows\SysWOW64\INETRES.dll - ok
15:02:59.0744 3172 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\SysWOW64\SyncCenter.dll
15:02:59.0744 3172 C:\Windows\SysWOW64\SyncCenter.dll - ok
15:02:59.0747 3172 [ 78B7A3BDA25C90DAA50D36A56A8D1351 ] C:\Windows\SysWOW64\d3d10warp.dll
15:02:59.0748 3172 C:\Windows\SysWOW64\d3d10warp.dll - ok
15:02:59.0754 3172 [ B91BAE6DC88CC16635720908045CCAB1 ] C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll
15:02:59.0754 3172 C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll - ok
15:02:59.0758 3172 [ 2844B27C141BB34680CDEA9457610346 ] C:\Program Files (x86)\DAP\dapm_Context_search.dll
15:02:59.0758 3172 C:\Program Files (x86)\DAP\dapm_Context_search.dll - ok
15:02:59.0762 3172 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
15:02:59.0762 3172 C:\Windows\System32\SyncCenter.dll - ok
15:02:59.0766 3172 [ AFF3C845926422E135A08AE474DE27EA ] C:\Program Files (x86)\Windows Live\Messenger\msgrvsta.thm
15:02:59.0766 3172 C:\Program Files (x86)\Windows Live\Messenger\msgrvsta.thm - ok
15:02:59.0769 3172 [ D0B93951F17DF64F5E8D025BA56D2CA3 ] C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll
15:02:59.0770 3172 C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll - ok
15:02:59.0774 3172 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\SysWOW64\imapi2.dll
15:02:59.0774 3172 C:\Windows\SysWOW64\imapi2.dll - ok
15:02:59.0778 3172 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
15:02:59.0778 3172 C:\Windows\SysWOW64\mfc42.dll - ok
15:02:59.0783 3172 [ EB7368D501B9D22E777F6011F72F60FE ] C:\Program Files (x86)\Windows Live\Messenger\en\msgslang.dll.mui
15:02:59.0783 3172 C:\Program Files (x86)\Windows Live\Messenger\en\msgslang.dll.mui - ok
15:02:59.0787 3172 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
15:02:59.0787 3172 C:\Windows\System32\imapi2.dll - ok
15:02:59.0791 3172 [ 649ED39CA880B4CC5602D80931FF8817 ] C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll
15:02:59.0791 3172 C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll - ok
15:02:59.0796 3172 [ 0A80BCB8F584E98B1B912A3ACB5EF17C ] C:\ProgramData\SpeedBit\DAP\SDCondition.dll
15:02:59.0796 3172 C:\ProgramData\SpeedBit\DAP\SDCondition.dll - ok
15:02:59.0801 3172 [ 365E96584583C9FAE85953BD1A2D9850 ] C:\Windows\SysWOW64\nvd3dum.dll
15:02:59.0801 3172 C:\Windows\SysWOW64\nvd3dum.dll - ok
15:02:59.0807 3172 [ 355292F3541F1324894544452DBCC129 ] C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll
15:02:59.0807 3172 C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll - ok
15:02:59.0811 3172 [ 357E38CAE32AA5BD847D8A4B2CCEC8EF ] C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadi.dll
15:02:59.0811 3172 C:\Program Files (x86)\Creative\ShareDLL\CADI\CtCadi.dll - ok
15:02:59.0816 3172 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
15:02:59.0816 3172 C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll - ok
15:02:59.0822 3172 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\SysWOW64\ncsi.dll
15:02:59.0822 3172 C:\Windows\SysWOW64\ncsi.dll - ok
15:02:59.0826 3172 [ D31B0E09BA644A8B7B797713FFAA80D5 ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTThemeu.dll
15:02:59.0826 3172 C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CTThemeu.dll - ok
15:02:59.0831 3172 [ EA40A80D3AA7E9F10EEF56C845733BE4 ] C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll
15:02:59.0831 3172 C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll - ok
15:02:59.0836 3172 [ 7672B66E9BDA3FD7B3B54857B4C305AC ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CtrlSrcu.dll
15:02:59.0836 3172 C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\CtrlSrcu.dll - ok
15:02:59.0842 3172 [ AB2B5681C9837EE6F8E13238712DB72B ] C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
15:02:59.0842 3172 C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll - ok
15:02:59.0846 3172 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files (x86)\Windows Live\Shared\sqmapi.dll
15:02:59.0846 3172 C:\Program Files (x86)\Windows Live\Shared\sqmapi.dll - ok
15:02:59.0851 3172 [ 153DDCAF0A632F4FB3E08C294B884C12 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
15:02:59.0851 3172 C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll - ok
15:02:59.0857 3172 [ BFD17358837F27235BFC1640905C683C ] C:\Program Files (x86)\Windows Live\Contacts\PresenceIM.dll
15:02:59.0857 3172 C:\Program Files (x86)\Windows Live\Contacts\PresenceIM.dll - ok
15:02:59.0862 3172 [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe
15:02:59.0862 3172 C:\Windows\System32\calc.exe - ok
15:02:59.0866 3172 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\SysWOW64\hgcpl.dll
15:02:59.0866 3172 C:\Windows\SysWOW64\hgcpl.dll - ok
15:02:59.0872 3172 [ 0FA42CE74DCD36F149C0BA9BAC5C0FE0 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
15:02:59.0872 3172 C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll - ok
15:02:59.0876 3172 [ 1E89A53DCBFFD0A165A54CA5967231B0 ] C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
15:02:59.0876 3172 C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll - ok
15:02:59.0880 3172 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
15:02:59.0880 3172 C:\Windows\System32\hgcpl.dll - ok
15:02:59.0884 3172 [ B8956806B33366E28C08C261E746B0B8 ] C:\Program Files (x86)\Windows Live\Contacts\livetransport.dll
15:02:59.0884 3172 C:\Program Files (x86)\Windows Live\Contacts\livetransport.dll - ok
15:02:59.0889 3172 [ 5FC37C4C3AC6A7E7C672DB693C4EBD6F ] C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
15:02:59.0889 3172 C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll - ok
15:02:59.0893 3172 [ 715BFF236158F61C042928A53C0D5AA8 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
15:02:59.0893 3172 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
15:02:59.0897 3172 [ E301F09BEB39DAF997D6609C5913599F ] C:\Program Files (x86)\Windows Live\Contacts\liveNatTrav.dll
15:02:59.0897 3172 C:\Program Files (x86)\Windows Live\Contacts\liveNatTrav.dll - ok
15:02:59.0900 3172 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\SysWOW64\provsvc.dll
15:02:59.0900 3172 C:\Windows\SysWOW64\provsvc.dll - ok
15:02:59.0906 3172 [ 531E3414858A817152EDEDE9C1BF9DE3 ] C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll
15:02:59.0906 3172 C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll - ok
15:02:59.0909 3172 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\SysWOW64\rasdlg.dll
15:02:59.0909 3172 C:\Windows\SysWOW64\rasdlg.dll - ok
15:02:59.0914 3172 [ 39D8EAA29CC2CC144E2B1214FA774F6A ] C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll
15:02:59.0914 3172 C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll - ok
15:02:59.0918 3172 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
15:02:59.0918 3172 C:\Windows\System32\rasdlg.dll - ok
15:02:59.0924 3172 [ 458F4590F80563EB2A0A72709BFC2BD9 ] C:\Windows\System32\mspaint.exe
15:02:59.0924 3172 C:\Windows\System32\mspaint.exe - ok
15:02:59.0928 3172 [ 2CE4482AF34B3C6911F258B5D491AC99 ] C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
15:02:59.0928 3172 C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll - ok
15:02:59.0932 3172 [ EE9E62366A80D0271DDEEA5A86C3EE6E ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
15:02:59.0932 3172 C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll - ok
15:02:59.0936 3172 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\SysWOW64\mprapi.dll
15:02:59.0936 3172 C:\Windows\SysWOW64\mprapi.dll - ok
15:02:59.0939 3172 [ 38A8A45A82340D1383E260AC36D67EB0 ] C:\Windows\SysWOW64\nvwgf2um.dll
15:02:59.0939 3172 C:\Windows\SysWOW64\nvwgf2um.dll - ok
15:02:59.0942 3172 ============================================================
15:02:59.0942 3172 Scan finished
15:02:59.0942 3172 ============================================================
15:02:59.0954 2780 Detected object count: 0
15:02:59.0954 2780 Actual detected object count: 0
15:07:58.0096 3752 Deinitialize success


