Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake FBI warning, unable to boot in safe mode, please help


  • Please log in to reply
17 replies to this topic

#1 ND_Fan

ND_Fan

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 01:31 PM

Hello Bleeping Computer.

 

I'm running Windows 7 Home, 32-Bit

 

This morning I was infected with a fake FBI warning message:

 

"This PC (Windows 7, 32-Bit) is blocked due to at least one of the reasons specified below..." 

 

I powered down, then attempted to reboot in Safe Mode.  It wouldn't restart in Safe Mode, instead it restarted in Normal Mode, the screen went blank white, then redirected to the same fake FBI Warning message.  I'm unable to proceed beyond this fake FBI warning screen.

 

I have access to a clean PC and external USB flash drive, and with your help I'm ready to follow your detailed instructions to remove this infection.

 

Many thanks in advance!

 

ND_Fan

 

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 AM

Posted 09 March 2013 - 01:48 PM



Select System restore

If you have a previous restore point ,restore it and let me know if you can boot now


Edited by narenxp, 09 March 2013 - 02:16 PM.


#3 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 02:14 PM

Hello narenxp.  Thanks for the reply.

 

I followed your instructions, successfully completed the restore point.  Yes, now I can reboot successfully in Normal Mode.

 

I'm now ready for the next step.

 

Thanks

ND_Fan



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 AM

Posted 09 March 2013 - 02:16 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#5 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 04:52 PM

Thanks for the reply.  Below are the scan results:

 

TDSSKiller Log (1 of 2):

 

