Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BrowserProtect will not leave.


  • This topic is locked This topic is locked
27 replies to this topic

#1 baymerlou

baymerlou

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 01:24 PM

Last week I downloaded a software update and noticed Delta took over my FF browser removing my speedial settings, fortunately I was able to import my settings back.  I went into add/remove programs and was able to delete the delta and reset my homepage back to normal.  Hopefully it is gone.   However, I noticed along with that BrowserProtect is now on my system, my firefox is lagging big time.   I removed it in add/remove but didn't see the uninstall happening although the name disappeared.   I went into my C://ProgramData/ and I see browser protect is there, I clicked the unistall there but it did nothing.   I didn't want to remove that folder without using an uninstall method.

 

I am noticing that whenever I view a video online it's lagging, hesitating and stopping.  This happens in You Tube, or just any video I try to watch streaming.  Don't know if this has something to do with it since it  has never happened before I got these 2 interruptions.

 

Any advice what I need to do next?  This is my first experience with a virus/trojan and I'm stumped what to do.

 

My system is Windows 7 Premium SP1, ASUSTeK Computer Notebook UL50VT/UL50Vg Series

Genuine Intel CPU U7300 @ 1.30 GHz, 4 GB Ram, 64-bit OS

 

TIA awaiting your instructions.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 14 April 2013 - 01:50 PM


Hello baymerlou

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-
  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
information and logs
  • In your next post I need the following
    • both reports from DDS
    • report from security check
    • let me know of any problems you may have had
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 02:16 PM

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton AntiVirus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 11.7.700.169  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1)
 Mozilla Thunderbird (17.0.5)
 Google Chrome 17.0.963.56  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Norton AntiVirus Engine 19.9.1.14 ccSvcHst.exe
 Firetrust MailWasher MailWasherPro.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

now doing the DDS and will post afterwards



#4 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 02:22 PM

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Deb at 15:16:48 on 2013-04-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4061.2237 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Users\Deb Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\eSupport\SupThrSrv\SupThrSrv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\notepad.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=40BC485B390AD84C
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://www.searchbrowsing.com/?uid=3cf2f846aae5da1e4786ae9ad02d5d75&pid=100&v=1
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [sdApp.exe] C:\Program Files (x86)\ShoppingDaisy\sdApp.exe
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [Google Update] "C:\Users\Deb Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [A73260CBE533D7E8F03B8E7523B9963D8C125B70._service_run] "C:\Users\Deb Laptop\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: DiaryOne: Save full text - C:\Program Files (x86)\DiaryOne\Script\fullcatcher.htm
IE: DiaryOne: Save selected text - C:\Program Files (x86)\DiaryOne\Script\catcher.htm
IE: Download with Mipony - D:\##My Games\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A1225EF5-2A8C-494A-941A-EC62C9544BD6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A1225EF5-2A8C-494A-941A-EC62C9544BD6}\C696E6B6379737 : DHCPNameServer = 192.168.2.1 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Deb Laptop\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 40bc2649000000000000485b390ad84c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15805
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1616:39:41
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-12-8 236248]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309010.00E\symds64.sys [2013-2-5 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-3-21 1387608]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130412.001\IDSviA64.sys [2013-4-12 513184]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-9 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357272]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\ironx64.sys [2013-2-5 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\symnets.sys [2013-2-5 405624]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-2-28 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-2-28 14904]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-4-11 239176]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 SupThrSrv;Super Thruster Service;C:\eSupport\SupThrSrv\SupThrSrv.exe [2010-2-28 80512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-11-13 67072]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-2-19 175352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-12 40448]
S3 Boonty Games;Boonty Games;C:\Program Files (x86)\Common Files\BOONTY Shared\Service\boonty.exe [2011-8-22 69120]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-10-9 31800]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-2 1255736]
.
=============== Created Last 30 ================
.
2013-04-13 23:41:56    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\Hidden Objects DeadlyAssociation
2013-04-13 19:55:53    26520    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-12 02:16:55    --------    d-----w-    C:\Windows\SysWow64\searchplugins
2013-04-12 02:16:55    --------    d-----w-    C:\Windows\SysWow64\Extensions
2013-04-12 00:33:20    --------    d-----w-    C:\Program Files\Realtek
2013-04-12 00:33:19    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-04-12 00:31:24    836544    ----a-w-    C:\Windows\System32\tadefxapo264.dll
2013-04-12 00:31:24    65944    ----a-w-    C:\Windows\System32\tepeqapo64.dll
2013-04-12 00:31:24    1361336    ----a-w-    C:\Windows\System32\tosade.dll
2013-04-12 00:31:23    148416    ----a-w-    C:\Windows\System32\tadefxapo.dll
2013-04-12 00:31:19    1659464    ----a-w-    C:\Windows\System32\RTSnMg64.cpl
2013-04-12 00:31:18    2797128    ----a-w-    C:\Windows\System32\RtPgEx64.dll
2013-04-12 00:31:17    331880    ----a-w-    C:\Windows\System32\RtlCPAPI64.dll
2013-04-12 00:31:14    3379272    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2013-04-12 00:31:01    149608    ----a-w-    C:\Windows\System32\RtkCfg64.dll
2013-04-12 00:31:01    14952    ----a-w-    C:\Windows\System32\RtkCoLDR64.dll
2013-04-12 00:30:59    3693128    ----a-w-    C:\Windows\System32\RtkAPO64.dll
2013-04-12 00:30:58    991816    ----a-w-    C:\Windows\System32\RtkApi64.dll
2013-04-12 00:30:58    78680    ----a-w-    C:\Windows\System32\RTEEG64A.dll
2013-04-12 00:30:58    613448    ----a-w-    C:\Windows\System32\RtDataProc64.dll
2013-04-12 00:30:58    375128    ----a-w-    C:\Windows\System32\RTEEP64A.dll
2013-04-12 00:30:58    204120    ----a-w-    C:\Windows\System32\RTEED64A.dll
2013-04-12 00:30:58    101208    ----a-w-    C:\Windows\System32\RTEEL64A.dll
2013-04-12 00:30:57    1284680    ----a-w-    C:\Windows\System32\RTCOM64.dll
2013-04-12 00:30:56    310104    ----a-w-    C:\Windows\System32\RP3DHT64.dll
2013-04-12 00:30:55    310104    ----a-w-    C:\Windows\System32\RP3DAA64.dll
2013-04-12 00:30:45    135240    ----a-w-    C:\Windows\System32\RCoInstII64.dll
2013-04-12 00:30:00    2734624    ----a-w-    C:\Windows\System32\FMAPO64.dll
2013-04-12 00:29:48    110592    ----a-w-    C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2013-04-12 00:29:43    108640    ----a-w-    C:\Windows\System32\AERTAR64.dll
2013-04-12 00:29:42    208072    ----a-w-    C:\Windows\System32\AERTAC64.dll
2013-04-12 00:27:08    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-04-11 23:36:03    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2013-04-11 23:25:14    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\OpenCandy
2013-04-10 20:39:05    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\Babylon
2013-04-09 13:18:46    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\TheInvisibleMan_v_1_0_0
2013-04-08 23:00:04    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\Origaming Media
2013-04-08 23:00:04    --------    d-----w-    C:\ProgramData\Origaming Media
2013-03-31 20:08:42    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\GreenSauceGames
2013-03-29 23:55:27    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\bicyclestudios
2013-03-23 19:18:34    --------    d-----w-    C:\Users\Deb Laptop\AppData\Roaming\STAHKM
.
==================== Find3M  ====================
.
2013-04-09 13:09:52    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-09 13:09:52    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 17:16:10    236248    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-02-18 13:22:18    31080    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-02-18 13:22:18    1472360    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 13:22:16    189288    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-01-16 20:02:38    2079816    ----a-w-    C:\Windows\RtlExUpd.dll
.
============= FINISH: 15:17:37.78 ===============