And the aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-22 15:27:40
-----------------------------
15:27:40.395 OS Version: Windows x64 6.1.7601 Service Pack 1
15:27:40.395 Number of processors: 4 586 0xF0B
15:27:40.399 ComputerName: ERIN-PC UserName: Erin
15:27:42.344 Initialize success
15:28:48.674 AVAST engine defs: 12122200
15:29:07.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
15:29:07.389 Disk 0 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
15:29:07.395 Disk 0 MBR read successfully
15:29:07.397 Disk 0 MBR scan
15:29:07.401 Disk 0 Windows 7 default MBR code
15:29:07.404 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
15:29:07.428 Disk 0 scanning C:\Windows\system32\drivers
15:29:16.980 Service scanning
15:29:33.789 Modules scanning
15:29:33.796 Disk 0 trace - called modules:
15:29:33.813 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
15:29:33.816 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ce0060]
15:29:33.821 3 CLASSPNP.SYS[fffff88001d6b43f] -> nt!IofCallDriver -> [0xfffffa8007a28a10]
15:29:34.152 5 ACPI.sys[fffff88000ef17a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8007a519c0]
15:29:35.639 AVAST engine scan C:\Windows
15:29:38.338 AVAST engine scan C:\Windows\system32
15:32:16.845 AVAST engine scan C:\Windows\system32\drivers
15:32:33.242 AVAST engine scan C:\Users\Erin
15:33:35.503 Disk 0 MBR has been saved successfully to "C:\Users\Erin\Documents\MBR.dat"
15:33:35.511 The log file has been saved successfully to "C:\Users\Erin\Documents\aswMBR.txt"