13:24:49.0147 2604  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:24:50.0756 2604  ============================================================
13:24:50.0756 2604  Current date / time: 2013/03/09 13:24:50.0756
13:24:50.0756 2604  SystemInfo:
13:24:50.0756 2604 
13:24:50.0756 2604  OS Version: 6.1.7601 ServicePack: 1.0
13:24:50.0756 2604  Product type: Workstation
13:24:50.0756 2604  ComputerName: STEVE-PC
13:24:50.0756 2604  UserName: Steve
13:24:50.0756 2604  Windows directory: C:\Windows
13:24:50.0756 2604  System windows directory: C:\Windows
13:24:50.0756 2604  Processor architecture: Intel x86
13:24:50.0756 2604  Number of processors: 1
13:24:50.0756 2604  Page size: 0x1000
13:24:50.0756 2604  Boot type: Normal boot
13:24:50.0756 2604  ============================================================
13:25:04.0101 2604  BG loaded
13:25:05.0351 2604  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:25:05.0351 2604  ============================================================
13:25:05.0351 2604  \Device\Harddisk0\DR0:
13:25:05.0351 2604  MBR partitions:
13:25:05.0351 2604  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:25:05.0351 2604  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94D58B0
13:25:05.0351 2604  ============================================================
13:25:05.0429 2604  C: <-> \Device\Harddisk0\DR0\Partition2
13:25:05.0429 2604  ============================================================
13:25:05.0429 2604  Initialize success
13:25:05.0429 2604  ============================================================
13:26:19.0918 3772  ============================================================
13:26:19.0918 3772  Scan started
13:26:19.0918 3772  Mode: Manual; TDLFS;
13:26:19.0918 3772  ============================================================
13:26:23.0920 3772  ================ Scan system memory ========================
13:26:23.0920 3772  System memory - ok
13:26:23.0920 3772  ================ Scan services =============================
13:26:24.0420 3772  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:26:24.0452 3772  1394ohci - ok
13:26:24.0920 3772  5762 - ok
13:26:25.0061 3772  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:26:25.0108 3772  ACPI - ok
13:26:25.0233 3772  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:26:25.0936 3772  AcpiPmi - ok
13:26:26.0499 3772  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:26:26.0514 3772  AdobeARMservice - ok
13:26:26.0811 3772  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:26:26.0827 3772  adp94xx - ok
13:26:26.0952 3772  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:26:26.0983 3772  adpahci - ok
13:26:27.0030 3772  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:26:27.0045 3772  adpu320 - ok
13:26:27.0139 3772  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:26:27.0139 3772  AeLookupSvc - ok
13:26:27.0467 3772  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
13:26:27.0577 3772  AFD - ok
13:26:27.0670 3772  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:26:27.0686 3772  agp440 - ok
13:26:27.0829 3772  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
13:26:27.0844 3772  aic78xx - ok
13:26:27.0985 3772  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
13:26:28.0000 3772  ALG - ok
13:26:28.0063 3772  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:26:28.0094 3772  aliide - ok
13:26:28.0172 3772  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:26:28.0172 3772  amdagp - ok
13:26:28.0219 3772  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:26:28.0235 3772  amdide - ok
13:26:28.0313 3772  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:26:28.0329 3772  AmdK8 - ok
13:26:28.0391 3772  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:26:28.0391 3772  AmdPPM - ok
13:26:28.0469 3772  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:26:28.0485 3772  amdsata - ok
13:26:28.0547 3772  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:26:28.0563 3772  amdsbs - ok
13:26:28.0610 3772  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:26:28.0610 3772  amdxata - ok
13:26:28.0688 3772  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
13:26:28.0704 3772  AppID - ok
13:26:28.0813 3772  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:26:28.0829 3772  AppIDSvc - ok
13:26:28.0969 3772  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
13:26:28.0969 3772  Appinfo - ok
13:26:29.0266 3772  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:26:29.0329 3772  Apple Mobile Device - ok
13:26:29.0391 3772  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:26:29.0391 3772  arc - ok
13:26:29.0422 3772  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:26:29.0422 3772  arcsas - ok
13:26:29.0485 3772  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:29.0485 3772  AsyncMac - ok
13:26:29.0594 3772  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
13:26:29.0594 3772  atapi - ok
13:26:29.0985 3772  [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
13:26:30.0016 3772  Ati External Event Utility - ok
13:26:30.0407 3772  [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:30.0594 3772  atikmdag - ok
13:26:30.0704 3772  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:26:30.0735 3772  AudioEndpointBuilder - ok
13:26:30.0782 3772  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:26:30.0782 3772  Audiosrv - ok
13:26:30.0860 3772  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:26:30.0907 3772  AxInstSV - ok
13:26:31.0016 3772  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
13:26:31.0063 3772  b06bdrv - ok
13:26:31.0204 3772  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:26:31.0219 3772  b57nd60x - ok
13:26:32.0017 3772  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
13:26:32.0095 3772  BCM43XX - ok
13:26:32.0298 3772  [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
13:26:32.0330 3772  bcm4sbxp - ok
13:26:32.0517 3772  [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:26:32.0564 3772  BcmSqlStartupSvc - ok
13:26:32.0626 3772  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:26:32.0642 3772  BDESVC - ok
13:26:32.0705 3772  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:26:32.0720 3772  Beep - ok
13:26:35.0939 3772  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
13:26:36.0033 3772  BFE - ok
13:26:36.0423 3772  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
13:26:36.0455 3772  BITS - ok
13:26:36.0517 3772  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:26:36.0548 3772  blbdrive - ok
13:26:37.0080 3772  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:26:37.0126 3772  Bonjour Service - ok
13:26:37.0220 3772  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:26:37.0236 3772  bowser - ok
13:26:37.0314 3772  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:26:37.0314 3772  BrFiltLo - ok
13:26:37.0330 3772  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:26:37.0345 3772  BrFiltUp - ok
13:26:37.0501 3772  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:26:37.0501 3772  BridgeMP - ok
13:26:37.0580 3772  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
13:26:37.0580 3772  Browser - ok
13:26:37.0705 3772  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:26:37.0720 3772  Brserid - ok
13:26:37.0798 3772  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:26:37.0798 3772  BrSerWdm - ok
13:26:37.0814 3772  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:26:37.0830 3772  BrUsbMdm - ok
13:26:37.0861 3772  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:26:37.0876 3772  BrUsbSer - ok
13:26:37.0908 3772  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:26:37.0908 3772  BTHMODEM - ok
13:26:38.0001 3772  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
13:26:38.0017 3772  bthserv - ok
13:26:38.0095 3772  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:26:38.0111 3772  cdfs - ok
13:26:38.0314 3772  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:26:38.0376 3772  cdrom - ok
13:26:38.0548 3772  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:26:38.0580 3772  CertPropSvc - ok
13:26:38.0673 3772  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:26:38.0689 3772  circlass - ok
13:26:38.0830 3772  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
13:26:38.0876 3772  CLFS - ok
13:26:39.0095 3772  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:39.0111 3772  clr_optimization_v2.0.50727_32 - ok
13:26:39.0517 3772  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:39.0861 3772  clr_optimization_v4.0.30319_32 - ok
13:26:39.0923 3772  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:26:39.0939 3772  CmBatt - ok
13:26:40.0017 3772  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:26:40.0064 3772  cmdide - ok
13:26:40.0158 3772  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:26:40.0189 3772  CNG - ok
13:26:40.0251 3772  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:26:40.0267 3772  Compbatt - ok
13:26:40.0361 3772  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:26:40.0376 3772  CompositeBus - ok
13:26:40.0423 3772  COMSysApp - ok
13:26:40.0470 3772  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:26:40.0486 3772  crcdisk - ok
13:26:40.0673 3772  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:26:40.0689 3772  CryptSvc - ok
13:26:40.0892 3772  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:26:40.0923 3772  DcomLaunch - ok
13:26:40.0970 3772  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:26:41.0001 3772  defragsvc - ok
13:26:41.0126 3772  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:26:41.0158 3772  DfsC - ok
13:26:41.0345 3772  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:26:41.0361 3772  Dhcp - ok
13:26:41.0408 3772  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
13:26:41.0423 3772  discache - ok
13:26:41.0548 3772  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:26:41.0548 3772  Disk - ok
13:26:41.0673 3772  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:26:41.0673 3772  Dnscache - ok
13:26:41.0798 3772  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:26:41.0814 3772  dot3svc - ok
13:26:41.0934 3772  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
13:26:41.0950 3772  DPS - ok
13:26:42.0028 3772  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:26:42.0043 3772  drmkaud - ok
13:26:42.0153 3772  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:26:42.0200 3772  DXGKrnl - ok
13:26:42.0325 3772  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
13:26:42.0340 3772  EapHost - ok
13:26:43.0185 3772  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
13:26:43.0326 3772  ebdrv - ok
13:26:43.0404 3772  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
13:26:43.0404 3772  EFS - ok
13:26:43.0654 3772  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:26:43.0685 3772  ehRecvr - ok
13:26:43.0763 3772  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
13:26:43.0810 3772  ehSched - ok
13:26:43.0982 3772  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:26:43.0998 3772  elxstor - ok
13:26:44.0060 3772  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:26:44.0060 3772  ErrDev - ok
13:26:44.0185 3772  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
13:26:44.0201 3772  EventSystem - ok
13:26:44.0232 3772  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
13:26:44.0263 3772  exfat - ok
13:26:44.0326 3772  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:26:44.0341 3772  fastfat - ok
13:26:44.0498 3772  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
13:26:44.0498 3772  Fax - ok
13:26:44.0544 3772  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:26:44.0544 3772  fdc - ok
13:26:44.0591 3772  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
13:26:44.0591 3772  fdPHost - ok
13:26:44.0623 3772  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
13:26:44.0623 3772  FDResPub - ok
13:26:44.0654 3772  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:26:44.0669 3772  FileInfo - ok
13:26:44.0716 3772  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:26:44.0763 3772  Filetrace - ok
13:26:44.0810 3772  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:44.0810 3772  flpydisk - ok
13:26:44.0888 3772  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:26:44.0904 3772  FltMgr - ok
13:26:45.0060 3772  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
13:26:45.0123 3772  FontCache - ok
13:26:45.0248 3772  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:26:45.0294 3772  FontCache3.0.0.0 - ok
13:26:45.0326 3772  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:26:45.0357 3772  FsDepends - ok
13:26:45.0419 3772  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:26:45.0435 3772  Fs_Rec - ok
13:26:45.0591 3772  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:26:45.0685 3772  fvevol - ok
13:26:45.0810 3772  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:26:45.0826 3772  gagp30kx - ok
13:26:46.0091 3772  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:26:46.0107 3772  GEARAspiWDM - ok
13:26:46.0373 3772  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:26:46.0404 3772  gpsvc - ok
13:26:46.0826 3772  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:26:46.0841 3772  gupdate - ok
13:26:46.0904 3772  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:26:46.0904 3772  gupdatem - ok
13:26:47.0310 3772  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:26:47.0341 3772  gusvc - ok
13:26:47.0388 3772  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:26:47.0419 3772  hcw85cir - ok
13:26:47.0498 3772  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:26:47.0544 3772  HDAudBus - ok
13:26:47.0576 3772  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:26:47.0591 3772  HidBatt - ok
13:26:47.0654 3772  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:26:47.0669 3772  HidBth - ok
13:26:47.0732 3772  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:26:47.0810 3772  HidIr - ok
13:26:47.0857 3772  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
13:26:47.0873 3772  hidserv - ok
13:26:47.0951 3772  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:26:47.0966 3772  HidUsb - ok
13:26:48.0029 3772  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:26:48.0044 3772  hkmsvc - ok
13:26:48.0154 3772  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:26:48.0154 3772  HomeGroupListener - ok
13:26:48.0294 3772  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:26:48.0310 3772  HomeGroupProvider - ok
13:26:48.0404 3772  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:26:48.0404 3772  HpSAMD - ok
13:26:48.0544 3772  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:26:48.0560 3772  HTTP - ok
13:26:48.0623 3772  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:26:48.0623 3772  hwpolicy - ok
13:26:48.0826 3772  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:26:48.0841 3772  i8042prt - ok
13:26:48.0919 3772  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:26:48.0951 3772  iaStorV - ok
13:26:49.0095 3772  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:26:49.0158 3772  idsvc - ok
13:26:49.0205 3772  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:26:49.0220 3772  iirsp - ok
13:26:49.0376 3772  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:26:49.0423 3772  IKEEXT - ok
13:26:49.0517 3772  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:26:49.0533 3772  intelide - ok
13:26:49.0642 3772  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:26:49.0673 3772  intelppm - ok
13:26:49.0861 3772  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:26:49.0861 3772  IntuitUpdateService - ok
13:26:49.0908 3772  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:26:49.0939 3772  IPBusEnum - ok
13:26:50.0008 3772  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:50.0024 3772  IpFilterDriver - ok
13:26:50.0290 3772  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
13:26:50.0336 3772  IpHlpSvc - ok
13:26:50.0399 3772  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:26:50.0430 3772  IPMIDRV - ok
13:26:50.0493 3772  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:26:50.0524 3772  IPNAT - ok
13:26:50.0649 3772  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:26:50.0665 3772  iPod Service - ok
13:26:50.0790 3772  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:26:50.0805 3772  IRENUM - ok
13:26:50.0915 3772  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:26:50.0930 3772  isapnp - ok
13:26:50.0993 3772  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:26:51.0024 3772  iScsiPrt - ok
13:26:51.0196 3772  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:26:51.0211 3772  kbdclass - ok
13:26:51.0305 3772  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:26:51.0336 3772  kbdhid - ok
13:26:51.0368 3772  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
13:26:51.0368 3772  KeyIso - ok
13:26:51.0446 3772  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:26:51.0446 3772  KSecDD - ok
13:26:51.0571 3772  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:26:51.0586 3772  KSecPkg - ok
13:26:51.0665 3772  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:26:51.0696 3772  KtmRm - ok
13:26:51.0836 3772  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:26:51.0868 3772  LanmanServer - ok
13:26:51.0977 3772  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:26:51.0993 3772  LanmanWorkstation - ok
13:26:52.0212 3772  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:26:52.0244 3772  lltdio - ok
13:26:52.0306 3772  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:26:52.0322 3772  lltdsvc - ok
13:26:52.0384 3772  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:26:52.0447 3772  lmhosts - ok
13:26:52.0525 3772  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:26:52.0525 3772  LSI_FC - ok
13:26:52.0572 3772  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:26:52.0572 3772  LSI_SAS - ok
13:26:52.0650 3772  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:26:52.0666 3772  LSI_SAS2 - ok
13:26:52.0712 3772  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:26:52.0728 3772  LSI_SCSI - ok
13:26:52.0806 3772  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
13:26:52.0806 3772  luafv - ok
13:26:52.0869 3772  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:26:52.0900 3772  Mcx2Svc - ok
13:26:52.0947 3772  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:26:52.0962 3772  megasas - ok
13:26:53.0009 3772  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:26:53.0041 3772  MegaSR - ok
13:26:53.0244 3772  Microsoft SharePoint Workspace Audit Service - ok
13:26:53.0353 3772  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
13:26:53.0369 3772  MMCSS - ok
13:26:53.0400 3772  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
13:26:53.0416 3772  Modem - ok
13:26:53.0494 3772  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:26:53.0494 3772  monitor - ok
13:26:53.0572 3772  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:26:53.0587 3772  mouclass - ok
13:26:53.0681 3772  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:26:53.0697 3772  mouhid - ok
13:26:53.0806 3772  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:26:53.0806 3772  mountmgr - ok
13:26:53.0884 3772  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:26:53.0900 3772  MpFilter - ok
13:26:53.0978 3772  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:26:53.0994 3772  mpio - ok
13:26:54.0322 3772  [ A69630D039C38018689190234F866D77 ] MpKslcffaf9b5   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\MpKslcffaf9b5.sys
13:26:54.0322 3772  MpKslcffaf9b5 - ok
13:26:54.0369 3772  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:26:54.0384 3772  mpsdrv - ok
13:26:54.0634 3772  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:26:54.0666 3772  MpsSvc - ok
13:26:54.0728 3772  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:26:54.0806 3772  MRxDAV - ok
13:26:54.0869 3772  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:54.0869 3772  mrxsmb - ok
13:26:54.0947 3772  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:54.0947 3772  mrxsmb10 - ok
13:26:54.0962 3772  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:54.0962 3772  mrxsmb20 - ok
13:26:55.0009 3772  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
13:26:55.0009 3772  msahci - ok
13:26:55.0056 3772  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:26:55.0087 3772  msdsm - ok
13:26:55.0119 3772  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
13:26:55.0119 3772  MSDTC - ok
13:26:55.0181 3772  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:26:55.0197 3772  Msfs - ok
13:26:55.0228 3772  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:26:55.0228 3772  mshidkmdf - ok
13:26:55.0291 3772  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:26:55.0291 3772  msisadrv - ok
13:26:55.0384 3772  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:26:55.0384 3772  MSiSCSI - ok
13:26:55.0400 3772  msiserver - ok
13:26:55.0462 3772  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:26:55.0478 3772  MSKSSRV - ok
13:26:55.0603 3772  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:26:55.0603 3772  MsMpSvc - ok
13:26:55.0681 3772  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:55.0697 3772  MSPCLOCK - ok
13:26:55.0775 3772  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:26:55.0775 3772  MSPQM - ok
13:26:55.0837 3772  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:26:55.0837 3772  MsRPC - ok
13:26:55.0900 3772  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:26:55.0916 3772  mssmbios - ok
13:26:56.0056 3772  MSSQL$MSSMLBIZ - ok
13:26:56.0275 3772  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:26:56.0322 3772  MSSQLServerADHelper100 - ok
13:26:56.0400 3772  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:26:56.0416 3772  MSTEE - ok
13:26:56.0462 3772  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:26:56.0462 3772  MTConfig - ok
13:26:56.0494 3772  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:26:56.0494 3772  Mup - ok
13:26:56.0666 3772  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
13:26:56.0681 3772  napagent - ok
13:26:56.0822 3772  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:26:56.0837 3772  NativeWifiP - ok
13:26:56.0962 3772  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:26:57.0009 3772  NDIS - ok
13:26:57.0088 3772  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:26:57.0088 3772  NdisCap - ok
13:26:57.0120 3772  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:57.0135 3772  NdisTapi - ok
13:26:57.0182 3772  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:57.0182 3772  Ndisuio - ok
13:26:57.0276 3772  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:57.0291 3772  NdisWan - ok
13:26:57.0323 3772  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:26:57.0323 3772  NDProxy - ok
13:26:57.0432 3772  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:26:57.0479 3772  NetBIOS - ok
13:26:57.0557 3772  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:26:57.0557 3772  NetBT - ok
13:26:57.0635 3772  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
13:26:57.0635 3772  Netlogon - ok
13:26:57.0760 3772  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
13:26:57.0776 3772  Netman - ok
13:26:57.0948 3772  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
13:26:57.0995 3772  netprofm - ok
13:26:58.0104 3772  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:26:58.0151 3772  NetTcpPortSharing - ok
13:26:58.0213 3772  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:26:58.0245 3772  nfrd960 - ok
13:26:58.0323 3772  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:26:58.0354 3772  NisDrv - ok
13:26:58.0495 3772  [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:26:58.0510 3772  NisSrv - ok
13:26:58.0573 3772  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:26:58.0588 3772  NlaSvc - ok