 

attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23/03/2010 04:49:33 PM
System Uptime: 14/04/2013 03:00:54 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | UL50VT    
Processor: Genuine Intel® CPU           U7300  @ 1.30GHz | Socket 478 | 1300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 12.163 GiB free.
D: is FIXED (NTFS) - 335 GiB total, 62.625 GiB free.
E: is CDROM ()
I: is FIXED (NTFS) - 932 GiB total, 275.89 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP347: 31/03/2013 01:37:04 PM - Installed calibre
RP348: 08/04/2013 12:00:02 AM - Scheduled Checkpoint
RP349: 09/04/2013 12:50:15 PM - Installed Rapport
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
ABC Amber ePub Converter
Acrobat.com
Adaptec UDF Reader
Adobe Acrobat X Pro - English, Russian
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Alcor Micro USB Card Reader
ASUS AI Recovery
ASUS AP Bank
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Virtual Camera
ASUS WebStorage
ASUS_UL_Series_Screensaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
Azada Elementa Collectors Edition 1.00
Ballad of Solar 1.00
Barn Yarn Collectors 1.00
BufferChm
calibre
CDDRV_Installer
Choice Guard
ControlDeck
ConvertHelper 2.2
CyberLink LabelPrint
CyberLink Power2Go
DAMN NFO Viewer 2.10.0031 RC3
Deadly Association 1.00
Destinations
DiaryOne 6.7
DivX Setup
DocProc
erLT
ETDWare PS/2-x64 7.0.5.9_WHQL
Express Gate
Fast Boot
ffdshow x64 v1.1.4342 [2012-02-28]
Foxit PDF Preview Handler
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Solution Center 13.0
hpg5590
HPPhotosmartEssential
HPProductAssistant
KhalInstallWrapper
Logitech SetPoint
MailWasherPro
Matchmaker Curse of Deserted Bride 1.00
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Image Composite Editor
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
MiPony 2.0.5
MozBackup 1.4.10
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Mystery Case Files Shadow Lake Collectors Updated 1.0.1
Norton AntiVirus
NVIDIA Drivers
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
OCR Software by I.R.I.S. 13.0
OpenAL
QuickTime
Rainlendar2 (remove only)
Rapport
Realtek High Definition Audio Driver
Rescue Frenzy 1.00
Rescue Team Updated 1.00
Revo Uninstaller Pro 2.5.3
Safari
Scan
Scanjet 5590
Scarytales All Hail King Mongo 1.00
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Seven Seas Solitaire 1.00
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
SRS Premium Sound Control Panel
StudioTax 2010
StudioTax 2011
StudioTax 2012
Sweet Kingdom Enchanted Princess 1.00
System Requirements Lab
The Invisible Man 1.00
The TimeBuilders Pyramid Rising 2 1.00
Total Video Converter 3.60 100204
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB 2.0 UVC 0.3M WebCam
VC80CRTRedist - 8.0.50727.6195
version 1.0.5.8
VLC media player 2.0.5
WebReg
Whispers Revelation 1.00
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
WinRAR archiver
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
14/04/2013 11:40:59 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
14/04/2013 11:38:32 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
14/04/2013 11:35:38 AM, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
14/04/2013 11:35:38 AM, Error: Microsoft-Windows-WHEA-Logger [18]  - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 0 The details view of this entry contains further information.
14/04/2013 11:34:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8004df28f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\041413-80558-01.dmp. Report Id: 041413-80558-01.
14/04/2013 07:48:59 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
14/04/2013 03:03:54 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SuperMounter UdfReadr
14/04/2013 03:01:18 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\UdfReadr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
14/04/2013 02:15:52 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
13/04/2013 11:33:07 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\DR0.
11/04/2013 07:11:50 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
11/04/2013 06:18:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.
.
==== End Of File ===========================


 