And my computer still seems to be virus free and working normally. Please inform me as to what the nexts steps in finishing this process would be.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 22 December 2012 - 10:17 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DanieD

DanieD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 24 December 2012 - 09:47 PM

Here is the log from running combofix:


ComboFix 12-12-23.01 - Erin 12/24/2012 21:13:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6679 [GMT -5:00]
Running from: c:\users\Erin\Desktop\Virus Removal Tools\ComboFix.exe
Command switches used :: c:\users\Erin\Desktop\CFscript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 02:24 . 2012-12-25 02:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-25 02:24 . 2012-12-25 02:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 08:04 . 2012-12-25 02:16 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E016240-30D4-43C5-96C0-670C3174DF07}\offreg.dll
2012-12-21 20:25 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E016240-30D4-43C5-96C0-670C3174DF07}\mpengine.dll
2012-12-21 19:07 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 19:07 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 19:07 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 19:07 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 03:59 . 2012-12-14 04:52 -------- d-----w- c:\users\Erin\AppData\Roaming\Tesy
2012-12-14 03:59 . 2012-12-14 03:59 -------- d-----w- c:\users\Erin\AppData\Roaming\Hyzak
2012-12-14 03:59 . 2012-12-14 03:59 -------- d-----w- c:\users\Erin\AppData\Roaming\Utgo
2012-12-13 21:19 . 2012-12-14 03:57 -------- d-----w- c:\users\Erin\AppData\Roaming\Kegab
2012-12-13 21:19 . 2012-12-13 21:19 -------- d-----w- c:\users\Erin\AppData\Roaming\Yrsaan
2012-12-13 21:19 . 2012-12-13 21:19 -------- d-----w- c:\users\Erin\AppData\Roaming\Nefem
2012-12-13 03:40 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 03:40 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 03:40 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-09 22:42 . 2012-12-09 23:05 -------- d-----w- c:\users\Erin\AppData\Local\Spotify
2012-12-09 22:41 . 2012-12-14 07:31 -------- d-----w- c:\users\Erin\AppData\Roaming\Spotify
2012-12-06 20:32 . 2012-12-07 04:12 -------- d-----w- c:\users\Erin\AppData\Roaming\Magio
2012-12-06 20:32 . 2012-12-07 03:18 -------- d-----w- c:\users\Erin\AppData\Roaming\Kais
2012-12-06 20:32 . 2012-12-06 20:32 -------- d-----w- c:\users\Erin\AppData\Roaming\Guazm
2012-11-30 20:07 . 2012-12-13 08:02 67413224 ----a-w- c:\windows\system32\MRT.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 00:21 . 2012-04-07 01:12 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 00:21 . 2012-02-11 02:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 01:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 01:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 01:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2012-02-11 02:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2009-07-13 21:59 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2012-02-11 02:23 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2009-06-10 20:37 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-09 18:17 . 2012-11-16 09:33 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 09:33 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 09:33 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 09:33 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 03:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-16 09:33 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 09:33 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 09:33 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 09:33 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 09:33 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 09:33 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 09:33 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 09:33 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 09:33 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 09:33 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 09:33 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 19:51 . 2012-02-11 02:23 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-02-11 02:23 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-11-18 08:02 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-02-11 02:23 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-02-11 02:23 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-02-11 02:23 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-30 00:54 . 2012-11-22 01:55 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 20:57 . 2012-03-29 20:53 1040814080 ---ha-w- c:\program files (x86)\Flyff_US_V18_20120109.exe.gpotato
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
2011-10-27 22:21 502424 ----a-w- c:\program files (x86)\SearchPredict\SearchPredict.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2012-02-11 15:46 2660016 ----a-w- c:\program files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-02-11 2980016]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-03 896912]
"Spotify Web Helper"="c:\users\Erin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-09 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
.
c:\users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-08-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-08-08 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-08-08 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-11 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [2011-07-28 1084536]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120905.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [2011-08-08 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120914.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [2011-07-25 189560]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [2011-07-25 401016]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys [2007-03-15 150016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-17 138912]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-08-11 1587968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 00:21]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-567866095-3943894801-3220069744-1000Core.job
- c:\users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 03:03]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-567866095-3943894801-3220069744-1000UA.job
- c:\users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-08-03 116224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-51186847.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-24 21:42:38
ComboFix-quarantined-files.txt 2012-12-25 02:42
ComboFix2.txt 2012-12-15 04:44
.
Pre-Run: 268,663,676,928 bytes free
Post-Run: 269,743,980,544 bytes free
.
- - End Of File - - 1D7C278237B3AA57083CF484BECF9C01



The computer seems to be still running fine. Please tell me if there is anything else I need to do.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 25 December 2012 - 06:54 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

ATorrent
Download Accelerator Plus (DAP)
Java™ 6 Update 22
uTorrentControl2 Toolbar

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 28 December 2012 - 12:23 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 31 December 2012 - 01:23 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 03 January 2013 - 12:26 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users