13:26:58.0635 3772  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:26:58.0635 3772  Npfs - ok
13:26:58.0682 3772  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
13:26:58.0682 3772  nsi - ok
13:26:58.0791 3772  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:26:58.0807 3772  nsiproxy - ok
13:26:58.0963 3772  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:26:59.0041 3772  Ntfs - ok
13:26:59.0073 3772  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
13:26:59.0073 3772  Null - ok
13:26:59.0151 3772  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:26:59.0151 3772  nvraid - ok
13:26:59.0229 3772  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:26:59.0229 3772  nvstor - ok
13:26:59.0291 3772  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:26:59.0307 3772  nv_agp - ok
13:26:59.0370 3772  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:26:59.0370 3772  ohci1394 - ok
13:26:59.0588 3772  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:26:59.0604 3772  ose - ok
13:27:00.0010 3772  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:27:00.0183 3772  osppsvc - ok
13:27:00.0261 3772  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:27:00.0261 3772  p2pimsvc - ok
13:27:00.0339 3772  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:27:00.0355 3772  p2psvc - ok
13:27:00.0402 3772  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:27:00.0417 3772  Parport - ok
13:27:00.0464 3772  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:27:00.0480 3772  partmgr - ok
13:27:00.0511 3772  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:27:00.0511 3772  Parvdm - ok
13:27:00.0542 3772  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:27:00.0542 3772  PcaSvc - ok
13:27:00.0605 3772  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
13:27:00.0621 3772  pci - ok
13:27:00.0714 3772  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
13:27:00.0714 3772  pciide - ok
13:27:00.0792 3772  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:27:00.0808 3772  pcmcia - ok
13:27:00.0855 3772  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
13:27:00.0855 3772  pcw - ok
13:27:00.0933 3772  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:27:00.0996 3772  PEAUTH - ok
13:27:01.0167 3772  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
13:27:01.0292 3772  pla - ok
13:27:01.0371 3772  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:27:01.0402 3772  PlugPlay - ok
13:27:01.0433 3772  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:27:01.0449 3772  PNRPAutoReg - ok
13:27:01.0480 3772  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:27:01.0480 3772  PNRPsvc - ok
13:27:01.0542 3772  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:27:01.0574 3772  PolicyAgent - ok
13:27:01.0652 3772  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
13:27:01.0683 3772  Power - ok
13:27:01.0808 3772  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:27:01.0808 3772  PptpMiniport - ok
13:27:01.0855 3772  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:27:01.0855 3772  Processor - ok
13:27:01.0980 3772  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
13:27:01.0980 3772  ProfSvc - ok
13:27:02.0011 3772  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:27:02.0011 3772  ProtectedStorage - ok
13:27:02.0074 3772  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:27:02.0074 3772  Psched - ok
13:27:02.0183 3772  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
13:27:02.0183 3772  PSI - ok
13:27:02.0308 3772  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:27:02.0386 3772  ql2300 - ok
13:27:02.0433 3772  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:27:02.0433 3772  ql40xx - ok
13:27:02.0480 3772  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
13:27:02.0496 3772  QWAVE - ok
13:27:02.0511 3772  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:27:02.0511 3772  QWAVEdrv - ok
13:27:02.0542 3772  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:27:02.0542 3772  RasAcd - ok
13:27:02.0636 3772  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:27:02.0636 3772  RasAgileVpn - ok
13:27:02.0683 3772  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
13:27:02.0683 3772  RasAuto - ok
13:27:02.0714 3772  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:27:02.0714 3772  Rasl2tp - ok
13:27:02.0839 3772  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
13:27:02.0871 3772  RasMan - ok
13:27:02.0933 3772  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:27:02.0933 3772  RasPppoe - ok
13:27:02.0996 3772  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:27:03.0011 3772  RasSstp - ok
13:27:03.0089 3772  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:27:03.0123 3772  rdbss - ok
13:27:03.0170 3772  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:27:03.0170 3772  rdpbus - ok
13:27:03.0233 3772  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:27:03.0233 3772  RDPCDD - ok
13:27:03.0311 3772  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:27:03.0311 3772  RDPENCDD - ok
13:27:03.0374 3772  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:27:03.0374 3772  RDPREFMP - ok
13:27:03.0452 3772  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:27:03.0467 3772  RDPWD - ok
13:27:03.0561 3772  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:27:03.0561 3772  rdyboost - ok
13:27:03.0624 3772  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:27:03.0624 3772  RemoteAccess - ok
13:27:03.0670 3772  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:27:03.0670 3772  RemoteRegistry - ok
13:27:03.0811 3772  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
13:27:03.0811 3772  RimUsb - ok
13:27:03.0905 3772  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:27:03.0920 3772  RpcEptMapper - ok
13:27:03.0967 3772  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
13:27:03.0967 3772  RpcLocator - ok
13:27:04.0014 3772  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
13:27:04.0030 3772  RpcSs - ok
13:27:04.0108 3772  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
13:27:04.0124 3772  RsFx0103 - ok
13:27:04.0203 3772  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:27:04.0218 3772  rspndr - ok
13:27:04.0265 3772  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
13:27:04.0265 3772  SamSs - ok
13:27:04.0359 3772  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:27:04.0359 3772  sbp2port - ok
13:27:04.0562 3772  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:27:04.0609 3772  SBSDWSCService - ok
13:27:04.0671 3772  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:27:04.0671 3772  SCardSvr - ok
13:27:04.0734 3772  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:27:04.0781 3772  scfilter - ok
13:27:04.0984 3772  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
13:27:05.0078 3772  Schedule - ok
13:27:05.0140 3772  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:27:05.0140 3772  SCPolicySvc - ok
13:27:05.0218 3772  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
13:27:05.0250 3772  sdbus - ok
13:27:05.0328 3772  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:27:05.0328 3772  SDRSVC - ok
13:27:05.0406 3772  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:27:05.0406 3772  secdrv - ok
13:27:05.0437 3772  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
13:27:05.0437 3772  seclogon - ok
13:27:05.0671 3772  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:27:06.0156 3772  Secunia PSI Agent - ok
13:27:06.0422 3772  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:27:06.0610 3772  Secunia Update Agent - ok
13:27:06.0657 3772  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
13:27:06.0672 3772  SENS - ok
13:27:06.0735 3772  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:27:06.0766 3772  SensrSvc - ok
13:27:06.0813 3772  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:27:06.0829 3772  Serenum - ok
13:27:06.0875 3772  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:27:06.0891 3772  Serial - ok
13:27:06.0938 3772  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:27:06.0938 3772  sermouse - ok
13:27:07.0063 3772  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:27:07.0094 3772  SessionEnv - ok
13:27:07.0297 3772  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:27:07.0329 3772  sffdisk - ok
13:27:07.0422 3772  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:27:07.0438 3772  sffp_mmc - ok
13:27:07.0500 3772  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:27:07.0672 3772  sffp_sd - ok
13:27:07.0922 3772  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:27:08.0297 3772  sfloppy - ok
13:27:08.0454 3772  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:27:08.0485 3772  SharedAccess - ok
13:27:08.0641 3772  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:27:08.0672 3772  ShellHWDetection - ok
13:27:08.0797 3772  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:27:08.0813 3772  sisagp - ok
13:27:08.0907 3772  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:27:08.0938 3772  SiSRaid2 - ok
13:27:08.0969 3772  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:27:09.0016 3772  SiSRaid4 - ok
13:27:09.0063 3772  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:27:09.0063 3772  Smb - ok
13:27:09.0172 3772  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:27:09.0188 3772  SNMPTRAP - ok
13:27:09.0219 3772  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:27:09.0219 3772  spldr - ok
13:27:09.0329 3772  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
13:27:09.0344 3772  Spooler - ok
13:27:09.0985 3772  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
13:27:10.0016 3772  sppsvc - ok
13:27:10.0094 3772  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:27:10.0125 3772  sppuinotify - ok
13:27:10.0219 3772  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
13:27:10.0284 3772  SQLAgent$MSSMLBIZ - ok
13:27:10.0549 3772  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:27:10.0596 3772  SQLBrowser - ok
13:27:10.0690 3772  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:27:10.0690 3772  SQLWriter - ok
13:27:10.0924 3772  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:27:10.0956 3772  srv - ok
13:27:11.0096 3772  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:27:11.0127 3772  srv2 - ok
13:27:11.0190 3772  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:27:11.0190 3772  srvnet - ok
13:27:11.0237 3772  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:27:11.0237 3772  SSDPSRV - ok
13:27:11.0268 3772  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:27:11.0315 3772  SstpSvc - ok
13:27:11.0409 3772  [ 305CC42945A713347F978D78566113F3 ] STAC97          C:\Windows\system32\drivers\STAC97.sys
13:27:11.0440 3772  STAC97 - ok
13:27:11.0487 3772  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:27:11.0487 3772  stexstor - ok
13:27:11.0690 3772  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:27:11.0706 3772  StiSvc - ok
13:27:11.0831 3772  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:27:11.0846 3772  swenum - ok
13:27:11.0893 3772  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
13:27:11.0909 3772  swprv - ok
13:27:12.0424 3772  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
13:27:12.0471 3772  SysMain - ok
13:27:12.0502 3772  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:27:12.0549 3772  TabletInputService - ok
13:27:12.0627 3772  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:27:12.0643 3772  TapiSrv - ok
13:27:12.0706 3772  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
13:27:12.0706 3772  TBS - ok
13:27:12.0956 3772  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:27:13.0065 3772  Tcpip - ok
13:27:13.0206 3772  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:27:13.0221 3772  TCPIP6 - ok
13:27:13.0315 3772  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:27:13.0346 3772  tcpipreg - ok
13:27:13.0424 3772  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:27:13.0424 3772  TDPIPE - ok
13:27:13.0487 3772  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:27:13.0502 3772  TDTCP - ok
13:27:13.0581 3772  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:27:13.0627 3772  tdx - ok
13:27:13.0690 3772  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:27:13.0706 3772  TermDD - ok
13:27:13.0877 3772  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
13:27:13.0909 3772  TermService - ok
13:27:14.0002 3772  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
13:27:14.0034 3772  Themes - ok
13:27:14.0081 3772  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
13:27:14.0081 3772  THREADORDER - ok
13:27:14.0112 3772  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
13:27:14.0112 3772  TrkWks - ok
13:27:14.0269 3772  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:27:14.0300 3772  TrustedInstaller - ok
13:27:14.0378 3772  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:27:14.0394 3772  tssecsrv - ok
13:27:14.0503 3772  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:27:14.0519 3772  TsUsbFlt - ok
13:27:14.0644 3772  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:27:14.0675 3772  tunnel - ok
13:27:14.0816 3772  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:27:14.0832 3772  uagp35 - ok
13:27:14.0957 3772  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:27:14.0972 3772  udfs - ok
13:27:15.0050 3772  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:27:15.0050 3772  UI0Detect - ok
13:27:15.0113 3772  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:27:15.0113 3772  uliagpkx - ok
13:27:15.0175 3772  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
13:27:15.0191 3772  umbus - ok
13:27:15.0222 3772  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:27:15.0222 3772  UmPass - ok
13:27:15.0269 3772  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
13:27:15.0285 3772  upnphost - ok
13:27:15.0347 3772  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:27:15.0347 3772  usbccgp - ok
13:27:15.0425 3772  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:27:15.0441 3772  usbcir - ok
13:27:15.0519 3772  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:27:15.0535 3772  usbehci - ok
13:27:15.0597 3772  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:27:15.0597 3772  usbhub - ok
13:27:15.0660 3772  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:27:15.0691 3772  usbohci - ok
13:27:15.0785 3772  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:27:15.0785 3772  usbprint - ok
13:27:15.0847 3772  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:27:15.0894 3772  usbscan - ok
13:27:15.0972 3772  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
13:27:16.0003 3772  USBSTOR - ok
13:27:16.0082 3772  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:27:16.0082 3772  usbuhci - ok
13:27:16.0144 3772  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
13:27:16.0144 3772  UxSms - ok
13:27:16.0175 3772  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
13:27:16.0191 3772  VaultSvc - ok
13:27:16.0238 3772  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:27:16.0269 3772  vdrvroot - ok
13:27:16.0347 3772  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
13:27:16.0378 3772  vds - ok
13:27:16.0457 3772  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:27:16.0472 3772  vga - ok
13:27:16.0550 3772  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:27:16.0550 3772  VgaSave - ok
13:27:16.0660 3772  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:27:16.0675 3772  vhdmp - ok
13:27:16.0800 3772  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:27:16.0800 3772  viaagp - ok
13:27:16.0816 3772  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
13:27:16.0832 3772  ViaC7 - ok
13:27:16.0878 3772  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
13:27:16.0910 3772  viaide - ok
13:27:16.0972 3772  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:27:16.0972 3772  volmgr - ok
13:27:17.0003 3772  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:27:17.0035 3772  volmgrx - ok
13:27:17.0113 3772  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:27:17.0128 3772  volsnap - ok
13:27:17.0253 3772  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:27:17.0285 3772  vsmraid - ok
13:27:17.0628 3772  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
13:27:17.0660 3772  VSS - ok
13:27:17.0800 3772  [ A864E0BFE76383ED7D5FFCA51DCC0D5B ] VSTHWICH        C:\Windows\system32\DRIVERS\VSTICH3.SYS
13:27:17.0800 3772  VSTHWICH - ok
13:27:18.0082 3772  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:27:18.0128 3772  VST_DPV - ok
13:27:18.0160 3772  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:27:18.0175 3772  vwifibus - ok
13:27:18.0222 3772  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:27:18.0222 3772  vwififlt - ok
13:27:18.0410 3772  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
13:27:18.0425 3772  W32Time - ok
13:27:18.0488 3772  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:27:18.0503 3772  WacomPen - ok
13:27:18.0566 3772  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:27:18.0566 3772  WANARP - ok
13:27:18.0582 3772  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:27:18.0582 3772  Wanarpv6 - ok
13:27:18.0847 3772  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:27:18.0925 3772  WatAdminSvc - ok
13:27:19.0207 3772  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
13:27:19.0276 3772  wbengine - ok
13:27:19.0318 3772  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:27:19.0333 3772  WbioSrvc - ok
13:27:19.0396 3772  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:27:19.0412 3772  wcncsvc - ok
13:27:19.0443 3772  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:27:19.0443 3772  WcsPlugInService - ok
13:27:19.0490 3772  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:27:19.0490 3772  Wd - ok
13:27:19.0568 3772  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:27:19.0615 3772  Wdf01000 - ok
13:27:19.0646 3772  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:27:19.0646 3772  WdiServiceHost - ok
13:27:19.0662 3772  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:27:19.0662 3772  WdiSystemHost - ok
13:27:19.0771 3772  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
13:27:19.0802 3772  WebClient - ok
13:27:19.0849 3772  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:27:19.0849 3772  Wecsvc - ok
13:27:19.0880 3772  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:27:19.0880 3772  wercplsupport - ok
13:27:19.0958 3772  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:27:19.0990 3772  WerSvc - ok
13:27:20.0052 3772  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:27:20.0068 3772  WfpLwf - ok
13:27:20.0099 3772  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:27:20.0115 3772  WIMMount - ok
13:27:20.0208 3772  [ BC0C7EA89194C299F051C24119000E17 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:27:20.0255 3772  winachsf - ok
13:27:20.0428 3772  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:27:20.0475 3772  WinDefend - ok
13:27:20.0506 3772  WinHttpAutoProxySvc - ok
13:27:20.0584 3772  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:27:20.0600 3772  Winmgmt - ok
13:27:20.0709 3772  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
13:27:20.0834 3772  WinRM - ok
13:27:21.0069 3772  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:27:21.0241 3772  Wlansvc - ok
13:27:21.0303 3772  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:27:21.0303 3772  WmiAcpi - ok
13:27:21.0350 3772  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:27:21.0366 3772  wmiApSrv - ok
13:27:21.0491 3772  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:27:21.0522 3772  WMPNetworkSvc - ok
13:27:21.0553 3772  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:27:21.0553 3772  WPCSvc - ok
13:27:21.0631 3772  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:27:21.0631 3772  WPDBusEnum - ok
13:27:21.0694 3772  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:27:21.0694 3772  ws2ifsl - ok
13:27:21.0866 3772  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:27:21.0881 3772  wscsvc - ok
13:27:21.0913 3772  WSearch - ok
13:27:22.0178 3772  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:27:22.0194 3772  wuauserv - ok
13:27:22.0272 3772  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:27:22.0288 3772  WudfPf - ok
13:27:22.0373 3772  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:27:22.0388 3772  WUDFRd - ok
13:27:22.0451 3772  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:27:22.0466 3772  wudfsvc - ok
13:27:22.0529 3772  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:27:22.0544 3772  WwanSvc - ok
13:27:22.0623 3772  ================ Scan global ===============================
13:27:22.0669 3772  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:27:22.0763 3772  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:27:22.0779 3772  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:27:22.0826 3772  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:27:22.0904 3772  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:27:23.0029 3772  [Global] - ok
13:27:23.0044 3772  ================ Scan MBR ==================================
13:27:23.0060 3772  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:27:23.0592 3772  \Device\Harddisk0\DR0 - ok
13:27:23.0592 3772  ================ Scan VBR ==================================
13:27:23.0608 3772  [ 29604FEBAF4E38735FEA8DD3C63DEB1D ] \Device\Harddisk0\DR0\Partition1
13:27:23.0608 3772  \Device\Harddisk0\DR0\Partition1 - ok
13:27:23.0655 3772  [ D450459CD8003CB5F529D9666E1E40A7 ] \Device\Harddisk0\DR0\Partition2
13:27:23.0670 3772  \Device\Harddisk0\DR0\Partition2 - ok
13:27:23.0670 3772  ================ Scan active images ========================
13:27:23.0670 3772  [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
13:27:23.0670 3772  C:\Windows\System32\drivers\crashdmp.sys - ok
13:27:23.0686 3772  [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
13:27:23.0686 3772  C:\Windows\System32\drivers\beep.sys - ok
13:27:23.0702 3772  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
13:27:23.0702 3772  C:\Windows\System32\drivers\cdrom.sys - ok
13:27:23.0717 3772  [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
13:27:23.0717 3772  C:\Windows\System32\drivers\null.sys - ok
13:27:23.0733 3772  [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
13:27:23.0733 3772  C:\Windows\System32\drivers\RDPCDD.sys - ok
13:27:23.0733 3772  [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
13:27:23.0733 3772  C:\Windows\System32\drivers\vga.sys - ok
13:27:23.0749 3772  [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
13:27:23.0749 3772  C:\Windows\System32\drivers\videoprt.sys - ok
13:27:23.0764 3772  [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
13:27:23.0764 3772  C:\Windows\System32\drivers\watchdog.sys - ok
13:27:23.0780 3772  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
13:27:23.0780 3772  C:\Windows\System32\drivers\msfs.sys - ok
13:27:23.0795 3772  [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
13:27:23.0795 3772  C:\Windows\System32\drivers\RDPENCDD.sys - ok
13:27:23.0811 3772  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
13:27:23.0811 3772  C:\Windows\System32\drivers\RDPREFMP.sys - ok
13:27:23.0811 3772  [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
13:27:23.0811 3772  C:\Windows\System32\drivers\npfs.sys - ok
13:27:23.0827 3772  [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
13:27:23.0827 3772  C:\Windows\System32\drivers\tdi.sys - ok
13:27:23.0842 3772  [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
13:27:23.0842 3772  C:\Windows\System32\drivers\tdx.sys - ok
13:27:23.0858 3772  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
13:27:23.0858 3772  C:\Windows\System32\drivers\afd.sys - ok
 