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 14 April 2013 - 02:26 PM



Hello baymerlou


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 03:19 PM

16:05:27.0273 5668  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:05:27.0679 5668  ============================================================
16:05:27.0679 5668  Current date / time: 2013/04/14 16:05:27.0679
16:05:27.0679 5668  SystemInfo:
16:05:27.0679 5668  
16:05:27.0679 5668  OS Version: 6.1.7601 ServicePack: 1.0
16:05:27.0679 5668  Product type: Workstation
16:05:27.0679 5668  ComputerName: DEB-LAPTOP-PC
16:05:27.0679 5668  UserName: Deb Laptop
16:05:27.0679 5668  Windows directory: C:\Windows
16:05:27.0679 5668  System windows directory: C:\Windows
16:05:27.0679 5668  Running under WOW64
16:05:27.0679 5668  Processor architecture: Intel x64
16:05:27.0679 5668  Number of processors: 2
16:05:27.0679 5668  Page size: 0x1000
16:05:27.0679 5668  Boot type: Normal boot
16:05:27.0679 5668  ============================================================
16:05:28.0428 5668  BG loaded
16:05:28.0911 5668  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:05:28.0927 5668  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:05:28.0927 5668  ============================================================
16:05:28.0927 5668  \Device\Harddisk0\DR0:
16:05:28.0927 5668  MBR partitions:
16:05:28.0927 5668  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0xE8E0360
16:05:28.0942 5668  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1062B517, BlocksNum 0x29D5972A
16:05:28.0942 5668  \Device\Harddisk1\DR1:
16:05:28.0942 5668  MBR partitions:
16:05:28.0942 5668  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
16:05:28.0942 5668  ============================================================
16:05:29.0005 5668  C: <-> \Device\Harddisk0\DR0\Partition1
16:05:29.0114 5668  D: <-> \Device\Harddisk0\DR0\Partition2
16:05:29.0161 5668  I: <-> \Device\Harddisk1\DR1\Partition1
16:05:29.0161 5668  ============================================================
16:05:29.0161 5668  Initialize success
16:05:29.0161 5668  ============================================================
16:05:51.0172 5868  ============================================================
16:05:51.0172 5868  Scan started
16:05:51.0172 5868  Mode: Manual; SigCheck; TDLFS;
16:05:51.0172 5868  ============================================================
16:05:51.0718 5868  ================ Scan system memory ========================
16:05:51.0718 5868  System memory - ok
16:05:51.0718 5868  ================ Scan services =============================
16:05:51.0906 5868  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:05:52.0124 5868  1394ohci - ok
16:05:52.0171 5868  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
16:05:52.0218 5868  ACPI - ok
16:05:52.0249 5868  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
16:05:52.0342 5868  AcpiPmi - ok
16:05:52.0498 5868  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:52.0530 5868  AdobeARMservice - ok
16:05:52.0670 5868  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:52.0701 5868  AdobeFlashPlayerUpdateSvc - ok
16:05:52.0764 5868  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:05:52.0810 5868  adp94xx - ok
16:05:52.0857 5868  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:05:52.0904 5868  adpahci - ok
16:05:52.0920 5868  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:05:52.0951 5868  adpu320 - ok
16:05:52.0998 5868  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:05:53.0169 5868  AeLookupSvc - ok
16:05:53.0232 5868  [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent        C:\Windows\system32\FBAgent.exe
16:05:53.0294 5868  AFBAgent - ok
16:05:53.0341 5868  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD             C:\Windows\system32\drivers\afd.sys
16:05:53.0544 5868  AFD - ok
16:05:53.0575 5868  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
16:05:53.0606 5868  agp440 - ok
16:05:53.0637 5868  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:05:53.0715 5868  ALG - ok
16:05:53.0762 5868  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
16:05:53.0793 5868  aliide - ok
16:05:53.0824 5868  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
16:05:53.0856 5868  amdide - ok
16:05:53.0871 5868  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:05:53.0934 5868  AmdK8 - ok
16:05:53.0949 5868  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:05:54.0027 5868  AmdPPM - ok
16:05:54.0074 5868  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
16:05:54.0105 5868  amdsata - ok
16:05:54.0121 5868  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:05:54.0168 5868  amdsbs - ok
16:05:54.0183 5868  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
16:05:54.0214 5868  amdxata - ok
16:05:54.0246 5868  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
16:05:54.0339 5868  AmUStor - ok
16:05:54.0386 5868  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:05:54.0480 5868  AppID - ok
16:05:54.0526 5868  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:05:54.0604 5868  AppIDSvc - ok
16:05:54.0651 5868  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:05:54.0729 5868  Appinfo - ok
16:05:54.0776 5868  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:05:54.0807 5868  arc - ok
16:05:54.0838 5868  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:05:54.0870 5868  arcsas - ok
16:05:54.0932 5868  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
16:05:54.0948 5868  ASLDRService - ok
16:05:55.0026 5868  [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64        C:\Program Files\ATKGFNEX\ASMMAP64.sys
16:05:55.0041 5868  ASMMAP64 - ok
16:05:55.0088 5868  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:55.0166 5868  AsyncMac - ok
16:05:55.0213 5868  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
16:05:55.0244 5868  atapi - ok
16:05:55.0306 5868  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:05:55.0400 5868  athr - ok
16:05:55.0416 5868  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
16:05:55.0447 5868  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
16:05:55.0447 5868  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
16:05:55.0509 5868  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:55.0603 5868  AudioEndpointBuilder - ok
16:05:55.0634 5868  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:05:55.0728 5868  AudioSrv - ok
16:05:55.0790 5868  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:05:55.0915 5868  AxInstSV - ok
16:05:55.0977 5868  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:05:56.0055 5868  b06bdrv - ok
16:05:56.0086 5868  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:05:56.0133 5868  b57nd60a - ok
16:05:56.0180 5868  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:05:56.0274 5868  BDESVC - ok
16:05:56.0289 5868  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:05:56.0383 5868  Beep - ok
16:05:56.0461 5868  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:05:56.0554 5868  BFE - ok
16:05:56.0773 5868  [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
16:05:56.0835 5868  BHDrvx64 - ok
16:05:56.0882 5868  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:05:57.0022 5868  BITS - ok
16:05:57.0054 5868  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:05:57.0116 5868  blbdrive - ok
16:05:57.0163 5868  [ 3ED38DACBC94B2AF9F52677D93FA6761 ] Boonty Games    C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
16:05:57.0210 5868  Boonty Games ( UnsignedFile.Multi.Generic ) - warning
16:05:57.0210 5868  Boonty Games - detected UnsignedFile.Multi.Generic (1)
16:05:57.0241 5868  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:05:57.0319 5868  bowser - ok
16:05:57.0366 5868  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:05:57.0428 5868  BrFiltLo - ok
16:05:57.0444 5868  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:05:57.0522 5868  BrFiltUp - ok
16:05:57.0553 5868  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
16:05:57.0646 5868  Browser - ok
16:05:57.0678 5868  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:05:57.0756 5868  Brserid - ok
16:05:57.0771 5868  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:57.0818 5868  BrSerWdm - ok
16:05:57.0849 5868  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:57.0912 5868  BrUsbMdm - ok
16:05:57.0927 5868  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:57.0990 5868  BrUsbSer - ok
16:05:58.0005 5868  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:05:58.0068 5868  BTHMODEM - ok
16:05:58.0099 5868  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:05:58.0208 5868  bthserv - ok
16:05:58.0302 5868  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NAV       C:\Windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys
16:05:58.0348 5868  ccSet_NAV - ok
16:05:58.0380 5868  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:05:58.0473 5868  cdfs - ok
16:05:58.0504 5868  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:05:58.0567 5868  cdrom - ok
16:05:58.0614 5868  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:05:58.0723 5868  CertPropSvc - ok
16:05:58.0770 5868  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:05:58.0816 5868  circlass - ok
16:05:58.0863 5868  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:05:58.0910 5868  CLFS - ok
16:05:58.0972 5868  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:59.0051 5868  clr_optimization_v2.0.50727_32 - ok
16:05:59.0082 5868  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:59.0113 5868  clr_optimization_v2.0.50727_64 - ok
16:05:59.0175 5868  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:59.0238 5868  clr_optimization_v4.0.30319_32 - ok
16:05:59.0285 5868  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:59.0300 5868  clr_optimization_v4.0.30319_64 - ok
16:05:59.0331 5868  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:05:59.0378 5868  CmBatt - ok
16:05:59.0425 5868  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
16:05:59.0456 5868  cmdide - ok
16:05:59.0503 5868  [ D5FEA92400F12412B3922087C09DA6A5 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:05:59.0550 5868  CNG - ok
16:05:59.0597 5868  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:05:59.0628 5868  Compbatt - ok
16:05:59.0659 5868  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:05:59.0706 5868  CompositeBus - ok
16:05:59.0721 5868  COMSysApp - ok
16:05:59.0737 5868  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:05:59.0768 5868  crcdisk - ok
16:05:59.0831 5868  [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:05:59.0909 5868  CryptSvc - ok
16:05:59.0955 5868  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:06:00.0065 5868  DcomLaunch - ok
16:06:00.0111 5868  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:06:00.0205 5868  defragsvc - ok
16:06:00.0267 5868  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:06:00.0361 5868  DfsC - ok