#6 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 04:55 PM

TDSSKiller Log (2 of 2):

 

 

13:27:24.0874 3772  [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
13:27:24.0874 3772  C:\Windows\System32\difxapi.dll - ok
13:27:24.0889 3772  [ BE157C3800DA3010EFC48280ECF81C16 ] C:\Windows\System32\urlmon.dll
13:27:24.0889 3772  C:\Windows\System32\urlmon.dll - ok
13:27:24.0905 3772  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
13:27:24.0905 3772  C:\Windows\System32\msctf.dll - ok
13:27:24.0920 3772  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
13:27:24.0920 3772  C:\Windows\System32\comctl32.dll - ok
13:27:24.0920 3772  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
13:27:24.0920 3772  C:\Windows\System32\sechost.dll - ok
13:27:24.0936 3772  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
13:27:24.0936 3772  C:\Windows\System32\wintrust.dll - ok
13:27:24.0952 3772  [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
13:27:24.0952 3772  C:\Windows\System32\devobj.dll - ok
13:27:24.0967 3772  [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
13:27:24.0967 3772  C:\Windows\System32\cfgmgr32.dll - ok
13:27:24.0983 3772  [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\System32\crypt32.dll
13:27:24.0983 3772  C:\Windows\System32\crypt32.dll - ok
13:27:24.0999 3772  [ AD88D390C9417C959E08F8BF6F2B8154 ] C:\Windows\System32\KernelBase.dll
13:27:24.0999 3772  C:\Windows\System32\KernelBase.dll - ok
13:27:24.0999 3772  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
13:27:24.0999 3772  C:\Windows\System32\msasn1.dll - ok
13:27:25.0014 3772  [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
13:27:25.0014 3772  C:\Windows\System32\drivers\dxapi.sys - ok
13:27:25.0030 3772  [ D45B118114C9B18814CE18F72A34E934 ] C:\Windows\System32\win32k.sys
13:27:25.0030 3772  C:\Windows\System32\win32k.sys - ok
13:27:25.0045 3772  [ 6C062EA09313872D2235027EF7A4554E ] C:\Windows\System32\csrsrv.dll
13:27:25.0045 3772  C:\Windows\System32\csrsrv.dll - ok
13:27:25.0045 3772  [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
13:27:25.0045 3772  C:\Windows\System32\csrss.exe - ok
13:27:25.0061 3772  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
13:27:25.0061 3772  C:\Windows\System32\basesrv.dll - ok
13:27:25.0077 3772  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\System32\winsrv.dll
13:27:25.0077 3772  C:\Windows\System32\winsrv.dll - ok
13:27:25.0092 3772  [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
13:27:25.0092 3772  C:\Windows\System32\drivers\monitor.sys - ok
13:27:25.0108 3772  [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
13:27:25.0108 3772  C:\Windows\System32\tsddd.dll - ok
13:27:25.0124 3772  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
13:27:25.0124 3772  C:\Windows\System32\sxssrv.dll - ok
13:27:25.0124 3772  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
13:27:25.0124 3772  C:\Windows\System32\profapi.dll - ok
13:27:25.0139 3772  [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
13:27:25.0139 3772  C:\Windows\System32\wininit.exe - ok
13:27:25.0155 3772  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
13:27:25.0155 3772  C:\Windows\System32\RpcRtRemote.dll - ok
13:27:25.0170 3772  [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
13:27:25.0170 3772  C:\Windows\System32\cdd.dll - ok
13:27:25.0186 3772  [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
13:27:25.0186 3772  C:\Windows\System32\KBDUS.DLL - ok
13:27:25.0186 3772  [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
13:27:25.0186 3772  C:\Windows\System32\winlogon.exe - ok
13:27:25.0202 3772  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
13:27:25.0202 3772  C:\Windows\System32\winsta.dll - ok
13:27:25.0217 3772  [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
13:27:25.0217 3772  C:\Windows\System32\WlS0WndH.dll - ok
13:27:25.0233 3772  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
13:27:25.0233 3772  C:\Windows\System32\sxs.dll - ok
13:27:25.0249 3772  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
13:27:25.0249 3772  C:\Windows\System32\cryptbase.dll - ok
13:27:25.0249 3772  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
13:27:25.0249 3772  C:\Windows\System32\apphelp.dll - ok
13:27:25.0264 3772  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
13:27:25.0264 3772  C:\Windows\System32\services.exe - ok
13:27:25.0280 3772  [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
13:27:25.0280 3772  C:\Windows\System32\scext.dll - ok
13:27:25.0295 3772  [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
13:27:25.0295 3772  C:\Windows\System32\sspicli.dll - ok
13:27:25.0311 3772  [ C95CA687D32DDAB1C91E1122E80D5E16 ] C:\Windows\System32\lsasrv.dll
13:27:25.0311 3772  C:\Windows\System32\lsasrv.dll - ok
13:27:25.0311 3772  [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
13:27:25.0311 3772  C:\Windows\System32\lsass.exe - ok
13:27:25.0327 3772  [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
13:27:25.0327 3772  C:\Windows\System32\scesrv.dll - ok
13:27:25.0342 3772  [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
13:27:25.0342 3772  C:\Windows\System32\secur32.dll - ok
13:27:25.0358 3772  [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
13:27:25.0358 3772  C:\Windows\System32\sspisrv.dll - ok
13:27:25.0374 3772  [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
13:27:25.0374 3772  C:\Windows\System32\lsm.exe - ok
13:27:25.0374 3772  [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
13:27:25.0374 3772  C:\Windows\System32\sysntfy.dll - ok
13:27:25.0389 3772  [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
13:27:25.0389 3772  C:\Windows\System32\wmsgapi.dll - ok
13:27:25.0405 3772  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
13:27:25.0405 3772  C:\Windows\System32\srvcli.dll - ok
13:27:25.0420 3772  [ FD1D6C73E6333BE727CBCC6054247654 ] C:\Windows\System32\drivers\TsUsbFlt.sys
13:27:25.0420 3772  C:\Windows\System32\drivers\TsUsbFlt.sys - ok
13:27:25.0436 3772  [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
13:27:25.0436 3772  C:\Windows\System32\samsrv.dll - ok
13:27:25.0436 3772  [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
13:27:25.0436 3772  C:\Windows\System32\cryptdll.dll - ok
13:27:25.0452 3772  [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
13:27:25.0452 3772  C:\Windows\System32\wevtapi.dll - ok
13:27:25.0467 3772  [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
13:27:25.0467 3772  C:\Windows\System32\authz.dll - ok
13:27:25.0483 3772  [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
13:27:25.0483 3772  C:\Windows\System32\bcrypt.dll - ok
13:27:25.0499 3772  [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
13:27:25.0499 3772  C:\Windows\System32\cngaudit.dll - ok
13:27:25.0514 3772  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\System32\ncrypt.dll
13:27:25.0514 3772  C:\Windows\System32\ncrypt.dll - ok
13:27:25.0514 3772  [ 5DAF8A6B7F127C4E70A5C1F707347859 ] C:\Windows\System32\atmfd.dll
13:27:25.0514 3772  C:\Windows\System32\atmfd.dll - ok
13:27:25.0530 3772  [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
13:27:25.0530 3772  C:\Windows\System32\msprivs.dll - ok
13:27:25.0545 3772  [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
13:27:25.0545 3772  C:\Windows\System32\netjoin.dll - ok
13:27:25.0561 3772  [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
13:27:25.0561 3772  C:\Windows\System32\kerberos.dll - ok
13:27:25.0577 3772  [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
13:27:25.0577 3772  C:\Windows\System32\negoexts.dll - ok
13:27:25.0577 3772  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
13:27:25.0577 3772  C:\Windows\System32\cryptsp.dll - ok
13:27:25.0592 3772  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
13:27:25.0592 3772  C:\Windows\System32\mswsock.dll - ok
13:27:25.0608 3772  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
13:27:25.0608 3772  C:\Windows\System32\wship6.dll - ok
13:27:25.0624 3772  [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
13:27:25.0624 3772  C:\Windows\System32\msv1_0.dll - ok
13:27:25.0624 3772  [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
13:27:25.0624 3772  C:\Windows\System32\netlogon.dll - ok
13:27:25.0639 3772  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
13:27:25.0639 3772  C:\Windows\System32\dnsapi.dll - ok
13:27:25.0655 3772  [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
13:27:25.0655 3772  C:\Windows\System32\logoncli.dll - ok
13:27:25.0670 3772  [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\System32\schannel.dll
13:27:25.0670 3772  C:\Windows\System32\schannel.dll - ok
13:27:25.0686 3772  [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
13:27:25.0686 3772  C:\Windows\System32\wdigest.dll - ok
13:27:25.0702 3772  [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
13:27:25.0702 3772  C:\Windows\System32\pku2u.dll - ok
13:27:25.0702 3772  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
13:27:25.0702 3772  C:\Windows\System32\rsaenh.dll - ok
13:27:25.0717 3772  [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
13:27:25.0717 3772  C:\Windows\System32\TSpkg.dll - ok
13:27:25.0733 3772  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
13:27:25.0733 3772  C:\Windows\System32\bcryptprimitives.dll - ok
13:27:25.0749 3772  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
13:27:25.0749 3772  C:\Windows\System32\credssp.dll - ok
13:27:25.0764 3772  [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
13:27:25.0764 3772  C:\Windows\System32\efslsaext.dll - ok
13:27:25.0780 3772  [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
13:27:25.0780 3772  C:\Windows\System32\ubpm.dll - ok
13:27:25.0780 3772  [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
13:27:25.0795 3772  C:\Windows\System32\scecli.dll - ok
13:27:25.0795 3772  [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
13:27:25.0795 3772  C:\Windows\System32\svchost.exe - ok
13:27:25.0811 3772  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
13:27:25.0811 3772  C:\Windows\System32\umpnpmgr.dll - ok
13:27:25.0827 3772  [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
13:27:25.0827 3772  C:\Windows\System32\devrtl.dll - ok
13:27:25.0842 3772  [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
13:27:25.0842 3772  C:\Windows\System32\SPInf.dll - ok
13:27:25.0842 3772  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
13:27:25.0842 3772  C:\Windows\System32\gpapi.dll - ok
13:27:25.0858 3772  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
13:27:25.0858 3772  C:\Windows\System32\userenv.dll - ok
13:27:25.0874 3772  [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
13:27:25.0874 3772  C:\Windows\System32\pcwum.dll - ok
13:27:25.0889 3772  [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
13:27:25.0889 3772  C:\Windows\System32\umpo.dll - ok
13:27:25.0905 3772  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
13:27:25.0905 3772  C:\Windows\System32\powrprof.dll - ok
13:27:25.0905 3772  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
13:27:25.0905 3772  C:\Windows\System32\drivers\luafv.sys - ok
13:27:25.0920 3772  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
13:27:25.0920 3772  C:\Windows\System32\drivers\WUDFPf.sys - ok
13:27:25.0936 3772  [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
13:27:25.0936 3772  C:\Windows\System32\rpcss.dll - ok
13:27:25.0952 3772  [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
13:27:25.0952 3772  C:\Windows\System32\RpcEpMap.dll - ok
13:27:25.0967 3772  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
13:27:25.0967 3772  C:\Windows\System32\WSHTCPIP.DLL - ok
13:27:25.0983 3772  [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
13:27:25.0983 3772  C:\Windows\System32\FirewallAPI.dll - ok
13:27:25.0983 3772  [ F556912E70B22D740C9C99E310E3C11F ] C:\Program Files\Microsoft Security Client\MpSvc.dll
13:27:25.0983 3772  C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
13:27:25.0999 3772  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:27:25.0999 3772  C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
13:27:26.0014 3772  [ 3D9381A332E4373F8811C71BA5078B31 ] C:\Program Files\Microsoft Security Client\MpClient.dll
13:27:26.0014 3772  C:\Program Files\Microsoft Security Client\MpClient.dll - ok
13:27:26.0030 3772  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
13:27:26.0030 3772  C:\Windows\System32\wtsapi32.dll - ok
13:27:26.0045 3772  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
13:27:26.0045 3772  C:\Windows\System32\version.dll - ok
13:27:26.0045 3772  [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
13:27:26.0045 3772  C:\Windows\System32\LogonUI.exe - ok
13:27:26.0061 3772  [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\System32\authui.dll
13:27:26.0061 3772  C:\Windows\System32\authui.dll - ok
13:27:26.0077 3772  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
13:27:26.0077 3772  C:\Windows\System32\ntmarta.dll - ok
13:27:26.0092 3772  [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
13:27:26.0092 3772  C:\Windows\System32\cryptui.dll - ok
13:27:26.0108 3772  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
13:27:26.0108 3772  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
13:27:26.0124 3772  [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
13:27:26.0124 3772  C:\Windows\System32\shacct.dll - ok
13:27:26.0124 3772  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
13:27:26.0124 3772  C:\Windows\System32\propsys.dll - ok
13:27:26.0139 3772  [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
13:27:26.0139 3772  C:\Windows\System32\samlib.dll - ok
13:27:26.0155 3772  [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
13:27:26.0155 3772  C:\Windows\System32\uxtheme.dll - ok
13:27:26.0170 3772  [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
13:27:26.0170 3772  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
13:27:26.0186 3772  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
13:27:26.0186 3772  C:\Windows\System32\dui70.dll - ok
13:27:26.0186 3772  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
13:27:26.0186 3772  C:\Windows\System32\duser.dll - ok
13:27:26.0202 3772  [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
13:27:26.0202 3772  C:\Windows\System32\SndVolSSO.dll - ok
13:27:26.0217 3772  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
13:27:26.0217 3772  C:\Windows\System32\dwmapi.dll - ok
13:27:26.0233 3772  [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
13:27:26.0233 3772  C:\Windows\System32\hid.dll - ok
13:27:26.0249 3772  [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
13:27:26.0249 3772  C:\Windows\System32\MMDevAPI.dll - ok
13:27:26.0264 3772  [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
13:27:26.0264 3772  C:\Windows\System32\xmllite.dll - ok
13:27:26.0264 3772  [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\System32\WindowsCodecs.dll
13:27:26.0264 3772  C:\Windows\System32\WindowsCodecs.dll - ok
13:27:26.0280 3772  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
13:27:26.0280 3772  C:\Windows\System32\winbrand.dll - ok
13:27:26.0295 3772  [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
13:27:26.0295 3772  C:\Windows\System32\VaultCredProvider.dll - ok
13:27:26.0311 3772  [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
13:27:26.0311 3772  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
13:27:26.0311 3772  [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
13:27:26.0327 3772  C:\Windows\System32\BioCredProv.dll - ok
13:27:26.0327 3772  [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
13:27:26.0327 3772  C:\Windows\System32\credui.dll - ok
13:27:26.0342 3772  [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
13:27:26.0342 3772  C:\Windows\System32\winbio.dll - ok
13:27:26.0358 3772  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
13:27:26.0358 3772  C:\Windows\System32\netapi32.dll - ok
13:27:26.0374 3772  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
13:27:26.0374 3772  C:\Windows\System32\netutils.dll - ok
13:27:26.0374 3772  [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
13:27:26.0374 3772  C:\Windows\System32\vaultcli.dll - ok
13:27:26.0389 3772  [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
13:27:26.0389 3772  C:\Windows\System32\certCredProvider.dll - ok
13:27:26.0405 3772  [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
13:27:26.0405 3772  C:\Windows\System32\samcli.dll - ok
13:27:26.0420 3772  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
13:27:26.0420 3772  C:\Windows\System32\wkscli.dll - ok
13:27:26.0436 3772  [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
13:27:26.0436 3772  C:\Windows\System32\rasplap.dll - ok
13:27:26.0452 3772  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
13:27:26.0452 3772  C:\Windows\System32\rasapi32.dll - ok
13:27:26.0452 3772  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
13:27:26.0452 3772  C:\Windows\System32\rasman.dll - ok
13:27:26.0467 3772  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
13:27:26.0467 3772  C:\Windows\System32\rtutils.dll - ok
13:27:26.0483 3772  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
13:27:26.0483 3772  C:\Windows\System32\oleacc.dll - ok
13:27:26.0499 3772  [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\System32\UIAutomationCore.dll
13:27:26.0499 3772  C:\Windows\System32\UIAutomationCore.dll - ok
13:27:26.0514 3772  [ 118D81523EA80B9E252CB840E94754C6 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
13:27:26.0514 3772  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
13:27:26.0514 3772  [ 2039E24FE00639A9123DCD6F22D42D74 ] C:\Windows\System32\Ati2evxx.exe
13:27:26.0514 3772  C:\Windows\System32\Ati2evxx.exe - ok
13:27:26.0530 3772  [ AA87D7709021503687326432DC59590D ] C:\Program Files\Microsoft Security Client\MpRTP.dll
13:27:26.0530 3772  C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
13:27:26.0545 3772  [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
13:27:26.0545 3772  C:\Windows\System32\fltLib.dll - ok
13:27:26.0561 3772  [ EE38212D3630819A6293A5BAE2D5C9A8 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
13:27:26.0561 3772  C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
13:27:26.0577 3772  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] C:\Windows\System32\drivers\MpFilter.sys
13:27:26.0577 3772  C:\Windows\System32\drivers\MpFilter.sys - ok
13:27:26.0592 3772  [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
13:27:26.0592 3772  C:\Windows\System32\wevtsvc.dll - ok
13:27:26.0592 3772  [ AC66A87B91D548D8DBDA58D00FA21547 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
13:27:26.0592 3772  C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
13:27:26.0608 3772  [ 411B79E2DD98EB12B38753AAA64599B1 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasdlta.vdm
13:27:26.0608 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasdlta.vdm - ok
13:27:26.0624 3772  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
13:27:26.0624 3772  C:\Windows\System32\audiosrv.dll - ok
13:27:26.0639 3772  [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
13:27:26.0639 3772  C:\Windows\System32\avrt.dll - ok
13:27:26.0655 3772  [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
13:27:26.0655 3772  C:\Windows\System32\mmcss.dll - ok
13:27:26.0670 3772  [ D5DBC64234C6255433D36DCE56297758 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavdlta.vdm
13:27:26.0670 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavdlta.vdm - ok
13:27:26.0670 3772  [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
13:27:26.0670 3772  C:\Windows\System32\audiodg.exe - ok
13:27:26.0686 3772  [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
13:27:26.0686 3772  C:\Windows\System32\gpsvc.dll - ok
13:27:26.0702 3772  [ 5650B193FD9F06274BA17311DEACC5A8 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpengine.dll
13:27:26.0702 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpengine.dll - ok
13:27:26.0717 3772  [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll
13:27:26.0717 3772  C:\Windows\System32\nlaapi.dll - ok
13:27:26.0733 3772  [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
13:27:26.0733 3772  C:\Windows\System32\profsvc.dll - ok
13:27:26.0749 3772  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
13:27:26.0749 3772  C:\Windows\System32\atl.dll - ok
13:27:26.0749 3772  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
13:27:26.0749 3772  C:\Windows\System32\themeservice.dll - ok
13:27:26.0764 3772  [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
13:27:26.0764 3772  C:\Windows\System32\dsrole.dll - ok
13:27:26.0780 3772  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
13:27:26.0780 3772  C:\Windows\System32\slc.dll - ok
13:27:26.0795 3772  [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
13:27:26.0795 3772  C:\Windows\System32\es.dll - ok
13:27:26.0811 3772  [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
13:27:26.0811 3772  C:\Windows\System32\comres.dll - ok
13:27:26.0811 3772  [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
13:27:26.0811 3772  C:\Windows\System32\Sens.dll - ok
13:27:26.0827 3772  [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
13:27:26.0827 3772  C:\Windows\System32\uxsms.dll - ok
13:27:26.0842 3772  [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
13:27:26.0842 3772  C:\Windows\System32\WUDFPlatform.dll - ok
13:27:26.0858 3772  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
13:27:26.0858 3772  C:\Windows\System32\WUDFSvc.dll - ok
13:27:26.0874 3772  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
13:27:26.0874 3772  C:\Windows\System32\drivers\lltdio.sys - ok
13:27:26.0889 3772  [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
13:27:26.0889 3772  C:\Windows\System32\drivers\nwifi.sys - ok
13:27:26.0889 3772  [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys
13:27:26.0889 3772  C:\Windows\System32\drivers\ndisuio.sys - ok
13:27:26.0905 3772  [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
13:27:26.0905 3772  C:\Windows\System32\drivers\rspndr.sys - ok
13:27:26.0920 3772  [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
13:27:26.0920 3772  C:\Windows\System32\UXInit.dll - ok
13:27:26.0936 3772  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
13:27:26.0936 3772  C:\Windows\System32\IPHLPAPI.DLL - ok
13:27:26.0952 3772  [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
13:27:26.0952 3772  C:\Windows\System32\lmhsvc.dll - ok
13:27:26.0952 3772  [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
13:27:26.0952 3772  C:\Windows\System32\nrpsrv.dll - ok
13:27:26.0967 3772  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
13:27:26.0967 3772  C:\Windows\System32\winnsi.dll - ok
13:27:26.0983 3772  [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
13:27:26.0983 3772  C:\Windows\System32\keyiso.dll - ok
13:27:26.0999 3772  [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
13:27:26.0999 3772  C:\Windows\System32\nsisvc.dll - ok
13:27:27.0014 3772  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
13:27:27.0014 3772  C:\Windows\System32\imageres.dll - ok
13:27:27.0014 3772  [ 05EC781E5EBC146BC6C8EEE5EFF97FF7 ] C:\Windows\System32\ati2edxx.dll
13:27:27.0014 3772  C:\Windows\System32\ati2edxx.dll - ok
13:27:27.0030 3772  [ 4D7389BE2578924B93125B894DDB53E1 ] C:\Windows\System32\atipdlxx.dll
13:27:27.0030 3772  C:\Windows\System32\atipdlxx.dll - ok
13:27:27.0045 3772  [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
13:27:27.0045 3772  C:\Windows\System32\dhcpcore.dll - ok
13:27:27.0061 3772  [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
13:27:27.0061 3772  C:\Windows\System32\dnsrslvr.dll - ok
13:27:27.0077 3772  [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll
13:27:27.0077 3772  C:\Windows\System32\eapphost.dll - ok
13:27:27.0077 3772  [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
13:27:27.0077 3772  C:\Windows\System32\eapsvc.dll - ok
13:27:27.0092 3772  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
13:27:27.0092 3772  C:\Windows\System32\FWPUCLNT.DLL - ok
13:27:27.0108 3772  [ 2A6C6B9A01540A79DD3F5CB05312F48E ] C:\Windows\System32\Ati2evxx.dll
13:27:27.0108 3772  C:\Windows\System32\Ati2evxx.dll - ok
13:27:27.0124 3772  [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll
13:27:27.0124 3772  C:\Windows\System32\dhcpcore6.dll - ok
13:27:27.0139 3772  [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
13:27:27.0139 3772  C:\Windows\System32\dnsext.dll - ok
13:27:27.0155 3772  [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
13:27:27.0155 3772  C:\Windows\System32\umb.dll - ok
13:27:27.0155 3772  [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
13:27:27.0155 3772  C:\Windows\System32\wlansvc.dll - ok
13:27:27.0170 3772  [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll
13:27:27.0170 3772  C:\Windows\System32\wlanmsm.dll - ok
13:27:27.0186 3772  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
13:27:27.0186 3772  C:\Windows\System32\dhcpcsvc.dll - ok
13:27:27.0202 3772  [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll
13:27:27.0202 3772  C:\Windows\System32\dhcpcsvc6.dll - ok
13:27:27.0217 3772  [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
13:27:27.0217 3772  C:\Windows\System32\wlansec.dll - ok
13:27:27.0217 3772  [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
13:27:27.0217 3772  C:\Windows\System32\onex.dll - ok
13:27:27.0233 3772  [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
13:27:27.0233 3772  C:\Windows\System32\eappcfg.dll - ok
13:27:27.0249 3772  [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
13:27:27.0249 3772  C:\Windows\System32\eappprxy.dll - ok
13:27:27.0264 3772  [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
13:27:27.0264 3772  C:\Windows\System32\wlgpclnt.dll - ok
13:27:27.0264 3772  [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
13:27:27.0264 3772  C:\Windows\System32\l2gpstore.dll - ok
13:27:27.0280 3772  [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
13:27:27.0280 3772  C:\Windows\System32\WinSCard.dll - ok
13:27:27.0295 3772  [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
13:27:27.0295 3772  C:\Windows\System32\wlanutil.dll - ok
13:27:27.0311 3772  [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\System32\msxml6.dll
13:27:27.0311 3772  C:\Windows\System32\msxml6.dll - ok
13:27:27.0327 3772  [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
13:27:27.0327 3772  C:\Windows\System32\netcfgx.dll - ok
13:27:27.0342 3772  [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
13:27:27.0342 3772  C:\Windows\System32\shsvcs.dll - ok
13:27:27.0342 3772  [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
13:27:27.0342 3772  C:\Windows\System32\schedsvc.dll - ok
13:27:27.0358 3772  [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
13:27:27.0358 3772  C:\Windows\System32\ktmw32.dll - ok
13:27:27.0374 3772  [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
13:27:27.0374 3772  C:\Windows\System32\fveapi.dll - ok
13:27:27.0389 3772  [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
13:27:27.0389 3772  C:\Windows\System32\fvecerts.dll - ok
13:27:27.0405 3772  [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
13:27:27.0405 3772  C:\Windows\System32\tbs.dll - ok
13:27:27.0405 3772  [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
13:27:27.0405 3772  C:\Windows\System32\taskcomp.dll - ok
13:27:27.0420 3772  [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
13:27:27.0420 3772  C:\Windows\System32\wiarpc.dll - ok
13:27:27.0436 3772  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
13:27:27.0436 3772  C:\Windows\System32\dllhost.exe - ok
13:27:27.0452 3772  [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll
13:27:27.0452 3772  C:\Windows\System32\MPSSVC.dll - ok
13:27:27.0467 3772  [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
13:27:27.0467 3772  C:\Windows\System32\drivers\http.sys - ok
13:27:27.0483 3772  [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
13:27:27.0483 3772  C:\Windows\System32\spoolsv.exe - ok
13:27:27.0483 3772  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
13:27:27.0483 3772  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
13:27:27.0499 3772  [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
13:27:27.0499 3772  C:\Windows\System32\IDStore.dll - ok
13:27:27.0514 3772  [ 72E953215CADE1A726C04AAFDF6B463D ] C:\Windows\System32\taskhost.exe
13:27:27.0514 3772  C:\Windows\System32\taskhost.exe - ok
13:27:27.0530 3772  [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL
13:27:27.0530 3772  C:\Windows\System32\BFE.DLL - ok
13:27:27.0545 3772  [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
13:27:27.0545 3772  C:\Windows\System32\HotStartUserAgent.dll - ok
13:27:27.0545 3772  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
13:27:27.0545 3772  C:\Windows\System32\drivers\bowser.sys - ok
13:27:27.0561 3772  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
13:27:27.0561 3772  C:\Windows\System32\drivers\mpsdrv.sys - ok
13:27:27.0577 3772  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
13:27:27.0577 3772  C:\Windows\System32\drivers\mrxsmb.sys - ok
13:27:27.0592 3772  [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
13:27:27.0592 3772  C:\Windows\System32\MsCtfMonitor.dll - ok
13:27:27.0608 3772  [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
13:27:27.0608 3772  C:\Windows\System32\msutb.dll - ok
13:27:27.0624 3772  [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
13:27:27.0624 3772  C:\Windows\System32\PlaySndSrv.dll - ok
13:27:27.0624 3772  [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
13:27:27.0624 3772  C:\Windows\System32\drivers\mrxsmb10.sys - ok
13:27:27.0639 3772  [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
13:27:27.0639 3772  C:\Windows\System32\drivers\mrxsmb20.sys - ok
13:27:27.0655 3772  [ 3CA2BB895E204478C7A4C9BAF70970CE ] C:\Windows\System32\AtBroker.exe
13:27:27.0655 3772  C:\Windows\System32\AtBroker.exe - ok
13:27:27.0670 3772  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
13:27:27.0670 3772  C:\Windows\System32\mpr.dll - ok
13:27:27.0686 3772  [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
13:27:27.0686 3772  C:\Windows\System32\adtschema.dll - ok
13:27:27.0686 3772  [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
13:27:27.0686 3772  C:\Windows\System32\drivers\fltMgr.sys - ok
13:27:27.0702 3772  [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
13:27:27.0702 3772  C:\Windows\System32\userinit.exe - ok
13:27:27.0717 3772  [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
13:27:27.0717 3772  C:\Windows\System32\dwm.exe - ok
13:27:27.0733 3772  [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
13:27:27.0733 3772  C:\Windows\System32\dwmredir.dll - ok
13:27:27.0749 3772  [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
13:27:27.0749 3772  C:\Windows\System32\wfapigp.dll - ok
13:27:27.0764 3772  [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
13:27:27.0764 3772  C:\Windows\System32\wshqos.dll - ok
13:27:27.0764 3772  [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
13:27:27.0764 3772  C:\Windows\System32\dwmcore.dll - ok
13:27:27.0780 3772  [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\System32\d3d10_1.dll
13:27:27.0780 3772  C:\Windows\System32\d3d10_1.dll - ok
13:27:27.0795 3772  [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\System32\d3d10_1core.dll
13:27:27.0795 3772  C:\Windows\System32\d3d10_1core.dll - ok
13:27:27.0811 3772  [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\System32\dxgi.dll
13:27:27.0811 3772  C:\Windows\System32\dxgi.dll - ok
13:27:27.0827 3772  [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
13:27:27.0827 3772  C:\Windows\explorer.exe - ok
13:27:27.0827 3772  [ 54AF46DC37E63E1E85EB619033953309 ] C:\Windows\System32\d3d10level9.dll
13:27:27.0827 3772  C:\Windows\System32\d3d10level9.dll - ok
13:27:27.0842 3772  [ 7AFE4B4CCCF2DE579404842D9EB815F5 ] C:\Windows\System32\atiumdag.dll
13:27:27.0842 3772  C:\Windows\System32\atiumdag.dll - ok
13:27:27.0858 3772  [ DE917287623DC71AAC60DD0794E52872 ] C:\Windows\System32\atiumdva.dll
13:27:27.0858 3772  C:\Windows\System32\atiumdva.dll - ok
13:27:27.0874 3772  [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
13:27:27.0874 3772  C:\Windows\System32\uDWM.dll - ok
13:27:27.0889 3772  [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
13:27:27.0889 3772  C:\Windows\System32\PSHED.DLL - ok
13:27:27.0905 3772  [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
13:27:27.0905 3772  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
13:27:27.0905 3772  [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
13:27:27.0905 3772  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
13:27:27.0920 3772  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
13:27:27.0920 3772  C:\Windows\System32\ExplorerFrame.dll - ok
13:27:27.0936 3772  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
13:27:27.0936 3772  C:\Windows\System32\EhStorShell.dll - ok
13:27:27.0952 3772  [ 660C8E78B94F483E44B0243A774A4746 ] C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
13:27:27.0952 3772  C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL - ok
13:27:27.0967 3772  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
13:27:27.0967 3772  C:\Windows\System32\winmm.dll - ok
13:27:27.0983 3772  [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpasbase.vdm
13:27:27.0983 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpasbase.vdm - ok
13:27:27.0999 3772  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
13:27:27.0999 3772  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
13:27:27.0999 3772  [ 09EC0FDA94FBDE6B8A48146A8BF84504 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpasdlta.vdm
13:27:28.0014 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpasdlta.vdm - ok
13:27:28.0030 3772  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
13:27:28.0030 3772  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
13:27:28.0030 3772  [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
13:27:28.0030 3772  C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
13:27:28.0045 3772  [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
13:27:28.0045 3772  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
13:27:28.0061 3772  [ 425800DD197C336EF1D6A3AC6428DEB3 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpavbase.vdm
13:27:28.0061 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpavbase.vdm - ok
13:27:28.0077 3772  [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
13:27:28.0077 3772  C:\Windows\System32\wkssvc.dll - ok
13:27:28.0092 3772  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:27:28.0092 3772  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
13:27:28.0108 3772  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
13:27:28.0108 3772  C:\Windows\System32\drivers\parport.sys - ok
13:27:28.0108 3772  [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:27:28.0108 3772  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
13:27:28.0124 3772  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
13:27:28.0124 3772  C:\Program Files\Bonjour\mdnsNSP.dll - ok
13:27:28.0139 3772  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
13:27:28.0139 3772  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
13:27:28.0155 3772  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
13:27:28.0155 3772  C:\Windows\System32\rasadhlp.dll - ok
13:27:28.0170 3772  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
13:27:28.0170 3772  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
13:27:28.0186 3772  [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
13:27:28.0186 3772  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
13:27:28.0202 3772  [ 64894527838C86454E2F378FF39FA336 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
13:27:28.0202 3772  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
13:27:28.0202 3772  [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
13:27:28.0202 3772  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
13:27:28.0217 3772  [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
13:27:28.0217 3772  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
13:27:28.0233 3772  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
13:27:28.0233 3772  C:\Windows\System32\wsock32.dll - ok
13:27:28.0249 3772  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
13:27:28.0249 3772  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
13:27:28.0264 3772  [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
13:27:28.0264 3772  C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll - ok
13:27:28.0280 3772  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
13:27:28.0280 3772  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
13:27:28.0280 3772  [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
13:27:28.0280 3772  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
13:27:28.0295 3772  [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
13:27:28.0295 3772  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
13:27:28.0311 3772  [ 74AF6AA2E8B3180AADAE5FE8813CB1CD ] C:\Windows\System32\localspl.dll
13:27:28.0311 3772  C:\Windows\System32\localspl.dll - ok
13:27:28.0327 3772  [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe
13:27:28.0327 3772  C:\Windows\System32\taskeng.exe - ok
13:27:28.0342 3772  [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
13:27:28.0342 3772  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
13:27:28.0358 3772  [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
13:27:28.0358 3772  C:\Windows\System32\spoolss.dll - ok
13:27:28.0374 3772  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
13:27:28.0374 3772  C:\Windows\System32\winspool.drv - ok
13:27:28.0374 3772  [ 03CF941D031F30272D3063E5A4D686F5 ] C:\Windows\System32\PrintIsolationProxy.dll
13:27:28.0374 3772  C:\Windows\System32\PrintIsolationProxy.dll - ok
13:27:28.0389 3772  [ 1E11C75479A15DA2C78B294927A02F7C ] C:\Windows\System32\CNHF1LM.DLL
13:27:28.0389 3772  C:\Windows\System32\CNHF1LM.DLL - ok
13:27:28.0405 3772  [ 61062968B59B97BE9568E68B4B527CB2 ] C:\Windows\System32\CNBLM4.DLL
13:27:28.0405 3772  C:\Windows\System32\CNBLM4.DLL - ok
13:27:28.0420 3772  [ 8A43F48D1FE0FA3F762A72D6D48E81AE ] C:\Windows\System32\CNMLM8Z.DLL
13:27:28.0420 3772  C:\Windows\System32\CNMLM8Z.DLL - ok
13:27:28.0436 3772  [ A9797C1D8B33271FC558C1C17C7B5B6B ] C:\Windows\System32\CNCF2Ld.DLL
13:27:28.0436 3772  C:\Windows\System32\CNCF2Ld.DLL - ok
13:27:28.0436 3772  [ 126F8331BD023178C7F0EF2F5EDE16B3 ] C:\Windows\System32\FXSMON.dll
13:27:28.0436 3772  C:\Windows\System32\FXSMON.dll - ok
13:27:28.0452 3772  [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
13:27:28.0452 3772  C:\Windows\System32\tcpmon.dll - ok
13:27:28.0467 3772  [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
13:27:28.0467 3772  C:\Windows\System32\snmpapi.dll - ok
13:27:28.0483 3772  [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\System32\wsnmp32.dll
13:27:28.0483 3772  C:\Windows\System32\wsnmp32.dll - ok
13:27:28.0499 3772  [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
13:27:28.0499 3772  C:\Windows\System32\usbmon.dll - ok
13:27:28.0499 3772  [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
13:27:28.0499 3772  C:\Windows\System32\WSDMon.dll - ok
13:27:28.0514 3772  [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
13:27:28.0514 3772  C:\Windows\System32\WSDApi.dll - ok
13:27:28.0530 3772  [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
13:27:28.0530 3772  C:\Windows\System32\webservices.dll - ok
13:27:28.0545 3772  [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
13:27:28.0545 3772  C:\Windows\System32\fundisc.dll - ok
13:27:28.0561 3772  [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
13:27:28.0561 3772  C:\Windows\System32\fdPnp.dll - ok
13:27:28.0561 3772  [ CD72C6406BA561BED6D42CB145E55307 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
13:27:28.0561 3772  C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
13:27:28.0577 3772  [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
13:27:28.0577 3772  C:\Windows\System32\ntshrui.dll - ok
13:27:28.0592 3772  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
13:27:28.0592 3772  C:\Windows\System32\cscapi.dll - ok
13:27:28.0608 3772  [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
13:27:28.0608 3772  C:\Windows\System32\IconCodecService.dll - ok
13:27:28.0624 3772  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
13:27:28.0624 3772  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
13:27:28.0639 3772  [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
13:27:28.0639 3772  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
13:27:28.0655 3772  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll
13:27:28.0655 3772  C:\Windows\System32\dnssd.dll - ok
13:27:28.0655 3772  [ 2E552B658273B90251E0441631DE2CA3 ] C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:27:28.0655 3772  C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe - ok
13:27:28.0670 3772  [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
13:27:28.0670 3772  C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
13:27:28.0686 3772  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
13:27:28.0686 3772  C:\Program Files\Bonjour\mDNSResponder.exe - ok
13:27:28.0702 3772  [ 8A850BDA6403EB636CFAA64E4343DB2A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpavdlta.vdm
13:27:28.0702 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D6C9306-4E3B-41A8-96D2-101B7725271D}\mpavdlta.vdm - ok
13:27:28.0717 3772  [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
13:27:28.0717 3772  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
13:27:28.0717 3772  [ CF3126A2FF45AA224FC541BC543C2D9C ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
13:27:28.0717 3772  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
13:27:28.0749 3772  [ C00CC74FC1D7B3F4CB3F7BEDD3482447 ] C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL
13:27:28.0749 3772  C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL - ok
13:27:28.0764 3772  [ 411B79E2DD98EB12B38753AAA64599B1 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFF601C6-3650-4CAF-A5DF-75238E519226}\mpasdlta.vdm
13:27:28.0764 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFF601C6-3650-4CAF-A5DF-75238E519226}\mpasdlta.vdm - ok
13:27:28.0780 3772  [ D5DBC64234C6255433D36DCE56297758 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFF601C6-3650-4CAF-A5DF-75238E519226}\mpavdlta.vdm