16:06:00.0408 5868  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:06:00.0501 5868  Dhcp - ok
16:06:00.0533 5868  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:06:00.0611 5868  discache - ok
16:06:00.0657 5868  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:06:00.0689 5868  Disk - ok
16:06:00.0720 5868  [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:06:00.0813 5868  Dnscache - ok
16:06:00.0845 5868  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:06:00.0923 5868  dot3svc - ok
16:06:00.0954 5868  [ B42ED0320C6E41102FDE0005154849BB ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
16:06:01.0032 5868  dot4 - ok
16:06:01.0063 5868  [ 85135AD27E79B689335C08167D917CDE ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:06:01.0125 5868  Dot4Print - ok
16:06:01.0157 5868  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
16:06:01.0219 5868  dot4usb - ok
16:06:01.0250 5868  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:06:01.0328 5868  DPS - ok
16:06:01.0359 5868  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:06:01.0422 5868  drmkaud - ok
16:06:01.0469 5868  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:06:01.0515 5868  DXGKrnl - ok
16:06:01.0562 5868  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:06:01.0656 5868  EapHost - ok
16:06:01.0749 5868  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:06:01.0905 5868  ebdrv - ok
16:06:01.0968 5868  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:06:01.0999 5868  eeCtrl - ok
16:06:02.0030 5868  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
16:06:02.0093 5868  EFS - ok
16:06:02.0155 5868  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:06:02.0249 5868  ehRecvr - ok
16:06:02.0280 5868  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:06:02.0358 5868  ehSched - ok
16:06:02.0420 5868  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:06:02.0483 5868  elxstor - ok
16:06:02.0514 5868  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:06:02.0545 5868  EraserUtilRebootDrv - ok
16:06:02.0545 5868  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
16:06:02.0623 5868  ErrDev - ok
16:06:02.0670 5868  [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
16:06:02.0748 5868  ETD - ok
16:06:02.0779 5868  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:06:02.0873 5868  EventSystem - ok
16:06:02.0904 5868  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:06:02.0997 5868  exfat - ok
16:06:03.0013 5868  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:06:03.0107 5868  fastfat - ok
16:06:03.0185 5868  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:06:03.0263 5868  Fax - ok
16:06:03.0294 5868  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:06:03.0356 5868  fdc - ok
16:06:03.0403 5868  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:06:03.0497 5868  fdPHost - ok
16:06:03.0512 5868  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:06:03.0606 5868  FDResPub - ok
16:06:03.0621 5868  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:06:03.0668 5868  FileInfo - ok
16:06:03.0699 5868  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:06:03.0793 5868  Filetrace - ok
16:06:03.0824 5868  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:06:03.0871 5868  flpydisk - ok
16:06:03.0918 5868  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:06:03.0949 5868  FltMgr - ok
16:06:04.0011 5868  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
16:06:04.0121 5868  FontCache - ok
16:06:04.0183 5868  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:06:04.0199 5868  FontCache3.0.0.0 - ok
16:06:04.0292 5868  [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
16:06:04.0323 5868  FreeAgentGoNext Service - ok
16:06:04.0355 5868  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:06:04.0386 5868  FsDepends - ok
16:06:04.0401 5868  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:06:04.0448 5868  Fs_Rec - ok
16:06:04.0495 5868  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:06:04.0542 5868  fvevol - ok
16:06:04.0557 5868  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:06:04.0589 5868  gagp30kx - ok
16:06:04.0635 5868  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:06:04.0729 5868  gpsvc - ok
16:06:04.0869 5868  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:06:04.0901 5868  gupdate - ok
16:06:04.0916 5868  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:06:04.0932 5868  gupdatem - ok
16:06:04.0963 5868  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:06:05.0057 5868  hcw85cir - ok
16:06:05.0088 5868  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:06:05.0150 5868  HdAudAddService - ok
16:06:05.0181 5868  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:06:05.0244 5868  HDAudBus - ok
16:06:05.0306 5868  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:06:05.0337 5868  HidBatt - ok
16:06:05.0353 5868  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:06:05.0415 5868  HidBth - ok
16:06:05.0431 5868  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:06:05.0493 5868  HidIr - ok
16:06:05.0525 5868  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:06:05.0603 5868  hidserv - ok
16:06:05.0665 5868  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:06:05.0727 5868  HidUsb - ok
16:06:05.0759 5868  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:06:05.0821 5868  hkmsvc - ok
16:06:05.0868 5868  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:06:05.0930 5868  HomeGroupListener - ok
16:06:05.0977 5868  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:06:06.0024 5868  HomeGroupProvider - ok
16:06:06.0117 5868  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:06:06.0164 5868  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:06:06.0164 5868  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:06:06.0211 5868  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
16:06:06.0242 5868  HpSAMD - ok
16:06:06.0305 5868  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:06:06.0398 5868  HTTP - ok
16:06:06.0429 5868  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:06:06.0476 5868  hwpolicy - ok
16:06:06.0523 5868  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:06:06.0554 5868  i8042prt - ok
16:06:06.0585 5868  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:06:06.0632 5868  iaStor - ok
16:06:06.0663 5868  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
16:06:06.0710 5868  iaStorV - ok
16:06:06.0757 5868  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:06:06.0804 5868  idsvc - ok
16:06:06.0929 5868  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130412.001\IDSvia64.sys
16:06:06.0960 5868  IDSVia64 - ok
16:06:07.0147 5868  [ DFEAF0A1D98D397035012C8E28D1520F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:06:07.0397 5868  igfx - ok
16:06:07.0475 5868  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:06:07.0506 5868  iirsp - ok
16:06:07.0568 5868  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:06:07.0693 5868  IKEEXT - ok
16:06:07.0802 5868  [ CCEDD47ABD068C58C8513DEB785093BB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:06:07.0911 5868  IntcAzAudAddService - ok
16:06:07.0927 5868  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
16:06:07.0958 5868  intelide - ok
16:06:07.0974 5868  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:06:08.0021 5868  intelppm - ok
16:06:08.0067 5868  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:06:08.0161 5868  IPBusEnum - ok
16:06:08.0208 5868  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:08.0270 5868  IpFilterDriver - ok
16:06:08.0301 5868  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:06:08.0411 5868  iphlpsvc - ok
16:06:08.0426 5868  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:06:08.0489 5868  IPMIDRV - ok
16:06:08.0520 5868  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:06:08.0598 5868  IPNAT - ok
16:06:08.0629 5868  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:06:08.0707 5868  IRENUM - ok
16:06:08.0723 5868  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
16:06:08.0754 5868  isapnp - ok
16:06:08.0785 5868  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:06:08.0816 5868  iScsiPrt - ok
16:06:08.0847 5868  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:06:08.0879 5868  kbdclass - ok
16:06:08.0910 5868  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:06:08.0972 5868  kbdhid - ok
16:06:09.0003 5868  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
16:06:09.0019 5868  kbfiltr - ok
16:06:09.0035 5868  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
16:06:09.0066 5868  KeyIso - ok
16:06:09.0128 5868  [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:06:09.0159 5868  KSecDD - ok
16:06:09.0191 5868  [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:06:09.0237 5868  KSecPkg - ok
16:06:09.0253 5868  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:06:09.0347 5868  ksthunk - ok
16:06:09.0378 5868  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:06:09.0487 5868  KtmRm - ok
16:06:09.0534 5868  [ 9C46A5421DE9D116C47155317CABB522 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
16:06:09.0596 5868  L1C - ok
16:06:09.0659 5868  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:06:09.0752 5868  LanmanServer - ok
16:06:09.0799 5868  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:06:09.0893 5868  LanmanWorkstation - ok
16:06:09.0955 5868  [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
16:06:09.0986 5868  LBTServ - ok
16:06:10.0033 5868  [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
16:06:10.0049 5868  LEqdUsb - ok
16:06:10.0080 5868  [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
16:06:10.0111 5868  LHidEqd - ok
16:06:10.0127 5868  [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:06:10.0142 5868  LHidFilt - ok
16:06:10.0173 5868  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:06:10.0267 5868  lltdio - ok
16:06:10.0298 5868  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:06:10.0392 5868  lltdsvc - ok
16:06:10.0423 5868  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:06:10.0485 5868  lmhosts - ok
16:06:10.0517 5868  [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:06:10.0548 5868  LMouFilt - ok
16:06:10.0595 5868  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:06:10.0626 5868  LSI_FC - ok
16:06:10.0641 5868  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:06:10.0673 5868  LSI_SAS - ok
16:06:10.0688 5868  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:06:10.0719 5868  LSI_SAS2 - ok
16:06:10.0735 5868  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:06:10.0766 5868  LSI_SCSI - ok
16:06:10.0797 5868  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:06:10.0875 5868  luafv - ok
16:06:10.0907 5868  massfilter - ok
16:06:10.0938 5868  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:06:11.0000 5868  Mcx2Svc - ok
16:06:11.0031 5868  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:06:11.0063 5868  megasas - ok
16:06:11.0094 5868  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:06:11.0125 5868  MegaSR - ok
16:06:11.0203 5868  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:06:11.0234 5868  Microsoft Office Groove Audit Service - ok
16:06:11.0265 5868  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:06:11.0359 5868  MMCSS - ok
16:06:11.0390 5868  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:06:11.0484 5868  Modem - ok
16:06:11.0515 5868  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:06:11.0562 5868  monitor - ok
16:06:11.0593 5868  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:06:11.0624 5868  mouclass - ok
16:06:11.0655 5868  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:06:11.0687 5868  mouhid - ok
16:06:11.0718 5868  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:06:11.0749 5868  mountmgr - ok
16:06:11.0811 5868  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:06:11.0843 5868  MozillaMaintenance - ok
16:06:11.0874 5868  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
16:06:11.0905 5868  mpio - ok
16:06:11.0921 5868  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:06:11.0999 5868  mpsdrv - ok
16:06:12.0045 5868  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:06:12.0155 5868  MpsSvc - ok
16:06:12.0186 5868  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:06:12.0233 5868  MRxDAV - ok
16:06:12.0264 5868  [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:12.0342 5868  mrxsmb - ok
16:06:12.0373 5868  [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:12.0467 5868  mrxsmb10 - ok
16:06:12.0498 5868  [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:06:12.0591 5868  mrxsmb20 - ok
16:06:12.0623 5868  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
16:06:12.0654 5868  msahci - ok
16:06:12.0669 5868  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
16:06:12.0701 5868  msdsm - ok
16:06:12.0716 5868  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:06:12.0763 5868  MSDTC - ok
16:06:12.0794 5868  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:06:12.0872 5868  Msfs - ok
16:06:12.0903 5868  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:06:12.0997 5868  mshidkmdf - ok
16:06:12.0997 5868  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
16:06:13.0028 5868  msisadrv - ok
16:06:13.0075 5868  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:06:13.0184 5868  MSiSCSI - ok
16:06:13.0184 5868  msiserver - ok
16:06:13.0215 5868  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:06:13.0293 5868  MSKSSRV - ok
16:06:13.0325 5868  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:06:13.0418 5868  MSPCLOCK - ok
16:06:13.0434 5868  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:06:13.0512 5868  MSPQM - ok
16:06:13.0543 5868  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:06:13.0590 5868  MsRPC - ok
16:06:13.0605 5868  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:06:13.0637 5868  mssmbios - ok
16:06:13.0652 5868  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:06:13.0746 5868  MSTEE - ok
16:06:13.0761 5868  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:06:13.0808 5868  MTConfig - ok
16:06:13.0886 5868  [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
16:06:13.0902 5868  MTsensor - ok
16:06:13.0949 5868  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:06:13.0980 5868  Mup - ok
16:06:14.0042 5868  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:06:14.0136 5868  napagent - ok
16:06:14.0167 5868  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:06:14.0245 5868  NativeWifiP - ok
16:06:14.0323 5868  [ F2840DBFE9322F35557219AE82CC4597 ] NAV             C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
16:06:14.0354 5868  NAV - ok
16:06:14.0432 5868  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\ENG64.SYS
16:06:14.0479 5868  NAVENG - ok
16:06:14.0557 5868  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\EX64.SYS
16:06:14.0651 5868  NAVEX15 - ok
16:06:14.0697 5868  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:06:14.0775 5868  NDIS - ok
16:06:14.0822 5868  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:06:14.0916 5868  NdisCap - ok
16:06:14.0947 5868  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:06:15.0041 5868  NdisTapi - ok
16:06:15.0072 5868  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:06:15.0165 5868  Ndisuio - ok
16:06:15.0197 5868  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:06:15.0290 5868  NdisWan - ok
16:06:15.0321 5868  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:06:15.0399 5868  NDProxy - ok
16:06:15.0462 5868  [ BD94210175C488F18ADD3E189EE9304C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:06:15.0493 5868  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:06:15.0493 5868  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:06:15.0540 5868  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:06:15.0633 5868  NetBIOS - ok
16:06:15.0665 5868  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:06:15.0743 5868  NetBT - ok
16:06:15.0774 5868  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
16:06:15.0805 5868  Netlogon - ok
16:06:15.0867 5868  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:06:15.0977 5868  Netman - ok
16:06:15.0992 5868  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:06:16.0086 5868  netprofm - ok
16:06:16.0117 5868  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:16.0148 5868  NetTcpPortSharing - ok
16:06:16.0164 5868  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:06:16.0195 5868  nfrd960 - ok
16:06:16.0257 5868  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:06:16.0335 5868  NlaSvc - ok
16:06:16.0351 5868  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:06:16.0429 5868  Npfs - ok
16:06:16.0445 5868  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:06:16.0554 5868  nsi - ok
16:06:16.0585 5868  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:06:16.0725 5868  nsiproxy - ok
16:06:16.0928 5868  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:06:17.0022 5868  Ntfs - ok
16:06:17.0053 5868  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:06:17.0131 5868  Null - ok
16:06:17.0209 5868  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:06:17.0240 5868  NVHDA - ok
16:06:18.0114 5868  [ 5A9A416F77E98686079E4D7F90A55498 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:06:18.0410 5868  nvlddmkm - ok
16:06:18.0473 5868  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
16:06:18.0660 5868  nvraid - ok
16:06:18.0707 5868  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
16:06:18.0753 5868  nvstor - ok
16:06:18.0878 5868  [ 72545FE7BD0410E72D00B0029DAE3700 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:06:18.0909 5868  nvsvc - ok
16:06:18.0925 5868  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
16:06:18.0972 5868  nv_agp - ok
16:06:19.0175 5868  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:06:19.0206 5868  odserv - ok
16:06:19.0268 5868  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:06:19.0362 5868  ohci1394 - ok
16:06:19.0424 5868  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:06:19.0455 5868  ose - ok
16:06:19.0533 5868  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:06:19.0658 5868  p2pimsvc - ok
16:06:19.0721 5868  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:06:19.0814 5868  p2psvc - ok
16:06:19.0877 5868  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:06:19.0923 5868  Parport - ok
16:06:19.0939 5868  [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:06:19.0970 5868  partmgr - ok
16:06:20.0017 5868  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:06:20.0126 5868  PcaSvc - ok
16:06:20.0157 5868  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
16:06:20.0189 5868  pci - ok
16:06:20.0204 5868  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:06:20.0235 5868  pciide - ok
16:06:20.0282 5868  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:06:20.0313 5868  pcmcia - ok
16:06:20.0329 5868  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:06:20.0376 5868  pcw - ok
16:06:20.0454 5868  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:06:20.0547 5868  PEAUTH - ok
16:06:20.0766 5868  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:06:20.0828 5868  PerfHost - ok
16:06:20.0922 5868  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:06:21.0062 5868  pla - ok
16:06:21.0093 5868  [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:06:21.0171 5868  PlugPlay - ok
16:06:21.0218 5868  [ 7FE2AFB17D91CF39843D6766EA31CFC7 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:06:21.0249 5868  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:06:21.0249 5868  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:06:21.0265 5868  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:06:21.0296 5868  PNRPAutoReg - ok
16:06:21.0327 5868  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:06:21.0359 5868  PNRPsvc - ok
16:06:21.0405 5868  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:06:21.0483 5868  PolicyAgent - ok
16:06:21.0530 5868  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:06:21.0624 5868  Power - ok
16:06:21.0671 5868  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:06:21.0764 5868  PptpMiniport - ok
16:06:21.0795 5868  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:06:21.0842 5868  Processor - ok
16:06:21.0889 5868  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
16:06:21.0967 5868  ProfSvc - ok
16:06:21.0998 5868  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
16:06:22.0029 5868  ProtectedStorage - ok
16:06:22.0092 5868  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:06:22.0185 5868  Psched - ok
16:06:22.0248 5868  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:06:22.0359 5868  ql2300 - ok
16:06:22.0385 5868  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:06:22.0421 5868  ql40xx - ok
16:06:22.0451 5868  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:06:22.0506 5868  QWAVE - ok
16:06:22.0524 5868  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:06:22.0595 5868  QWAVEdrv - ok
16:06:22.0711 5868  [ DE004C5857A45EB59FBFDC57AAA17026 ] RapportCerberus_51755 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys
16:06:22.0821 5868  RapportCerberus_51755 - ok
16:06:22.0861 5868  [ BB9E8EB0B28922057A849F6998C3F69C ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
16:06:22.0899 5868  RapportEI64 - ok
16:06:22.0984 5868  [ EE86BA861726741F03A786EEC847A0F7 ] RapportIaso     c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys
16:06:23.0021 5868  RapportIaso - ok
16:06:23.0049 5868  [ 0B629D5595CB4C1B38C6D3A654EDA75A ] RapportKE64     C:\Windows\system32\Drivers\RapportKE64.sys
16:06:23.0102 5868  RapportKE64 - ok
16:06:23.0161 5868  [ C4C4736DCE60276E9B0CB0FE3A848586 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