13:27:28.0780 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFF601C6-3650-4CAF-A5DF-75238E519226}\mpavdlta.vdm - ok
13:27:28.0795 3772  [ 411B79E2DD98EB12B38753AAA64599B1 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\mpasdlta.vdm
13:27:28.0795 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\mpasdlta.vdm - ok
13:27:28.0811 3772  [ D5DBC64234C6255433D36DCE56297758 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\mpavdlta.vdm
13:27:28.0811 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\mpavdlta.vdm - ok
13:27:28.0827 3772  [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
13:27:28.0827 3772  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
13:27:28.0827 3772  [ 5650B193FD9F06274BA17311DEACC5A8 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\mpengine.dll
13:27:28.0827 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\mpengine.dll - ok
13:27:28.0842 3772  [ 5E33C164DC7FA74728D8A83036C438BB ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
13:27:28.0842 3772  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
13:27:28.0858 3772  [ 96C0E38905CFD788313BE8E11DAE3F2F ] C:\Windows\System32\cryptsvc.dll
13:27:28.0858 3772  C:\Windows\System32\cryptsvc.dll - ok
13:27:28.0874 3772  [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
13:27:28.0874 3772  C:\Windows\System32\TSChannel.dll - ok
13:27:28.0889 3772  [ 21E3BD7693DBEC620075B8DA77E148B2 ] C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8Z.DLL
13:27:28.0889 3772  C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8Z.DLL - ok
13:27:28.0920 3772  [ 52CCA2E9FFD0653CACED1E808AADE4B6 ] C:\Windows\System32\win32spl.dll
13:27:28.0920 3772  C:\Windows\System32\win32spl.dll - ok
13:27:28.0936 3772  [ D27DDE7E0444C7F1819F958469EB7D93 ] C:\Windows\System32\inetpp.dll
13:27:28.0936 3772  C:\Windows\System32\inetpp.dll - ok
13:27:28.0952 3772  [ 832E098BCA8235436FE2D8AE50AC3718 ] C:\Windows\System32\drivers\NisDrvWFP.sys
13:27:28.0952 3772  C:\Windows\System32\drivers\NisDrvWFP.sys - ok
13:27:28.0967 3772  [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\System32\cryptnet.dll
13:27:28.0967 3772  C:\Windows\System32\cryptnet.dll - ok
13:27:28.0983 3772  [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
13:27:28.0983 3772  C:\Windows\System32\vssapi.dll - ok
13:27:28.0999 3772  [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
13:27:28.0999 3772  C:\Windows\System32\vsstrace.dll - ok
13:27:29.0014 3772  [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
13:27:29.0014 3772  C:\Windows\System32\drivers\PEAuth.sys - ok
13:27:29.0030 3772  [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll
13:27:29.0030 3772  C:\Windows\System32\ncsi.dll - ok
13:27:29.0045 3772  [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll
13:27:29.0045 3772  C:\Windows\System32\nlasvc.dll - ok
13:27:29.0045 3772  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
13:27:29.0045 3772  C:\Windows\System32\winhttp.dll - ok
13:27:29.0061 3772  [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
13:27:29.0061 3772  C:\Windows\System32\drivers\secdrv.sys - ok
13:27:29.0077 3772  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
13:27:29.0077 3772  C:\Windows\System32\webio.dll - ok
13:27:29.0092 3772  [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
13:27:29.0092 3772  C:\Windows\System32\seclogon.dll - ok
13:27:29.0108 3772  [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
13:27:29.0108 3772  C:\Windows\System32\ssdpapi.dll - ok
13:27:29.0108 3772  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] C:\Program Files\Secunia\PSI\psia.exe
13:27:29.0108 3772  C:\Program Files\Secunia\PSI\psia.exe - ok
13:27:29.0124 3772  [ 637A0F23F9012358E92E6F99835494D1 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:27:29.0124 3772  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe - ok
13:27:29.0139 3772  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
13:27:29.0139 3772  C:\Windows\System32\drivers\srvnet.sys - ok
13:27:29.0155 3772  [ D1B61E151F6D0077E42E9521869F352F ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll
13:27:29.0155 3772  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll - ok
13:27:29.0170 3772  [ E1FB3706030FB4578A0D72C2FC3689E4 ] C:\Windows\System32\wiaservc.dll
13:27:29.0170 3772  C:\Windows\System32\wiaservc.dll - ok
13:27:29.0186 3772  [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\System32\wiatrace.dll
13:27:29.0186 3772  C:\Windows\System32\wiatrace.dll - ok
13:27:29.0186 3772  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys
13:27:29.0186 3772  C:\Windows\System32\drivers\tcpipreg.sys - ok
13:27:29.0202 3772  [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
13:27:29.0202 3772  C:\Windows\System32\sysmain.dll - ok
13:27:29.0217 3772  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
13:27:29.0217 3772  C:\Windows\System32\drivers\srv2.sys - ok
13:27:29.0233 3772  [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
13:27:29.0233 3772  C:\Windows\System32\wbem\WMIsvc.dll - ok
13:27:29.0249 3772  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
13:27:29.0249 3772  C:\Windows\System32\wbemcomn.dll - ok
13:27:29.0264 3772  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
13:27:29.0264 3772  C:\Windows\System32\drivers\srv.sys - ok
13:27:29.0280 3772  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
13:27:29.0280 3772  C:\Windows\System32\browser.dll - ok
13:27:29.0295 3772  [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
13:27:29.0295 3772  C:\Windows\System32\srvsvc.dll - ok
13:27:29.0311 3772  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] C:\Windows\System32\iphlpsvc.dll
13:27:29.0311 3772  C:\Windows\System32\iphlpsvc.dll - ok
13:27:29.0311 3772  [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
13:27:29.0311 3772  C:\Windows\System32\netmsg.dll - ok
13:27:29.0327 3772  [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
13:27:29.0327 3772  C:\Windows\System32\sqmapi.dll - ok
13:27:29.0342 3772  [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
13:27:29.0342 3772  C:\Windows\System32\wdscore.dll - ok
13:27:29.0358 3772  [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
13:27:29.0358 3772  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
13:27:29.0374 3772  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] C:\Windows\System32\wscsvc.dll
13:27:29.0374 3772  C:\Windows\System32\wscsvc.dll - ok
13:27:29.0374 3772  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
13:27:29.0374 3772  C:\Windows\System32\dbghelp.dll - ok
13:27:29.0389 3772  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
13:27:29.0389 3772  C:\Windows\System32\wbem\fastprox.dll - ok
13:27:29.0405 3772  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
13:27:29.0405 3772  C:\Windows\System32\ntdsapi.dll - ok
13:27:29.0420 3772  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
13:27:29.0420 3772  C:\Windows\System32\wbem\wbemprox.dll - ok
13:27:29.0420 3772  [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
13:27:29.0420 3772  C:\Windows\System32\wbem\WinMgmtR.dll - ok
13:27:29.0436 3772  [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
13:27:29.0436 3772  C:\Windows\System32\clusapi.dll - ok
13:27:29.0452 3772  [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
13:27:29.0452 3772  C:\Windows\System32\sscore.dll - ok
13:27:29.0467 3772  [ 794D4B48DFB6E999537C7C3947863463 ] C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:27:29.0467 3772  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - ok
13:27:29.0483 3772  [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
13:27:29.0483 3772  C:\Windows\System32\resutils.dll - ok
13:27:29.0499 3772  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
13:27:29.0499 3772  C:\Windows\System32\msimg32.dll - ok
13:27:29.0514 3772  [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
13:27:29.0514 3772  C:\Windows\System32\wer.dll - ok
13:27:29.0530 3772  [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\System32\Faultrep.dll
13:27:29.0530 3772  C:\Windows\System32\Faultrep.dll - ok
13:27:29.0530 3772  [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
13:27:29.0530 3772  C:\Windows\System32\wbem\wbemcore.dll - ok
13:27:29.0545 3772  [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
13:27:29.0545 3772  C:\Windows\System32\wbem\esscli.dll - ok
13:27:29.0561 3772  [ 6B44700917F45B19B96B46B345B6F0E7 ] C:\Program Files\Spybot - Search & Destroy\SDMain.exe
13:27:29.0561 3772  C:\Program Files\Spybot - Search & Destroy\SDMain.exe - ok
13:27:29.0577 3772  [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\System32\wbem\wbemdisp.dll
13:27:29.0577 3772  C:\Windows\System32\wbem\wbemdisp.dll - ok
13:27:29.0592 3772  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
13:27:29.0592 3772  C:\Windows\System32\wbem\wbemsvc.dll - ok
13:27:29.0608 3772  [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
13:27:29.0608 3772  C:\Windows\System32\wbem\wmiutils.dll - ok
13:27:29.0608 3772  [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
13:27:29.0608 3772  C:\Windows\System32\nci.dll - ok
13:27:29.0624 3772  [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
13:27:29.0624 3772  C:\Windows\System32\hnetcfg.dll - ok
13:27:29.0639 3772  [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
13:27:29.0639 3772  C:\Windows\System32\wbem\repdrvfs.dll - ok
13:27:29.0655 3772  [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
13:27:29.0655 3772  C:\Windows\System32\netprofm.dll - ok
13:27:29.0670 3772  [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
13:27:29.0670 3772  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
13:27:29.0670 3772  [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
13:27:29.0670 3772  C:\Windows\System32\ncobjapi.dll - ok
13:27:29.0686 3772  [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
13:27:29.0686 3772  C:\Windows\System32\wbem\wbemess.dll - ok
13:27:29.0702 3772  [ 8843B6A1B8E102841B2DFF02805C5CEC ] C:\Windows\System32\jscript.dll
13:27:29.0702 3772  C:\Windows\System32\jscript.dll - ok
13:27:29.0717 3772  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
13:27:29.0717 3772  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
13:27:29.0733 3772  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
13:27:29.0811 3772  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
13:27:29.0827 3772  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
13:27:29.0827 3772  C:\Windows\System32\msi.dll - ok
13:27:29.0827 3772  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
13:27:29.0827 3772  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
13:27:29.0842 3772  [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
13:27:29.0842 3772  C:\Windows\System32\mstask.dll - ok
13:27:29.0858 3772  [ 983B356504D443E61B9012EA9F36496B ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
13:27:29.0858 3772  C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
13:27:29.0874 3772  [ CB6B671ED6D97F2E9F2274EADB7517B2 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
13:27:29.0874 3772  C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
13:27:29.0889 3772  [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
13:27:29.0889 3772  C:\Windows\System32\wscapi.dll - ok
13:27:29.0889 3772  [ 3FA214B377B8711D859F950FDFEFF739 ] C:\Windows\System32\conhost.exe
13:27:29.0889 3772  C:\Windows\System32\conhost.exe - ok
13:27:29.0905 3772  [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
13:27:29.0905 3772  C:\Windows\System32\wbem\NCProv.dll - ok
13:27:29.0920 3772  [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
13:27:29.0920 3772  C:\Windows\System32\p2pcollab.dll - ok
13:27:29.0936 3772  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL
13:27:29.0936 3772  C:\Windows\System32\QAGENTRT.DLL - ok
13:27:29.0952 3772  [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
13:27:29.0952 3772  C:\Windows\System32\fveui.dll - ok
13:27:29.0952 3772  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
13:27:29.0952 3772  C:\Windows\System32\wuapi.dll - ok
13:27:29.0967 3772  [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
13:27:29.0967 3772  C:\Windows\System32\cabinet.dll - ok
13:27:29.0999 3772  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
13:27:29.0999 3772  C:\Windows\System32\wups.dll - ok
13:27:29.0999 3772  [ 42DD9011D54C3A91F14BDBBF50791DA9 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
13:27:29.0999 3772  C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
13:27:30.0014 3772  [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll
13:27:30.0014 3772  C:\Windows\System32\slwga.dll - ok
13:27:30.0030 3772  [ F7FE730CE31B54145DEE1F1482BCCDD7 ] C:\Windows\System32\ndiscapCfg.dll
13:27:30.0030 3772  C:\Windows\System32\ndiscapCfg.dll - ok
13:27:30.0045 3772  [ 761A3A4038C1FD4F5795427907C28484 ] C:\Windows\System32\rascfg.dll
13:27:30.0045 3772  C:\Windows\System32\rascfg.dll - ok
13:27:30.0061 3772  [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
13:27:30.0061 3772  C:\Windows\System32\mprapi.dll - ok
13:27:30.0061 3772  [ 9A7B54D57594233EEB17892BAD309970 ] C:\Windows\System32\mprmsg.dll
13:27:30.0061 3772  C:\Windows\System32\mprmsg.dll - ok
13:27:30.0077 3772  [ CAFC0B884E5590B5E80D84F592388B3D ] C:\Windows\System32\tcpipcfg.dll
13:27:30.0077 3772  C:\Windows\System32\tcpipcfg.dll - ok
13:27:30.0092 3772  [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
13:27:30.0092 3772  C:\Windows\System32\wscisvif.dll - ok
13:27:30.0108 3772  [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\System32\wscproxystub.dll
13:27:30.0108 3772  C:\Windows\System32\wscproxystub.dll - ok
13:27:30.0124 3772  [ 78DE417B7921DACA072059E6BF410FC7 ] C:\Windows\System32\wshnetbs.dll
13:27:30.0124 3772  C:\Windows\System32\wshnetbs.dll - ok
13:27:30.0124 3772  [ E570ECA850F30EB740C2E9699DF3D2BD ] C:\Program Files\Microsoft Security Client\NisSrv.exe
13:27:30.0124 3772  C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
13:27:30.0139 3772  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
13:27:30.0139 3772  C:\Windows\System32\SensApi.dll - ok
13:27:30.0155 3772  [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll
13:27:30.0155 3772  C:\Windows\System32\sppc.dll - ok
13:27:30.0170 3772  [ 9E6AF823733C70E207D9FB6731A63B3D ] C:\Windows\System32\wlaninst.dll
13:27:30.0170 3772  C:\Windows\System32\wlaninst.dll - ok
13:27:30.0186 3772  [ 5B6EF0861BB5AC0EC347548E85C24A1D ] C:\Windows\System32\wwaninst.dll
13:27:30.0186 3772  C:\Windows\System32\wwaninst.dll - ok
13:27:30.0202 3772  [ 3E81E93CBAD69FD0112F88148913B5FC ] C:\Program Files\Microsoft Security Client\NisLog.dll
13:27:30.0202 3772  C:\Program Files\Microsoft Security Client\NisLog.dll - ok
13:27:30.0202 3772  [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
13:27:30.0202 3772  C:\Windows\System32\wpdbusenum.dll - ok
13:27:30.0217 3772  [ FB1959012294D6AD43E5304DF65E3C26 ] C:\Windows\System32\appinfo.dll
13:27:30.0217 3772  C:\Windows\System32\appinfo.dll - ok
13:27:30.0233 3772  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
13:27:30.0233 3772  C:\Windows\System32\npmproxy.dll - ok
13:27:30.0249 3772  [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
13:27:30.0249 3772  C:\Windows\System32\PortableDeviceApi.dll - ok
13:27:30.0264 3772  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
13:27:30.0264 3772  C:\Windows\System32\aelupsvc.dll - ok
13:27:30.0280 3772  [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
13:27:30.0280 3772  C:\Windows\System32\dssenh.dll - ok
13:27:30.0295 3772  [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
13:27:30.0295 3772  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
13:27:30.0311 3772  [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
13:27:30.0311 3772  C:\Windows\System32\dimsjob.dll - ok
13:27:30.0311 3772  [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
13:27:30.0311 3772  C:\Windows\System32\taskschd.dll - ok
13:27:30.0327 3772  [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
13:27:30.0327 3772  C:\Windows\System32\pautoenr.dll - ok
13:27:30.0342 3772  [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
13:27:30.0342 3772  C:\Windows\System32\certcli.dll - ok
13:27:30.0358 3772  [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
13:27:30.0358 3772  C:\Windows\System32\CertEnroll.dll - ok
13:27:30.0358 3772  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
13:27:30.0358 3772  C:\Windows\System32\runonce.exe - ok
13:27:30.0374 3772  [ 0F4267A774BF94DFEAB3872028286DAC ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FE28963-99BD-4779-BB16-6E63E30353DE}\gapaengine.dll
13:27:30.0374 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FE28963-99BD-4779-BB16-6E63E30353DE}\gapaengine.dll - ok
13:27:30.0389 3772  [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FE28963-99BD-4779-BB16-6E63E30353DE}\nisfull.vdm
13:27:30.0389 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5FE28963-99BD-4779-BB16-6E63E30353DE}\nisfull.vdm - ok
13:27:30.0405 3772  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
13:27:30.0405 3772  C:\Windows\System32\cmd.exe - ok
13:27:30.0420 3772  [ 20308CF0675AD7CE5AAA6712DB823216 ] C:\Program Files\Windows Defender\MpClient.dll
13:27:30.0420 3772  C:\Program Files\Windows Defender\MpClient.dll - ok
13:27:30.0436 3772  [ 0E816EA3C5DCE94C95099E8B38E75E67 ] C:\Windows\System32\ieframe.dll
13:27:30.0436 3772  C:\Windows\System32\ieframe.dll - ok
13:27:30.0452 3772  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
13:27:30.0452 3772  C:\Windows\System32\NapiNSP.dll - ok
13:27:30.0452 3772  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
13:27:30.0452 3772  C:\Windows\System32\pnrpnsp.dll - ok
13:27:30.0467 3772  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
13:27:30.0467 3772  C:\Windows\System32\winrnr.dll - ok
13:27:30.0483 3772  [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\System32\shdocvw.dll
13:27:30.0483 3772  C:\Windows\System32\shdocvw.dll - ok
13:27:30.0499 3772  [ D24DFD16A1E2A76034DF5AA18125C35D ] C:\Windows\System32\drivers\psi_mf.sys
13:27:30.0499 3772  C:\Windows\System32\drivers\psi_mf.sys - ok
13:27:30.0514 3772  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Steve\AppData\Local\Temp\6ABFBC36-C8CB-407B-B91C-135E76570E8E.exe
13:27:30.0514 3772  C:\Users\Steve\AppData\Local\Temp\6ABFBC36-C8CB-407B-B91C-135E76570E8E.exe - ok
13:27:30.0530 3772  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
13:27:30.0530 3772  C:\Windows\System32\sfc.dll - ok
13:27:30.0545 3772  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
13:27:30.0545 3772  C:\Windows\System32\sfc_os.dll - ok
13:27:30.0545 3772  [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
13:27:30.0545 3772  C:\Windows\System32\pcasvc.dll - ok
13:27:30.0561 3772  [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
13:27:30.0561 3772  C:\Windows\System32\aepic.dll - ok
13:27:30.0577 3772  [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
13:27:30.0577 3772  C:\Windows\System32\esent.dll - ok
13:27:30.0592 3772  [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
13:27:30.0592 3772  C:\Windows\System32\ie4uinit.exe - ok
13:27:30.0608 3772  [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
13:27:30.0608 3772  C:\Windows\System32\iedkcs32.dll - ok
13:27:30.0608 3772  [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
13:27:30.0608 3772  C:\Windows\System32\aeevts.dll - ok
13:27:30.0624 3772  [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
13:27:30.0624 3772  C:\Windows\System32\timedate.cpl - ok
13:27:30.0639 3772  [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
13:27:30.0639 3772  C:\Windows\System32\actxprxy.dll - ok
13:27:30.0655 3772  [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
13:27:30.0655 3772  C:\Windows\System32\linkinfo.dll - ok
13:27:30.0670 3772  [ 698EB1E5F8C66344D97C00B5699E871D ] C:\Program Files\Internet Explorer\iexplore.exe
13:27:30.0670 3772  C:\Program Files\Internet Explorer\iexplore.exe - ok
13:27:30.0686 3772  [ A80C173AC5C75706BB74AE4D78F2A53D ] C:\Program Files\Windows Media Player\wmplayer.exe
13:27:30.0686 3772  C:\Program Files\Windows Media Player\wmplayer.exe - ok
13:27:30.0686 3772  [ 4B9E4CE667DF26ADA061AA81E9AA841D ] C:\Windows\System32\spfileq.dll
13:27:30.0686 3772  C:\Windows\System32\spfileq.dll - ok
13:27:30.0702 3772  [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\System32\gameux.dll
13:27:30.0702 3772  C:\Windows\System32\gameux.dll - ok
13:27:30.0717 3772  [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
13:27:30.0717 3772  C:\Windows\System32\msftedit.dll - ok
13:27:30.0733 3772  [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll
13:27:30.0733 3772  C:\Windows\System32\msls31.dll - ok
13:27:30.0750 3772  [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
13:27:30.0750 3772  C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
13:27:30.0765 3772  [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
13:27:30.0765 3772  C:\Windows\System32\msiltcfg.dll - ok
13:27:30.0781 3772  [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
13:27:30.0781 3772  C:\Windows\System32\DeviceCenter.dll - ok
13:27:30.0796 3772  [ 99E7B3F95E0390B931AB60A97A58272D ] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
13:27:30.0796 3772  C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe - ok
13:27:30.0812 3772  [ 605BB2B2A2171D3F5748F4919E80E6C7 ] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