16:06:23.0211 5868  RapportMgmtService - ok
16:06:23.0270 5868  [ A7F657CC79E8C6FEB92D0B50CA30F97C ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
16:06:23.0304 5868  RapportPG64 - ok
16:06:23.0325 5868  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:06:23.0414 5868  RasAcd - ok
16:06:23.0452 5868  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:06:23.0525 5868  RasAgileVpn - ok
16:06:23.0548 5868  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:06:23.0663 5868  RasAuto - ok
16:06:23.0704 5868  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:06:23.0803 5868  Rasl2tp - ok
16:06:23.0869 5868  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:06:24.0062 5868  RasMan - ok
16:06:24.0099 5868  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:06:24.0234 5868  RasPppoe - ok
16:06:24.0266 5868  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:06:24.0442 5868  RasSstp - ok
16:06:24.0474 5868  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:06:24.0555 5868  rdbss - ok
16:06:24.0573 5868  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:06:24.0649 5868  rdpbus - ok
16:06:24.0667 5868  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:06:24.0844 5868  RDPCDD - ok
16:06:24.0876 5868  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:06:24.0989 5868  RDPENCDD - ok
16:06:25.0029 5868  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:06:25.0142 5868  RDPREFMP - ok
16:06:25.0191 5868  [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:06:25.0293 5868  RDPWD - ok
16:06:25.0348 5868  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:06:25.0383 5868  rdyboost - ok
16:06:25.0411 5868  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:06:25.0512 5868  RemoteAccess - ok
16:06:25.0550 5868  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:06:25.0654 5868  RemoteRegistry - ok
16:06:25.0707 5868  [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
16:06:25.0743 5868  Revoflt - ok
16:06:25.0781 5868  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:06:25.0870 5868  RpcEptMapper - ok
16:06:25.0897 5868  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:06:25.0949 5868  RpcLocator - ok
16:06:25.0985 5868  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:06:26.0066 5868  RpcSs - ok
16:06:26.0113 5868  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:06:26.0200 5868  rspndr - ok
16:06:26.0315 5868  [ 3A50489C017292386C1C6CF6EB283F23 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:06:26.0345 5868  RtkAudioService - ok
16:06:26.0385 5868  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
16:06:26.0422 5868  SamSs - ok
16:06:26.0454 5868  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
16:06:26.0488 5868  sbp2port - ok
16:06:26.0519 5868  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:06:26.0646 5868  SCardSvr - ok
16:06:26.0683 5868  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:06:26.0758 5868  scfilter - ok
16:06:26.0830 5868  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:06:26.0935 5868  Schedule - ok
16:06:26.0994 5868  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:06:27.0066 5868  SCPolicySvc - ok
16:06:27.0086 5868  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:06:27.0158 5868  SDRSVC - ok
16:06:27.0223 5868  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:06:27.0253 5868  SeaPort - ok
16:06:27.0292 5868  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:06:27.0363 5868  secdrv - ok
16:06:27.0397 5868  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:06:27.0491 5868  seclogon - ok
16:06:27.0526 5868  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:06:27.0618 5868  SENS - ok
16:06:27.0635 5868  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:06:27.0706 5868  SensrSvc - ok
16:06:27.0747 5868  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:06:27.0804 5868  Serenum - ok
16:06:27.0837 5868  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:06:27.0892 5868  Serial - ok
16:06:27.0917 5868  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:06:27.0968 5868  sermouse - ok
16:06:28.0022 5868  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:06:28.0097 5868  SessionEnv - ok
16:06:28.0118 5868  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
16:06:28.0186 5868  sffdisk - ok
16:06:28.0204 5868  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:06:28.0253 5868  sffp_mmc - ok
16:06:28.0276 5868  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
16:06:28.0322 5868  sffp_sd - ok
16:06:28.0351 5868  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:06:28.0404 5868  sfloppy - ok
16:06:28.0449 5868  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:06:28.0570 5868  SharedAccess - ok
16:06:28.0609 5868  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:06:28.0686 5868  ShellHWDetection - ok
16:06:28.0724 5868  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
16:06:28.0772 5868  SiSGbeLH - ok
16:06:28.0800 5868  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:06:28.0831 5868  SiSRaid2 - ok
16:06:28.0851 5868  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:06:28.0883 5868  SiSRaid4 - ok
16:06:28.0905 5868  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:06:28.0997 5868  Smb - ok
16:06:29.0046 5868  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:06:29.0103 5868  SNMPTRAP - ok
16:06:29.0187 5868  [ A415C67B40DFB903ACCC1D40FBEE3269 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
16:06:29.0291 5868  SNP2UVC - ok
16:06:29.0313 5868  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:06:29.0343 5868  spldr - ok
16:06:29.0397 5868  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
16:06:29.0478 5868  Spooler - ok
16:06:29.0583 5868  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:06:29.0728 5868  sppsvc - ok
16:06:29.0758 5868  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:06:29.0847 5868  sppuinotify - ok
16:06:29.0925 5868  [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd            C:\Windows\System32\Drivers\sptd.sys
16:06:29.0977 5868  sptd - ok
16:06:30.0061 5868  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS
16:06:30.0102 5868  SRTSP - ok
16:06:30.0119 5868  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS
16:06:30.0153 5868  SRTSPX - ok
16:06:30.0190 5868  [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:06:30.0289 5868  srv - ok
16:06:30.0324 5868  [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:06:30.0415 5868  srv2 - ok
16:06:30.0444 5868  [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:06:30.0527 5868  srvnet - ok
16:06:30.0569 5868  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:06:30.0664 5868  SSDPSRV - ok
16:06:30.0686 5868  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:06:30.0775 5868  SstpSvc - ok
16:06:30.0879 5868  [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:06:30.0915 5868  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
16:06:30.0915 5868  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
16:06:30.0951 5868  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:06:30.0985 5868  stexstor - ok
16:06:31.0052 5868  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:06:31.0105 5868  stisvc - ok
16:06:31.0148 5868  SuperMounter - ok
16:06:31.0180 5868  [ 4A726E190B676444F2D42F0F56CF72F4 ] SupThrSrv       C:\eSupport\SupThrSrv\SupThrSrv.exe
16:06:31.0205 5868  SupThrSrv - ok
16:06:31.0233 5868  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:06:31.0262 5868  swenum - ok
16:06:31.0304 5868  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:06:31.0415 5868  swprv - ok
16:06:31.0454 5868  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS
16:06:31.0492 5868  SymDS - ok
16:06:31.0563 5868  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS
16:06:31.0658 5868  SymEFA - ok
16:06:31.0721 5868  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:06:31.0748 5868  SymEvent - ok
16:06:31.0779 5868  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS
16:06:31.0808 5868  SymIRON - ok
16:06:31.0861 5868  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS
16:06:31.0892 5868  SymNetS - ok
16:06:31.0978 5868  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:06:32.0070 5868  SysMain - ok
16:06:32.0102 5868  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:06:32.0160 5868  TabletInputService - ok
16:06:32.0187 5868  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:06:32.0295 5868  TapiSrv - ok
16:06:32.0330 5868  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:06:32.0418 5868  TBS - ok
16:06:32.0513 5868  [ 509383E505C973ED7534A06B3D19688D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:06:32.0633 5868  Tcpip - ok
16:06:32.0700 5868  [ 509383E505C973ED7534A06B3D19688D ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:06:32.0773 5868  TCPIP6 - ok
16:06:32.0817 5868  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:06:32.0905 5868  tcpipreg - ok
16:06:32.0948 5868  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:06:33.0012 5868  TDPIPE - ok
16:06:33.0049 5868  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:06:33.0143 5868  TDTCP - ok
16:06:33.0188 5868  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:06:33.0259 5868  tdx - ok
16:06:33.0286 5868  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:06:33.0316 5868  TermDD - ok
16:06:33.0372 5868  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:06:33.0486 5868  TermService - ok
16:06:33.0522 5868  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:06:33.0578 5868  Themes - ok
16:06:33.0614 5868  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:06:33.0686 5868  THREADORDER - ok
16:06:33.0733 5868  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:06:33.0829 5868  TrkWks - ok
16:06:33.0899 5868  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:06:33.0992 5868  TrustedInstaller - ok
16:06:34.0032 5868  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:06:34.0117 5868  tssecsrv - ok
16:06:34.0176 5868  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:06:34.0246 5868  TsUsbFlt - ok
16:06:34.0307 5868  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:06:34.0389 5868  tunnel - ok
16:06:34.0417 5868  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:06:34.0449 5868  uagp35 - ok
16:06:34.0479 5868  UdfReadr - ok
16:06:34.0523 5868  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:06:34.0623 5868  udfs - ok
16:06:34.0674 5868  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:06:34.0731 5868  UI0Detect - ok
16:06:34.0763 5868  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
16:06:34.0795 5868  uliagpkx - ok
16:06:34.0816 5868  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:06:34.0868 5868  umbus - ok
16:06:34.0887 5868  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:06:34.0942 5868  UmPass - ok
16:06:34.0978 5868  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:06:35.0057 5868  upnphost - ok