13:27:30.0812 3772  C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE - ok
13:27:30.0812 3772  [ 4D2F7561D8A840450AABFAD3740B0E6B ] C:\Program Files\Microsoft Security Client\msseces.exe
13:27:30.0812 3772  C:\Program Files\Microsoft Security Client\msseces.exe - ok
13:27:30.0828 3772  [ 2809F6A69068C6C56860E6B8B8DB4AFB ] C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
13:27:30.0828 3772  C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - ok
13:27:30.0843 3772  [ 5405413FFF79B8D9C747AA900F60F082 ] C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
13:27:30.0843 3772  C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll - ok
13:27:30.0859 3772  [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
13:27:30.0859 3772  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
13:27:30.0875 3772  [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
13:27:30.0875 3772  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
13:27:30.0875 3772  [ 0BAB01576F06431B3ACD90DF93D62FD8 ] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
13:27:30.0875 3772  C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll - ok
13:27:30.0890 3772  [ 4B6D7202FBD6926B32B93EFA2A6275EE ] C:\Program Files\Canon\MP Navigator EX 1.0\mpnex10.exe
13:27:30.0890 3772  C:\Program Files\Canon\MP Navigator EX 1.0\mpnex10.exe - ok
13:27:30.0906 3772  [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
13:27:30.0906 3772  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
13:27:30.0921 3772  [ 6D81EA11B2AFE9D2320DA6E75A37B10D ] C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
13:27:30.0921 3772  C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe - ok
13:27:30.0937 3772  [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
13:27:30.0937 3772  C:\Windows\System32\networkexplorer.dll - ok
13:27:30.0953 3772  [ 60B7C0FEAD45F2066E5B805A91F4F0FC ] C:\Windows\System32\calc.exe
13:27:30.0953 3772  C:\Windows\System32\calc.exe - ok
13:27:30.0968 3772  [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
13:27:30.0968 3772  C:\Windows\System32\drprov.dll - ok
13:27:30.0968 3772  [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\System32\davclnt.dll
13:27:30.0968 3772  C:\Windows\System32\davclnt.dll - ok
13:27:31.0000 3772  [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
13:27:31.0000 3772  C:\Windows\System32\davhlpr.dll - ok
13:27:31.0000 3772  [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\System32\ntlanman.dll
13:27:31.0000 3772  C:\Windows\System32\ntlanman.dll - ok
13:27:31.0015 3772  [ BBD351CB2E5455F0E96FE4460EC05F52 ] C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
13:27:31.0015 3772  C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - ok
13:27:31.0031 3772  [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
13:27:31.0031 3772  C:\Windows\System32\thumbcache.dll - ok
13:27:31.0046 3772  [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
13:27:31.0046 3772  C:\Windows\System32\stobject.dll - ok
13:27:31.0062 3772  [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
13:27:31.0062 3772  C:\Windows\System32\batmeter.dll - ok
13:27:31.0078 3772  [ D378BFFB70923139D6A4F546864AA61C ] C:\Windows\System32\notepad.exe
13:27:31.0078 3772  C:\Windows\System32\notepad.exe - ok
13:27:31.0078 3772  [ 339DFA98DDDA7DDF735CE21C82E6F1DD ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
13:27:31.0078 3772  C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - ok
13:27:31.0093 3772  [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
13:27:31.0093 3772  C:\Windows\System32\prnfldr.dll - ok
13:27:31.0109 3772  [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
13:27:31.0109 3772  C:\Windows\System32\msxml3.dll - ok
13:27:31.0125 3772  [ 9CE3B11704038F711481ACD6BD9A9A5A ] C:\Program Files\CCleaner\CCleaner.exe
13:27:31.0125 3772  C:\Program Files\CCleaner\CCleaner.exe - ok
13:27:31.0140 3772  [ 564E468E1422FDD64A958A66B05B4D91 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
13:27:31.0140 3772  C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
13:27:31.0140 3772  [ DC8DFA6D71DAF85D3F23D49A4B4B0BD2 ] C:\Program Files\iTunes\iTunes.exe
13:27:31.0140 3772  C:\Program Files\iTunes\iTunes.exe - ok
13:27:31.0156 3772  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\19959013.sys
13:27:31.0156 3772  C:\Windows\System32\drivers\19959013.sys - ok
13:27:31.0171 3772  [ 0477C2F9171599CA5BC3307FDFBA8D89 ] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
13:27:31.0171 3772  C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe - ok
13:27:31.0187 3772  [ 84B3C0476D17C9A44DB4C9256A7E2844 ] C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
13:27:31.0187 3772  C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
13:27:31.0203 3772  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
13:27:31.0203 3772  C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
13:27:31.0218 3772  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Steve\Desktop\tdsskiller.exe
13:27:31.0218 3772  C:\Users\Steve\Desktop\tdsskiller.exe - ok
13:27:31.0218 3772  [ 850396EE31B36FCC9507AF10036EFBAE ] C:\Windows\Installer\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}\iTunesIco.exe
13:27:31.0234 3772  C:\Windows\Installer\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}\iTunesIco.exe - ok
13:27:31.0250 3772  [ A69630D039C38018689190234F866D77 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\MpKslcffaf9b5.sys
13:27:31.0250 3772  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\MpKslcffaf9b5.sys - ok
13:27:31.0265 3772  [ B284E0F20811226BC0211BF742247542 ] C:\Program Files\WinRAR\WinRAR.exe
13:27:31.0265 3772  C:\Program Files\WinRAR\WinRAR.exe - ok
13:27:31.0265 3772  [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
13:27:31.0265 3772  C:\Windows\System32\wdmaud.drv - ok
13:27:31.0281 3772  [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
13:27:31.0281 3772  C:\Windows\System32\ksuser.dll - ok
13:27:31.0296 3772  [ AD5C242AC07AE9F4E785D1AA3C1F048C ] C:\Users\Steve\Desktop\smwin143en.exe
13:27:31.0296 3772  C:\Users\Steve\Desktop\smwin143en.exe - ok
13:27:31.0312 3772  [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
13:27:31.0312 3772  C:\Windows\System32\SyncCenter.dll - ok
13:27:31.0312 3772  [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
13:27:31.0312 3772  C:\Windows\System32\AudioSes.dll - ok
13:27:31.0328 3772  [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
13:27:31.0328 3772  C:\Windows\System32\msacm32.drv - ok
13:27:31.0343 3772  [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
13:27:31.0343 3772  C:\Windows\System32\msacm32.dll - ok
13:27:31.0359 3772  [ 848E9EAF6030508797F793BE68388F27 ] C:\Program Files\DivX\DivX Plus Converter\DivXConverterLauncher.exe
13:27:31.0359 3772  C:\Program Files\DivX\DivX Plus Converter\DivXConverterLauncher.exe - ok
13:27:31.0375 3772  [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
13:27:31.0375 3772  C:\Windows\System32\midimap.dll - ok
13:27:31.0390 3772  [ 739A5CBD1FDF707FA6A8FC32FBA61968 ] C:\Users\Steve\Desktop\mpnx_1_0-win-1_07-ej.exe
13:27:31.0390 3772  C:\Users\Steve\Desktop\mpnx_1_0-win-1_07-ej.exe - ok
13:27:31.0406 3772  [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
13:27:31.0406 3772  C:\Windows\System32\AudioEng.dll - ok
13:27:31.0406 3772  [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
13:27:31.0406 3772  C:\Windows\System32\AUDIOKSE.dll - ok
13:27:31.0421 3772  [ F923AE31C3BB49F3B4B04D48F564A1EC ] C:\Users\Steve\Desktop\mx310swin101ej.exe
13:27:31.0421 3772  C:\Users\Steve\Desktop\mx310swin101ej.exe - ok
13:27:31.0437 3772  [ 95155C2B5B5FE8498A7C9AF678393BFE ] C:\Users\Steve\Desktop\mpnexwin106ea23-2.exe
13:27:31.0437 3772  C:\Users\Steve\Desktop\mpnexwin106ea23-2.exe - ok
13:27:31.0453 3772  [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
13:27:31.0453 3772  C:\Windows\System32\DXP.dll - ok
13:27:31.0468 3772  [ CC55091C1030666CA62753A55DCB1DCF ] C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
13:27:31.0468 3772  C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe - ok
13:27:31.0468 3772  [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
13:27:31.0468 3772  C:\Windows\System32\Syncreg.dll - ok
13:27:31.0500 3772  [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
13:27:31.0500 3772  C:\Windows\ehome\ehSSO.dll - ok
13:27:31.0500 3772  [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
13:27:31.0515 3772  C:\Windows\System32\netshell.dll - ok
13:27:31.0515 3772  [ EF9FA0CD23A7BD0977140CE7C66F6144 ] C:\Program Files\DTCLookup\DTCLookup.exe
13:27:31.0515 3772  C:\Program Files\DTCLookup\DTCLookup.exe - ok
13:27:31.0531 3772  [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
13:27:31.0531 3772  C:\Windows\System32\WPDShServiceObj.dll - ok
13:27:31.0546 3772  [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
13:27:31.0546 3772  C:\Windows\System32\PortableDeviceTypes.dll - ok
13:27:31.0562 3772  [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
13:27:31.0562 3772  C:\Windows\System32\AltTab.dll - ok
13:27:31.0562 3772  [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
13:27:31.0562 3772  C:\Windows\System32\srchadmin.dll - ok
13:27:31.0578 3772  [ 1325951750DB5DBBD2307EFC5898F37D ] C:\Windows\Installer\{A525E00B-6609-442E-9DCD-64453C233E8D}\TurboTax.exe
13:27:31.0578 3772  C:\Windows\Installer\{A525E00B-6609-442E-9DCD-64453C233E8D}\TurboTax.exe - ok
13:27:31.0593 3772  [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
13:27:31.0593 3772  C:\Windows\System32\webcheck.dll - ok
13:27:31.0609 3772  [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
13:27:31.0609 3772  C:\Windows\System32\mlang.dll - ok
13:27:31.0625 3772  [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
13:27:31.0625 3772  C:\Windows\System32\pnidui.dll - ok
13:27:31.0625 3772  [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
13:27:31.0625 3772  C:\Windows\System32\QUTIL.DLL - ok
13:27:31.0640 3772  [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
13:27:31.0640 3772  C:\Windows\System32\rundll32.exe - ok
13:27:31.0656 3772  [ A1A09CD0CFE7D367CFA173904319973A ] C:\PROGRA~1\Belarc\Advisor\System\NPBelv32.dll
13:27:31.0656 3772  C:\PROGRA~1\Belarc\Advisor\System\NPBelv32.dll - ok
13:27:31.0828 3772  [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
13:27:31.0828 3772  C:\Windows\System32\bthprops.cpl - ok
13:27:31.0843 3772  [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
13:27:31.0843 3772  C:\Windows\System32\imapi2.dll - ok
13:27:31.0859 3772  [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
13:27:31.0859 3772  C:\Windows\System32\FXSST.dll - ok
13:27:31.0875 3772  [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
13:27:31.0875 3772  C:\Windows\System32\FXSAPI.dll - ok
13:27:31.0890 3772  [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
13:27:31.0890 3772  C:\Windows\System32\FXSRESM.dll - ok
13:27:31.0906 3772  [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
13:27:31.0906 3772  C:\Windows\System32\hgcpl.dll - ok
13:27:31.0921 3772  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
13:27:31.0937 3772  C:\Windows\System32\provsvc.dll - ok
13:27:31.0937 3772  [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
13:27:31.0937 3772  C:\Windows\System32\FXSSVC.exe - ok
13:27:31.0953 3772  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
13:27:31.0953 3772  C:\Windows\System32\netman.dll - ok
13:27:31.0968 3772  [ 6771EC0B5AA0DAFB368A22108380E07B ] C:\Users\Steve\Desktop\PSISetup.exe
13:27:31.0968 3772  C:\Users\Steve\Desktop\PSISetup.exe - ok
13:27:31.0984 3772  [ 9F3F4127315097199718935847B34572 ] C:\Users\Steve\Desktop\JavaSetup7u9.exe
13:27:31.0984 3772  C:\Users\Steve\Desktop\JavaSetup7u9.exe - ok
13:27:32.0000 3772  [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
13:27:32.0000 3772  C:\Windows\System32\rasdlg.dll - ok
13:27:32.0015 3772  [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
13:27:32.0015 3772  C:\Windows\System32\dot3api.dll - ok
13:27:32.0031 3772  [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
13:27:32.0031 3772  C:\Windows\System32\wlanhlp.dll - ok
13:27:32.0031 3772  [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
13:27:32.0031 3772  C:\Windows\System32\wlanapi.dll - ok
13:27:32.0046 3772  [ 788FCDDD88240A85039F7F561093B118 ] C:\Users\Steve\Desktop\TFC.exe
13:27:32.0046 3772  C:\Users\Steve\Desktop\TFC.exe - ok
13:27:32.0062 3772  [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
13:27:32.0062 3772  C:\Windows\System32\WWanAPI.dll - ok
13:27:32.0078 3772  [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
13:27:32.0078 3772  C:\Windows\System32\wwapi.dll - ok
13:27:32.0093 3772  [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
13:27:32.0093 3772  C:\Windows\System32\QAGENT.DLL - ok
13:27:32.0109 3772  [ 63CB27013C64D3002D449BAE1F5F1086 ] C:\Users\Steve\Desktop\rkill.exe
13:27:32.0109 3772  C:\Users\Steve\Desktop\rkill.exe - ok
13:27:32.0109 3772  [ 60BE3296851AD827ED15DD1BB3D5F77B ] C:\Users\Steve\Desktop\JRT.exe
13:27:32.0109 3772  C:\Users\Steve\Desktop\JRT.exe - ok
13:27:32.0125 3772  [ 7FD2C9E9D2129369539C68B2E4D0CBF7 ] C:\Users\Steve\Desktop\adwcleaner.exe
13:27:32.0125 3772  C:\Users\Steve\Desktop\adwcleaner.exe - ok
13:27:32.0140 3772  [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
13:27:32.0140 3772  C:\Windows\System32\fdPHost.dll - ok
13:27:32.0156 3772  [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
13:27:32.0156 3772  C:\Windows\System32\fdWSD.dll - ok
13:27:32.0171 3772  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
13:27:32.0171 3772  C:\Windows\System32\FDResPub.dll - ok
13:27:32.0187 3772  [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
13:27:32.0187 3772  C:\Windows\System32\fdSSDP.dll - ok
13:27:32.0187 3772  [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
13:27:32.0187 3772  C:\Windows\System32\httpapi.dll - ok
13:27:32.0203 3772  [ 93499389D9075A6490F98FA4B2E742FF ] C:\Users\Steve\Desktop\FSS.exe
13:27:32.0203 3772  C:\Users\Steve\Desktop\FSS.exe - ok
13:27:32.0218 3772  [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
13:27:32.0218 3772  C:\Windows\System32\fdProxy.dll - ok
13:27:32.0234 3772  [ 53683A331F8A1BB20ADD0330F1DE6388 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
13:27:32.0234 3772  C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
13:27:32.0250 3772  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] C:\Windows\System32\ListSvc.dll
13:27:32.0250 3772  C:\Windows\System32\ListSvc.dll - ok
13:27:32.0265 3772  [ 08DF1B8C9C0754A7069E80A986373F52 ] C:\Windows\System32\P2P.dll
13:27:32.0265 3772  C:\Windows\System32\P2P.dll - ok
13:27:32.0265 3772  [ 8F8AB20AA863EA95A421B9D54C74F20C ] C:\Program Files\Windows Media Player\wmpnssci.dll
13:27:32.0265 3772  C:\Program Files\Windows Media Player\wmpnssci.dll - ok
13:27:32.0281 3772  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
13:27:32.0281 3772  C:\Windows\System32\riched20.dll - ok
13:27:32.0296 3772  [ 9DC23ACF360AEA7DF55AD7A8D3FBF4E6 ] C:\Windows\System32\IdListen.dll
13:27:32.0296 3772  C:\Windows\System32\IdListen.dll - ok
13:27:32.0312 3772  [ 82A8521DDC60710C3D3D3E7325209BEC ] C:\Windows\System32\pnrpsvc.dll
13:27:32.0312 3772  C:\Windows\System32\pnrpsvc.dll - ok
13:27:32.0328 3772  [ F059EB4C9C256F62F196EAA439E28F74 ] C:\Windows\System32\hgprint.dll
13:27:32.0328 3772  C:\Windows\System32\hgprint.dll - ok
13:27:32.0343 3772  [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
13:27:32.0343 3772  C:\Windows\System32\UIAnimation.dll - ok
13:27:32.0359 3772  [ 7F73235D527DCF16C38578CD1CD9F7A8 ] C:\Program Files\Internet Explorer\ieproxy.dll
13:27:32.0359 3772  C:\Program Files\Internet Explorer\ieproxy.dll - ok
13:27:32.0359 3772  [ 59C3DDD501E39E006DAC31BF55150D91 ] C:\Windows\System32\p2psvc.dll
13:27:32.0359 3772  C:\Windows\System32\p2psvc.dll - ok
13:27:32.0375 3772  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] C:\Program Files\Windows Media Player\wmpnetwk.exe
13:27:32.0375 3772  C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
13:27:32.0390 3772  [ 1372E8E8FD066002131E3D509275E697 ] C:\Windows\System32\P2PGraph.dll
13:27:32.0390 3772  C:\Windows\System32\P2PGraph.dll - ok
13:27:32.0406 3772  [ 5CF15474FFDB5005E54958DF6EDD97AB ] C:\Windows\System32\wmdrmdev.dll
13:27:32.0406 3772  C:\Windows\System32\wmdrmdev.dll - ok
13:27:32.0421 3772  [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\System32\drmv2clt.dll
13:27:32.0421 3772  C:\Windows\System32\drmv2clt.dll - ok
13:27:32.0437 3772  [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
13:27:32.0437 3772  C:\Windows\System32\mfplat.dll - ok
13:27:32.0437 3772  [ 1957D49A9613FAAD1C73B508CCE02AA5 ] C:\Windows\System32\wmp.dll
13:27:32.0437 3772  C:\Windows\System32\wmp.dll - ok
13:27:32.0453 3772  [ 0FBC74AA20FE0AE6884279F893169C60 ] C:\Windows\System32\wmploc.DLL
13:27:32.0453 3772  C:\Windows\System32\wmploc.DLL - ok
13:27:32.0468 3772  [ 75914E82421CF5497BDA5D2E77F25314 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.key
13:27:32.0468 3772  C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.key - ok
13:27:32.0484 3772  [ 64C918AD00AD4BA9D88BC2E0065312E8 ] C:\Users\Steve\Desktop\MiniToolBox.exe
13:27:32.0484 3772  C:\Users\Steve\Desktop\MiniToolBox.exe - ok
13:27:32.0500 3772  [ 84ED876380D50390D30C2B9841961597 ] C:\Users\Steve\Desktop\mbam-setup.exe
13:27:32.0500 3772  C:\Users\Steve\Desktop\mbam-setup.exe - ok
13:27:32.0500 3772  [ EA2B00551F3E7B3D5F7FB730A55F8246 ] C:\Windows\System32\blackbox.dll
13:27:32.0500 3772  C:\Windows\System32\blackbox.dll - ok
13:27:32.0515 3772  [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\System32\upnp.dll
13:27:32.0515 3772  C:\Windows\System32\upnp.dll - ok
13:27:32.0531 3772  [ AA1FFCCE383A227144FD62A019CD27CE ] C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe
13:27:32.0531 3772  C:\Users\Steve\Desktop\esetsmartinstaller_enu.exe - ok
13:27:32.0546 3772  [ D887C9FD02AC9FA880F6E5027A43E118 ] C:\Windows\System32\ssdpsrv.dll
13:27:32.0546 3772  C:\Windows\System32\ssdpsrv.dll - ok
13:27:32.0562 3772  [ 3F2B83695E5BF11930C16AF50E991F96 ] C:\Windows\System32\wmpps.dll
13:27:32.0562 3772  C:\Windows\System32\wmpps.dll - ok
13:27:32.0562 3772  [ BE3AB4803C963BE0357541EC3B17D443 ] C:\Users\Steve\Desktop\aswMBR.exe
13:27:32.0562 3772  C:\Users\Steve\Desktop\aswMBR.exe - ok
13:27:32.0578 3772  [ AA3B91B70E79BCE70AD3B190789B9574 ] C:\Windows\System32\drttransport.dll
13:27:32.0578 3772  C:\Windows\System32\drttransport.dll - ok
13:27:32.0593 3772  [ EE29FCC244C8033E2F748D863DCBF378 ] C:\Windows\System32\drt.dll
13:27:32.0593 3772  C:\Windows\System32\drt.dll - ok
13:27:32.0609 3772  [ 784F0EBF7DE677B845A5A60278FEC63C ] C:\Users\Steve\Desktop\ListParts.exe
13:27:32.0609 3772  C:\Users\Steve\Desktop\ListParts.exe - ok
13:27:32.0625 3772  [ 4B355660B0B424DCAFC7A51A599990D3 ] C:\Users\Steve\Desktop\wpsetup.exe
13:27:32.0625 3772  C:\Users\Steve\Desktop\wpsetup.exe - ok
13:27:32.0640 3772  [ 9A2347903D6EDB84C10F288BC0578C1C ] C:\Users\Steve\Desktop\HijackThis.exe
13:27:32.0640 3772  C:\Users\Steve\Desktop\HijackThis.exe - ok
13:27:32.0656 3772  [ 89F5770AD1E9D9CEF93D00303135EC33 ] C:\Windows\System32\ntprint.dll
13:27:32.0656 3772  C:\Windows\System32\ntprint.dll - ok
13:27:32.0656 3772  [ 6E6430B5B5D099D4D80D5D536C75FA28 ] C:\Program Files\Free Window Registry Repair\Regpair.exe
13:27:32.0656 3772  C:\Program Files\Free Window Registry Repair\Regpair.exe - ok
13:27:32.0672 3772  [ AE3D56BC14F6437E5EB0650DDD9E6DF2 ] C:\Users\Steve\Desktop\java-installer-windows.exe
13:27:32.0672 3772  C:\Users\Steve\Desktop\java-installer-windows.exe - ok
13:27:32.0688 3772  [ 087309DEC72C1FE35973D47BDA9B43F6 ] C:\Program Files\SpywareBlaster\spywareblaster.exe
13:27:32.0688 3772  C:\Program Files\SpywareBlaster\spywareblaster.exe - ok
13:27:32.0704 3772  [ F2C9648784E231A8F2CE3BACACE88DBF ] C:\Program Files\Media Player Classic - Home Cinema\mpc-hc.exe
13:27:32.0704 3772  C:\Program Files\Media Player Classic - Home Cinema\mpc-hc.exe - ok
13:27:32.0719 3772  [ C4364E4E0176EA2201EE29EC807FA2F8 ] C:\Users\Steve\Desktop\MPC-HomeCinema.1.4.2499.0.x86.exe
13:27:32.0719 3772  C:\Users\Steve\Desktop\MPC-HomeCinema.1.4.2499.0.x86.exe - ok
13:27:32.0719 3772  [ 2A377B657BDFAB7F192B02F4F9E69AD8 ] C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe
13:27:32.0719 3772  C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe - ok
13:27:32.0735 3772  [ B42D1053ABEC0B90B9418D27A9973F83 ] C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
13:27:32.0735 3772  C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe - ok
13:27:32.0750 3772  [ 24F75A942A12C8BF9E8A0C567AF74AA8 ] C:\Program Files\Auslogics\AusLogics Disk Defrag\diskdefrag.exe
13:27:32.0750 3772  C:\Program Files\Auslogics\AusLogics Disk Defrag\diskdefrag.exe - ok
13:27:32.0766 3772  [ E585445D5021971FAE10393F0F1C3961 ] C:\Windows\System32\qmgr.dll
13:27:32.0766 3772  C:\Windows\System32\qmgr.dll - ok
13:27:32.0782 3772  [ 0552A8684BF7566F744D5B19FF6AEC6B ] C:\Windows\System32\bitsperf.dll
13:27:32.0782 3772  C:\Windows\System32\bitsperf.dll - ok
13:27:32.0797 3772  ============================================================
13:27:32.0797 3772  Scan finished
13:27:32.0797 3772  ============================================================
13:27:32.0813 3760  Detected object count: 0
13:27:32.0813 3760  Actual detected object count: 0