16:06:35.0092 5868  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:06:35.0117 5868  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:06:35.0117 5868  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:06:35.0144 5868  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:06:35.0195 5868  usbccgp - ok
16:06:35.0230 5868  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
16:06:35.0272 5868  usbcir - ok
16:06:35.0287 5868  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:06:35.0342 5868  usbehci - ok
16:06:35.0376 5868  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:06:35.0436 5868  usbhub - ok
16:06:35.0455 5868  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:06:35.0503 5868  usbohci - ok
16:06:35.0523 5868  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:06:35.0580 5868  usbprint - ok
16:06:35.0616 5868  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:06:35.0675 5868  usbscan - ok
16:06:35.0704 5868  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:35.0759 5868  USBSTOR - ok
16:06:35.0785 5868  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:06:35.0835 5868  usbuhci - ok
16:06:35.0874 5868  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:06:35.0946 5868  usbvideo - ok
16:06:35.0974 5868  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:06:36.0048 5868  UxSms - ok
16:06:36.0060 5868  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
16:06:36.0097 5868  VaultSvc - ok
16:06:36.0126 5868  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
16:06:36.0156 5868  vdrvroot - ok
16:06:36.0199 5868  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:06:36.0298 5868  vds - ok
16:06:36.0320 5868  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:06:36.0361 5868  vga - ok
16:06:36.0380 5868  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:06:36.0464 5868  VgaSave - ok
16:06:36.0490 5868  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
16:06:36.0526 5868  vhdmp - ok
16:06:36.0544 5868  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
16:06:36.0575 5868  viaide - ok
16:06:36.0592 5868  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
16:06:36.0625 5868  volmgr - ok
16:06:36.0681 5868  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:06:36.0721 5868  volmgrx - ok
16:06:36.0744 5868  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
16:06:36.0783 5868  volsnap - ok
16:06:36.0803 5868  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:06:36.0837 5868  vsmraid - ok
16:06:36.0906 5868  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:06:37.0006 5868  VSS - ok
16:06:37.0042 5868  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:06:37.0099 5868  vwifibus - ok
16:06:37.0121 5868  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:06:37.0173 5868  vwififlt - ok
16:06:37.0213 5868  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:06:37.0254 5868  vwifimp - ok
16:06:37.0294 5868  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:06:37.0375 5868  W32Time - ok
16:06:37.0403 5868  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:06:37.0441 5868  WacomPen - ok
16:06:37.0487 5868  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:06:37.0557 5868  WANARP - ok
16:06:37.0575 5868  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:06:37.0647 5868  Wanarpv6 - ok
16:06:37.0700 5868  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:06:37.0761 5868  WatAdminSvc - ok
16:06:37.0838 5868  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:06:37.0945 5868  wbengine - ok
16:06:37.0978 5868  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:06:38.0045 5868  WbioSrvc - ok
16:06:38.0089 5868  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:06:38.0162 5868  wcncsvc - ok
16:06:38.0185 5868  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:06:38.0269 5868  WcsPlugInService - ok
16:06:38.0299 5868  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:06:38.0332 5868  Wd - ok
16:06:38.0363 5868  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:06:38.0423 5868  Wdf01000 - ok
16:06:38.0437 5868  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:06:38.0548 5868  WdiServiceHost - ok
16:06:38.0569 5868  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:06:38.0615 5868  WdiSystemHost - ok
16:06:38.0660 5868  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:06:38.0729 5868  WebClient - ok
16:06:38.0766 5868  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:06:38.0846 5868  Wecsvc - ok
16:06:38.0866 5868  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:06:38.0960 5868  wercplsupport - ok
16:06:39.0000 5868  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:06:39.0076 5868  WerSvc - ok
16:06:39.0132 5868  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:06:39.0202 5868  WfpLwf - ok
16:06:39.0232 5868  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
16:06:39.0282 5868  WimFltr - ok
16:06:39.0309 5868  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:06:39.0340 5868  WIMMount - ok
16:06:39.0364 5868  WinDefend - ok
16:06:39.0376 5868  WinHttpAutoProxySvc - ok
16:06:39.0433 5868  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:06:39.0508 5868  Winmgmt - ok
16:06:39.0595 5868  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:06:39.0751 5868  WinRM - ok
16:06:39.0819 5868  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:06:39.0872 5868  WinUsb - ok
16:06:39.0926 5868  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:06:39.0996 5868  Wlansvc - ok
16:06:40.0037 5868  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:06:40.0082 5868  WmiAcpi - ok
16:06:40.0124 5868  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:06:40.0173 5868  wmiApSrv - ok
16:06:40.0208 5868  WMPNetworkSvc - ok
16:06:40.0240 5868  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:06:40.0311 5868  WPCSvc - ok
16:06:40.0359 5868  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:06:40.0399 5868  WPDBusEnum - ok
16:06:40.0425 5868  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:06:40.0514 5868  ws2ifsl - ok
16:06:40.0551 5868  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:06:40.0609 5868  wscsvc - ok
16:06:40.0617 5868  WSearch - ok
16:06:40.0706 5868  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:06:40.0793 5868  wuauserv - ok
16:06:40.0816 5868  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:06:40.0886 5868  WudfPf - ok
16:06:40.0941 5868  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:06:41.0030 5868  WUDFRd - ok
16:06:41.0063 5868  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:06:41.0137 5868  wudfsvc - ok
16:06:41.0170 5868  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:06:41.0220 5868  WwanSvc - ok
16:06:41.0238 5868  ZTEusbmdm6k - ok
16:06:41.0249 5868  ZTEusbnet - ok
16:06:41.0259 5868  ZTEusbnmea - ok
16:06:41.0269 5868  ZTEusbser6k - ok
16:06:41.0292 5868  ================ Scan global ===============================
16:06:41.0318 5868  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:06:41.0352 5868  [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll
16:06:41.0373 5868  [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll
16:06:41.0398 5868  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:06:41.0432 5868  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:06:41.0438 5868  [Global] - ok
16:06:41.0439 5868  ================ Scan MBR ==================================
16:06:41.0450 5868  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:06:41.0900 5868  \Device\Harddisk0\DR0 - ok
16:06:41.0928 5868  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:06:42.0076 5868  \Device\Harddisk1\DR1 - ok
16:06:42.0077 5868  ================ Scan VBR ==================================
16:06:42.0081 5868  [ 21869AB7EC1A4D79458AD33F45A09110 ] \Device\Harddisk0\DR0\Partition1
16:06:42.0084 5868  \Device\Harddisk0\DR0\Partition1 - ok
16:06:42.0088 5868  [ D73440335BD672793C04AF719815B3E1 ] \Device\Harddisk0\DR0\Partition2
16:06:42.0091 5868  \Device\Harddisk0\DR0\Partition2 - ok
16:06:42.0096 5868  [ B095923F6F9FA322132236A5B033308B ] \Device\Harddisk1\DR1\Partition1
16:06:42.0100 5868  \Device\Harddisk1\DR1\Partition1 - ok
16:06:42.0101 5868  ================ Scan active images ========================
16:06:42.0104 5868  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
16:06:42.0104 5868  C:\Windows\System32\drivers\crashdmp.sys - ok
16:06:42.0111 5868  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] C:\Windows\System32\drivers\iaStor.sys
16:06:42.0111 5868  C:\Windows\System32\drivers\iaStor.sys - ok
16:06:42.0118 5868  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
16:06:42.0118 5868  C:\Windows\System32\drivers\dumpfve.sys - ok
16:06:42.0125 5868  [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
16:06:42.0125 5868  C:\Windows\System32\drivers\cdrom.sys - ok
16:06:42.0133 5868  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] C:\Windows\System32\drivers\NAVx64\1309010.00E\ccsetx64.sys
16:06:42.0133 5868  C:\Windows\System32\drivers\NAVx64\1309010.00E\ccsetx64.sys - ok
16:06:42.0140 5868  [ 891793E00432FA055CF040605C260E49 ] C:\Windows\System32\drivers\NAVx64\1309010.00E\srtsp64.sys
16:06:42.0140 5868  C:\Windows\System32\drivers\NAVx64\1309010.00E\srtsp64.sys - ok
16:06:42.0148 5868  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] C:\Windows\System32\drivers\NAVx64\1309010.00E\ironx64.sys
16:06:42.0148 5868  C:\Windows\System32\drivers\NAVx64\1309010.00E\ironx64.sys - ok
16:06:42.0155 5868  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] C:\Windows\System32\drivers\NAVx64\1309010.00E\srtspx64.sys
16:06:42.0155 5868  C:\Windows\System32\drivers\NAVx64\1309010.00E\srtspx64.sys - ok
16:06:42.0162 5868  [ 898BB48C797483420DF523B2BBC1ECDB ] C:\Windows\System32\drivers\SYMEVENT64x86.SYS
16:06:42.0162 5868  C:\Windows\System32\drivers\SYMEVENT64x86.SYS - ok
16:06:42.0171 5868  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\ex64.sys
16:06:42.0171 5868  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\ex64.sys - ok
16:06:42.0178 5868  [ 88A2F45CE66B904285978D6BB13AFEB2 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\eng64.sys
16:06:42.0178 5868  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\eng64.sys - ok
16:06:42.0188 5868  [ DE004C5857A45EB59FBFDC57AAA17026 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys
16:06:42.0188 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys - ok
16:06:42.0195 5868  [ A7F657CC79E8C6FEB92D0B50CA30F97C ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
16:06:42.0195 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys - ok
16:06:42.0203 5868  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
16:06:42.0203 5868  C:\Windows\System32\drivers\null.sys - ok
16:06:42.0209 5868  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
16:06:42.0210 5868  C:\Windows\System32\drivers\beep.sys - ok
16:06:42.0217 5868  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