 



#7 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 04:57 PM

aswMBR log:

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 22:09:45
-----------------------------
22:09:45.247    OS Version: Windows 6.1.7601 Service Pack 1
22:09:45.247    Number of processors: 1 586 0xD08
22:09:45.262    ComputerName: STEVE-PC  UserName: Steve
22:10:42.164    Initialize success
22:12:34.351    AVAST engine defs: 12111201
22:13:02.861    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:13:02.876    Disk 0 Vendor: WDC_WD800VE-75HDT1 11.07D11 Size: 76319MB BusType: 3
22:13:02.892    Disk 0 MBR read successfully
22:13:02.908    Disk 0 MBR scan
22:13:03.017    Disk 0 Windows 7 default MBR code
22:13:03.048    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:13:03.142    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76203 MB offset 206848
22:13:03.220    Disk 0 scanning sectors +156270768
22:13:03.392    Disk 0 scanning C:\Windows\system32\drivers
22:13:31.174    Service scanning
22:13:59.500    Service MpKsl41261c73 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DC56EA1-8AED-48D5-8B62-89F86EFAB9AA}\MpKsl41261c73.sys **LOCKED** 32
22:14:39.832    Modules scanning
22:14:51.805    Disk 0 trace - called modules:
22:14:52.383    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
22:14:52.415    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84eff030]
22:14:52.430    3 CLASSPNP.SYS[8723b59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x841a0610]
22:14:53.383    AVAST engine scan C:\Windows
22:14:56.133    AVAST engine scan C:\Windows\system32
22:21:53.195    AVAST engine scan C:\Windows\system32\drivers
22:22:23.131    AVAST engine scan C:\Users\Steve
22:25:04.184    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
22:25:04.356    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-09 13:35:43
-----------------------------
13:35:43.039    OS Version: Windows 6.1.7601 Service Pack 1
13:35:43.039    Number of processors: 1 586 0xD08
13:35:43.039    ComputerName: STEVE-PC  UserName: Steve
13:36:17.432    Initialize success
13:44:11.196    AVAST engine defs: 13030900
13:44:33.639    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:44:33.655    Disk 0 Vendor: WDC_WD800VE-75HDT1 11.07D11 Size: 76319MB BusType: 3
13:44:33.670    Disk 0 MBR read successfully
13:44:33.670    Disk 0 MBR scan
13:44:33.749    Disk 0 Windows 7 default MBR code
13:44:33.795    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:44:33.811    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76203 MB offset 206848
13:44:33.827    Disk 0 scanning sectors +156270768
13:44:33.999    Disk 0 scanning C:\Windows\system32\drivers
13:44:51.530    Service scanning
13:45:12.116    Service MpKslcffaf9b5 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\MpKslcffaf9b5.sys **LOCKED** 32
13:45:41.177    Modules scanning
13:45:53.984    Disk 0 trace - called modules:
13:45:54.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
13:45:54.031    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f01030]
13:45:54.031    3 CLASSPNP.SYS[8724159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x841a0610]
13:45:55.672    AVAST engine scan C:\Windows
13:45:57.969    AVAST engine scan C:\Windows\system32
13:50:22.949    AVAST engine scan C:\Windows\system32\drivers
13:50:41.120    AVAST engine scan C:\Users\Steve
13:50:41.307    File: C:\Users\Steve\2065329.dll  **INFECTED** Win32:Reveton-MS [Trj]
13:50:41.932    File: C:\Users\Steve\AppData\Local\Apple Computer\Adobe\lwpwjrvfx.dll  **INFECTED** Win32:Trojan-gen
13:54:26.873    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
13:54:26.888    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-09 13:35:43
-----------------------------
13:35:43.039    OS Version: Windows 6.1.7601 Service Pack 1
13:35:43.039    Number of processors: 1 586 0xD08
13:35:43.039    ComputerName: STEVE-PC  UserName: Steve
13:36:17.432    Initialize success
13:44:11.196    AVAST engine defs: 13030900
13:44:33.639    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:44:33.655    Disk 0 Vendor: WDC_WD800VE-75HDT1 11.07D11 Size: 76319MB BusType: 3
13:44:33.670    Disk 0 MBR read successfully
13:44:33.670    Disk 0 MBR scan
13:44:33.749    Disk 0 Windows 7 default MBR code
13:44:33.795    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:44:33.811    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76203 MB offset 206848
13:44:33.827    Disk 0 scanning sectors +156270768
13:44:33.999    Disk 0 scanning C:\Windows\system32\drivers
13:44:51.530    Service scanning
13:45:12.116    Service MpKslcffaf9b5 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\MpKslcffaf9b5.sys **LOCKED** 32
13:45:41.177    Modules scanning
13:45:53.984    Disk 0 trace - called modules:
13:45:54.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
13:45:54.031    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f01030]
13:45:54.031    3 CLASSPNP.SYS[8724159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x841a0610]
13:45:55.672    AVAST engine scan C:\Windows
13:45:57.969    AVAST engine scan C:\Windows\system32
13:50:22.949    AVAST engine scan C:\Windows\system32\drivers
13:50:41.120    AVAST engine scan C:\Users\Steve
13:50:41.307    File: C:\Users\Steve\2065329.dll  **INFECTED** Win32:Reveton-MS [Trj]
13:50:41.932    File: C:\Users\Steve\AppData\Local\Apple Computer\Adobe\lwpwjrvfx.dll  **INFECTED** Win32:Trojan-gen
13:54:26.873    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
13:54:26.888    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
13:54:39.035    File: C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\22686cf-2e3f68c7  **INFECTED** Win32:Kryptik-LCK [Trj]
13:54:40.145    File: C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\2ee61743-63b097d5  **INFECTED** Win32:MalOb-IJ [Cryp]
13:55:53.197    AVAST engine scan C:\ProgramData
13:57:03.607    Scan finished successfully
13:57:25.750    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
13:57:25.766    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-09 13:35:43
-----------------------------
13:35:43.039    OS Version: Windows 6.1.7601 Service Pack 1
13:35:43.039    Number of processors: 1 586 0xD08
13:35:43.039    ComputerName: STEVE-PC  UserName: Steve
13:36:17.432    Initialize success
13:44:11.196    AVAST engine defs: 13030900
13:44:33.639    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:44:33.655    Disk 0 Vendor: WDC_WD800VE-75HDT1 11.07D11 Size: 76319MB BusType: 3
13:44:33.670    Disk 0 MBR read successfully
13:44:33.670    Disk 0 MBR scan
13:44:33.749    Disk 0 Windows 7 default MBR code
13:44:33.795    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:44:33.811    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76203 MB offset 206848
13:44:33.827    Disk 0 scanning sectors +156270768
13:44:33.999    Disk 0 scanning C:\Windows\system32\drivers
13:44:51.530    Service scanning
13:45:12.116    Service MpKslcffaf9b5 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA8257F-926A-488E-B329-B59391247526}\MpKslcffaf9b5.sys **LOCKED** 32
13:45:41.177    Modules scanning
13:45:53.984    Disk 0 trace - called modules:
13:45:54.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
13:45:54.031    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f01030]
13:45:54.031    3 CLASSPNP.SYS[8724159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x841a0610]
13:45:55.672    AVAST engine scan C:\Windows
13:45:57.969    AVAST engine scan C:\Windows\system32
13:50:22.949    AVAST engine scan C:\Windows\system32\drivers
13:50:41.120    AVAST engine scan C:\Users\Steve
13:50:41.307    File: C:\Users\Steve\2065329.dll  **INFECTED** Win32:Reveton-MS [Trj]
13:50:41.932    File: C:\Users\Steve\AppData\Local\Apple Computer\Adobe\lwpwjrvfx.dll  **INFECTED** Win32:Trojan-gen
13:54:26.873    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
13:54:26.888    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
13:54:39.035    File: C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\22686cf-2e3f68c7  **INFECTED** Win32:Kryptik-LCK [Trj]
13:54:40.145    File: C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\2ee61743-63b097d5  **INFECTED** Win32:MalOb-IJ [Cryp]
13:55:53.197    AVAST engine scan C:\ProgramData
13:57:03.607    Scan finished successfully
13:57:25.750    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
13:57:25.766    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"
13:57:48.156    Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
13:57:48.171    The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"


 



#8 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 04:58 PM

ESET results:

 

C:\$RECYCLE.BIN\S-1-5-21-1089155279-2339593571-1851886300-1000\$R1KFFNS.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Users\Steve\2065329.dll Win32/Reveton.N trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Apple Computer\Adobe\lwpwjrvfx.dll a variant of Win32/Kryptik.AOWX trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VISUI0AX\IWJ[1].pdf JS/Exploit.Pdfka.QDY trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\22686cf-2e3f68c7 a variant of Win32/Kryptik.ATCY trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\2ee61743-63b097d5 Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6a4924de-3809c410 a variant of Java/Exploit.CVE-2013-0422.CD trojan deleted - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\3d0e272f-32fc98fa multiple threats deleted - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\590fab5-44d2b594 a variant of Java/Exploit.CVE-2013-0422.AC trojan deleted - quarantined
C:\Users\Steve\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\7c278d77-5b993e83 Java/Exploit.CVE-2013-0422.AW trojan deleted - quarantined
C:\Users\Steve\AppData\Roaming\skype.dat a variant of Win32/Kryptik.AWGG trojan cleaned by deleting - quarantined

 

************************

 

Please advise on next steps.

 

Thanks,

ND_Fan 



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 AM

Posted 09 March 2013 - 05:00 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
    For instructions with screenshots, please refer to this .
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#10 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 06:13 PM

Malwarebytes log:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.09.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

3/9/2013 4:23:45 PM
mbam-log-2013-03-09 (16-23-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207309
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

MiniToolBox log:

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Steve (administrator) on 09-03-2013 at 16:38:39
Running from "C:\Users\Steve\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15299 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Dell Wireless 1370 WLAN Mini-PCI Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=enabled


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Steve-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card
   Physical Address. . . . . . . . . : 00-16-CE-19-78-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::81ae:4062:9eb:4773%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, March 09, 2013 1:23:45 PM
   Lease Expires . . . . . . . . . . : Sunday, March 10, 2013 3:38:24 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 201332430
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-38-64-42-00-14-22-F0-37-5E
   DNS Servers . . . . . . . . . . . : 192.168.2.1
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
   Physical Address. . . . . . . . . : 00-14-22-F0-37-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BF56B380-3A58-479C-9E65-99E66A1A2BA4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A8E02D92-613C-4E34-B874-ABD4D910BB4A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:38f2:1d1:bc58:15c3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38f2:1d1:bc58:15c3%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4009:803::100e
   74.125.225.65
   74.125.225.64
   74.125.225.73
   74.125.225.72
   74.125.225.66
   74.125.225.78
   74.125.225.71
   74.125.225.69
   74.125.225.68
   74.125.225.70
   74.125.225.67


Pinging google.com [74.125.225.65] with 32 bytes of data:
Reply from 74.125.225.65: bytes=32 time=12ms TTL=55
Reply from 74.125.225.65: bytes=32 time=12ms TTL=55

Ping statistics for 74.125.225.65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 12ms, Average = 12ms
Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=213ms TTL=50
Reply from 206.190.36.45: bytes=32 time=230ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 213ms, Maximum = 230ms, Average = 221ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 16 ce 19 78 fa ......Dell Wireless 1370 WLAN Mini-PCI Card
 10...00 14 22 f0 37 5e ......Broadcom 440x 10/100 Integrated Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.5     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.5    286
      192.168.2.5  255.255.255.255         On-link       192.168.2.5    286
    192.168.2.255  255.255.255.255         On-link       192.168.2.5    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.5    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.5    286
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:38f2:1d1:bc58:15c3/128
                                    On-link
 11    286 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::38f2:1d1:bc58:15c3/128
                                    On-link
 11    286 fe80::81ae:4062:9eb:4773/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/09/2013 01:21:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslfc5126d7.

System Error:
The system cannot find the file specified.
.

Error: (03/09/2013 01:25:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16094

Error: (03/09/2013 01:25:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16094

Error: (03/09/2013 01:25:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2013 01:16:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (03/09/2013 01:13:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (03/08/2013 06:32:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21617093

Error: (03/08/2013 06:32:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21617093

Error: (03/08/2013 06:32:46 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2013 10:22:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9947375


System errors:
=============
Error: (03/09/2013 01:23:55 PM) (Source: Service Control Manager) (User: )
Description: The 5762 service failed to start due to the following error:
%%2

Error: (03/09/2013 01:23:25 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (03/09/2013 01:23:16 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (03/09/2013 01:23:16 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (03/09/2013 01:22:06 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.145.1246.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.2.0223.00

 Source Path: 4.2.0223.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/09/2013 01:10:19 PM) (Source: Service Control Manager) (User: )
Description: The 5762 service failed to start due to the following error:
%%2

Error: (03/09/2013 01:10:02 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (03/09/2013 01:10:15 PM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (03/09/2013 01:09:52 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (03/09/2013 01:09:52 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (03/09/2013 01:21:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslfc5126d7.

System Error:
The system cannot find the file specified.

Error: (03/09/2013 01:25:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16094

Error: (03/09/2013 01:25:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16094

Error: (03/09/2013 01:25:13 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2013 01:16:04 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (03/09/2013 01:13:51 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (03/08/2013 06:32:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21617093

Error: (03/08/2013 06:32:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21617093

Error: (03/08/2013 06:32:46 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2013 10:22:01 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9947375


=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced WindowsCare Personal 2.6.0 (Version: 2.6.0)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
AusLogics Disk Defrag (Version: version 1.4)
Belarc Advisor 7.2
Bonjour (Version: 3.0.0.10)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0)
Canon MP Navigator EX 1.0
Canon MX310 series
Canon Utilities Solution Menu
CCleaner (Version: 3.27)
C-Major Audio (Version: 42xx)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.8)
DTCLookup
ESET Online Scanner v3
Free Window Registry Repair
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
iTunes (Version: 11.0.1.12)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Media Player Classic - Home Cinema v1.4.2499.0 (Version: 1.4.2499.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Lync 2010 (Version: 4.0.7577.4356)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2531.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (Version: 4.0.11308.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Revo Uninstaller 1.85 (Version: 1.85)
Secunia PSI (3.0.0.4001) (Version: 3.0.0.4001)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
TurboTax 2010
TurboTax 2010 wiliper (Version: 010.000.1266)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WinPatrol (Version: 25.0.2012.5)
WinRAR archiver

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1023.44 MB
Available physical RAM: 404.8 MB
Total Pagefile: 2047.44 MB
Available Pagefile: 861.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.1 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.42 GB) (Free:26.81 GB) NTFS

========================= Users: ========================================

User accounts for \\STEVE-PC

Administrator            Guest                    Steve                   


**** End of log ****



#11 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 06:18 PM

Farbar's Service Scanner log

 

Farbar Service Scanner Version: 03-03-2013
Ran by Steve (administrator) on 09-03-2013 at 16:45:57
Running from "C:\Users\Steve\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-17 15:34] - [2013-01-02 23:05] - 1293672 ____A (Microsoft Corporation) 7C0507D2391AF5933600CBCED799F277

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

AdwCleaner log:

 

# AdwCleaner v2.114 - Logfile created 03/09/2013 at 16:50:19
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [773 octets] - [13/11/2012 09:38:06]
AdwCleaner[S2].txt - [794 octets] - [09/03/2013 16:50:19]

########## EOF - C:\AdwCleaner[S2].txt - [853 octets] ##########



#12 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 06:30 PM

Junkware Removal Tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Steve on Sat 03/09/2013 at 16:56:41.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/09/2013 at 17:00:17.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

RKill Log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/09/2013 05:03:27 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com

  20 out of 15320 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/09/2013 05:03:48 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)



#13 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 06:33 PM

Autoruns Log:

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "CanonSolutionMenu" "CNSLMAIN" "CANON INC." "c:\program files\canon\solutionmenu\cnslmain.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "WinPatrol" "WinPatrol System Monitor" "BillP Studios" "c:\program files\billp studios\winpatrol\winpatrol.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "belarc" "Belarc VoilaX Control" "Belarc, Inc." "c:\program files\belarc\advisor\system\bavoilax.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Lync Browser Helper" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\ochelper.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Lync add-on" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\ochelper.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Sun Java Console" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2iexp.dll"
"Task Scheduler" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IntuitUpdateService" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service\intuitupdateservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data, and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql10.mssmlbiz\mssql\binn\sqlservr.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files\spybot - search & destroy\sdwinsec.exe"
+ "Secunia PSI Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files\secunia\psi\psia.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "5762" "" "" "File not found: C:\Users\Steve\AppData\Local\Temp\5762.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "bcm4sbxp" "Broadcom Corporation NDIS 5.1 ethernet driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "STAC97" "SigmaTel Audio Driver (WDM)" "SigmaTel, Inc." "c:\windows\system32\drivers\stac97.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "VST_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "VSTHWICH" "HSFHWICH WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstich3.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Fax Language Monitor1" "Canon Inkjet Fax Driver" "CANON INC." "c:\windows\system32\cnhf1lm.dll"
+ "BJ Language Monitor4" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm4.dll"
+ "Canon BJ Language Monitor MX310 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm8z.dll"
+ "Canon MP FAX Language Monitor MX310" "MP FAX Language Monitor DLL" "Canon Inc." "c:\windows\system32\cncf2ld.dll"
 



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 AM

Posted 09 March 2013 - 06:35 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)



#15 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 March 2013 - 07:19 PM

narenxp,

 

I really appreciate the help and timely responses.

 

Eveything was going smoothly, but then I received an error when I attempted to turn off the system restore:

 

"Could not configure the disk space used for system protection for the following reason:

Windows was unable to delete all snapshots.  Please retry or view the event log for more information. (0x8100010B)."

 

Then I clicked OK and received a similar error:

 

"There was an unexpected error in the property page:

Windows was unable to delete all snapshots.  Please retry or view the event log for more information.  (0x8100010B)

Please close the property page and try again."

 

Are you familiar with these errors?  Do we need to do something differently in order to properly delete the old restore points and create a new one?

 

Please advise.

 

Thanks,

ND_Fan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users