16:06:42.0217 5868  C:\Windows\System32\drivers\vga.sys - ok
16:06:42.0224 5868  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
16:06:42.0224 5868  C:\Windows\System32\drivers\videoprt.sys - ok
16:06:42.0231 5868  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
16:06:42.0231 5868  C:\Windows\System32\drivers\watchdog.sys - ok
16:06:42.0238 5868  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
16:06:42.0238 5868  C:\Windows\System32\drivers\RDPCDD.sys - ok
16:06:42.0245 5868  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
16:06:42.0245 5868  C:\Windows\System32\drivers\RDPENCDD.sys - ok
16:06:42.0252 5868  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
16:06:42.0253 5868  C:\Windows\System32\drivers\RDPREFMP.sys - ok
16:06:42.0263 5868  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
16:06:42.0263 5868  C:\Windows\System32\drivers\msfs.sys - ok
16:06:42.0271 5868  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
16:06:42.0271 5868  C:\Windows\System32\drivers\npfs.sys - ok
16:06:42.0277 5868  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
16:06:42.0278 5868  C:\Windows\System32\drivers\tdi.sys - ok
16:06:42.0285 5868  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
16:06:42.0285 5868  C:\Windows\System32\drivers\tdx.sys - ok
16:06:42.0292 5868  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] C:\Windows\System32\drivers\afd.sys
16:06:42.0292 5868  C:\Windows\System32\drivers\afd.sys - ok
16:06:42.0300 5868  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
16:06:42.0300 5868  C:\Windows\System32\drivers\netbt.sys - ok
16:06:42.0307 5868  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
16:06:42.0307 5868  C:\Windows\System32\drivers\wfplwf.sys - ok
16:06:42.0314 5868  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
16:06:42.0315 5868  C:\Windows\System32\drivers\pacer.sys - ok
16:06:42.0322 5868  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
16:06:42.0322 5868  C:\Windows\System32\drivers\vwififlt.sys - ok
16:06:42.0327 5868  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
16:06:42.0327 5868  C:\Windows\System32\drivers\netbios.sys - ok
16:06:42.0334 5868  [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
16:06:42.0335 5868  C:\Windows\System32\drivers\wanarp.sys - ok
16:06:42.0341 5868  [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
16:06:42.0341 5868  C:\Windows\System32\drivers\termdd.sys - ok
16:06:42.0349 5868  [ 3911BD0E68C010E5438A87706ABBE9AB ] C:\Windows\System32\drivers\NAVx64\1309010.00E\symnets.sys
16:06:42.0349 5868  C:\Windows\System32\drivers\NAVx64\1309010.00E\symnets.sys - ok
16:06:42.0356 5868  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
16:06:42.0356 5868  C:\Windows\System32\drivers\rdbss.sys - ok
16:06:42.0363 5868  [ BB9E8EB0B28922057A849F6998C3F69C ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
16:06:42.0363 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys - ok
16:06:42.0370 5868  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
16:06:42.0370 5868  C:\Windows\System32\drivers\nsiproxy.sys - ok
16:06:42.0377 5868  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
16:06:42.0377 5868  C:\Windows\System32\drivers\mssmbios.sys - ok
16:06:42.0384 5868  [ A48928D4CCA6F8B731989DB08CF2C0AB ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130412.001\IDSviA64.sys
16:06:42.0385 5868  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130412.001\IDSviA64.sys - ok
16:06:42.0392 5868  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:06:42.0392 5868  C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys - ok
16:06:42.0399 5868  [ C5BCCB378D0A896304A3E71BE7215983 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:06:42.0400 5868  C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
16:06:42.0407 5868  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
16:06:42.0407 5868  C:\Windows\System32\drivers\discache.sys - ok
16:06:42.0414 5868  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
16:06:42.0414 5868  C:\Windows\System32\drivers\dfsc.sys - ok
16:06:42.0422 5868  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
16:06:42.0422 5868  C:\Windows\System32\drivers\blbdrive.sys - ok
16:06:42.0429 5868  [ E92A3DA47BED7CC65D264235617ED46E ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
16:06:42.0429 5868  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys - ok
16:06:42.0437 5868  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
16:06:42.0437 5868  C:\Windows\System32\drivers\tunnel.sys - ok
16:06:42.0444 5868  [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
16:06:42.0444 5868  C:\Windows\System32\drivers\intelppm.sys - ok
16:06:42.0452 5868  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
16:06:42.0452 5868  C:\Windows\System32\smss.exe - ok
16:06:42.0459 5868  [ 3556D5A8BF2CC508BDAB51DEC38D7C61 ] C:\Windows\System32\ntdll.dll
16:06:42.0459 5868  C:\Windows\System32\ntdll.dll - ok
16:06:42.0466 5868  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
16:06:42.0467 5868  C:\Windows\System32\autochk.exe - ok
16:06:42.0474 5868  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
16:06:42.0474 5868  C:\Windows\System32\clbcatq.dll - ok
16:06:42.0480 5868  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
16:06:42.0480 5868  C:\Windows\System32\psapi.dll - ok
16:06:42.0488 5868  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
16:06:42.0488 5868  C:\Windows\System32\user32.dll - ok
16:06:42.0494 5868  [ 2885A3C3148F725CDA0B4C593BA8F7CE ] C:\Windows\System32\urlmon.dll
16:06:42.0495 5868  C:\Windows\System32\urlmon.dll - ok
16:06:42.0502 5868  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
16:06:42.0502 5868  C:\Windows\System32\setupapi.dll - ok
16:06:42.0508 5868  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
16:06:42.0508 5868  C:\Windows\System32\Wldap32.dll - ok
16:06:42.0516 5868  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
16:06:42.0516 5868  C:\Windows\System32\comdlg32.dll - ok
16:06:42.0523 5868  [ 26E716ED95DC48CF6E5AC046089366AF ] C:\Windows\System32\shell32.dll
16:06:42.0523 5868  C:\Windows\System32\shell32.dll - ok
16:06:42.0529 5868  [ DFEAF0A1D98D397035012C8E28D1520F ] C:\Windows\System32\drivers\igdkmd64.sys
16:06:42.0529 5868  C:\Windows\System32\drivers\igdkmd64.sys - ok
16:06:42.0536 5868  [ AC90F3727BA33A2A90F8F93977829F63 ] C:\Windows\System32\drivers\nvBridge.kmd
16:06:42.0536 5868  C:\Windows\System32\drivers\nvBridge.kmd - ok
16:06:42.0544 5868  [ 5A9A416F77E98686079E4D7F90A55498 ] C:\Windows\System32\drivers\nvlddmkm.sys
16:06:42.0545 5868  C:\Windows\System32\drivers\nvlddmkm.sys - ok
16:06:42.0557 5868  [ D841F7629505EE542E26E5F0A4D20101 ] C:\Windows\System32\iertutil.dll
16:06:42.0557 5868  C:\Windows\System32\iertutil.dll - ok
16:06:42.0562 5868  [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
16:06:42.0562 5868  C:\Windows\System32\drivers\dxgkrnl.sys - ok
16:06:42.0570 5868  [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
16:06:42.0570 5868  C:\Windows\System32\drivers\dxgmms1.sys - ok
16:06:42.0576 5868  [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
16:06:42.0576 5868  C:\Windows\System32\drivers\hdaudbus.sys - ok
16:06:42.0584 5868  [ 42F05F980F164E084DB65B2E8CD8430F ] C:\Windows\System32\oleaut32.dll
16:06:42.0584 5868  C:\Windows\System32\oleaut32.dll - ok
16:06:42.0590 5868  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
16:06:42.0590 5868  C:\Windows\System32\rpcrt4.dll - ok
16:06:42.0599 5868  [ A91291136D1E70966645252F6B828711 ] C:\Windows\System32\drivers\usbport.sys
16:06:42.0599 5868  C:\Windows\System32\drivers\usbport.sys - ok
16:06:42.0605 5868  [ 81FB2216D3A60D1284455D511797DB3D ] C:\Windows\System32\drivers\usbuhci.sys
16:06:42.0605 5868  C:\Windows\System32\drivers\usbuhci.sys - ok
16:06:42.0612 5868  [ 7A6326D96D53048FDEC542DF23D875A0 ] C:\Windows\System32\kernel32.dll
16:06:42.0612 5868  C:\Windows\System32\kernel32.dll - ok
16:06:42.0620 5868  [ 63C8D74BED9F80F4DD0AA7A3101EB639 ] C:\Windows\System32\drivers\usbd.sys
16:06:42.0620 5868  C:\Windows\System32\drivers\usbd.sys - ok
16:06:42.0627 5868  [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
16:06:42.0627 5868  C:\Windows\System32\drivers\hidparse.sys - ok
16:06:42.0634 5868  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] C:\Windows\System32\drivers\TsUsbFlt.sys
16:06:42.0634 5868  C:\Windows\System32\drivers\TsUsbFlt.sys - ok
16:06:42.0641 5868  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
16:06:42.0641 5868  C:\Windows\System32\shlwapi.dll - ok
16:06:42.0649 5868  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] C:\Windows\System32\drivers\usbehci.sys
16:06:42.0649 5868  C:\Windows\System32\drivers\usbehci.sys - ok
16:06:42.0656 5868  [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
16:06:42.0656 5868  C:\Windows\System32\msvcrt.dll - ok
16:06:42.0663 5868  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
16:06:42.0663 5868  C:\Windows\System32\imm32.dll - ok
16:06:42.0670 5868  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] C:\Windows\System32\drivers\athrx.sys
16:06:42.0670 5868  C:\Windows\System32\drivers\athrx.sys - ok
16:06:42.0676 5868  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
16:06:42.0676 5868  C:\Windows\System32\lpk.dll - ok
16:06:42.0684 5868  [ 3D165C53E40236A68B7102D1A622D4E0 ] C:\Windows\System32\wininet.dll
16:06:42.0684 5868  C:\Windows\System32\wininet.dll - ok
16:06:42.0692 5868  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
16:06:42.0692 5868  C:\Windows\System32\drivers\vwifibus.sys - ok
16:06:42.0700 5868  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
16:06:42.0700 5868  C:\Windows\System32\sechost.dll - ok
16:06:42.0708 5868  [ 9C46A5421DE9D116C47155317CABB522 ] C:\Windows\System32\drivers\L1C62x64.sys
16:06:42.0708 5868  C:\Windows\System32\drivers\L1C62x64.sys - ok
16:06:42.0715 5868  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
16:06:42.0715 5868  C:\Windows\System32\ws2_32.dll - ok
16:06:42.0724 5868  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
16:06:42.0724 5868  C:\Windows\System32\ole32.dll - ok
16:06:42.0733 5868  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
16:06:42.0733 5868  C:\Windows\System32\drivers\i8042prt.sys - ok
16:06:42.0742 5868  [ E63EF8C3271D014F14E2469CE75FECB4 ] C:\Windows\System32\drivers\kbfiltr.sys
16:06:42.0742 5868  C:\Windows\System32\drivers\kbfiltr.sys - ok
16:06:42.0750 5868  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
16:06:42.0750 5868  C:\Windows\System32\drivers\kbdclass.sys - ok
16:06:42.0757 5868  [ 3C38648375B7F3988691F53A7AAE10A9 ] C:\Windows\System32\drivers\ETD.sys
16:06:42.0757 5868  C:\Windows\System32\drivers\ETD.sys - ok
16:06:42.0766 5868  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
16:06:42.0766 5868  C:\Windows\System32\advapi32.dll - ok
16:06:42.0772 5868  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
16:06:42.0773 5868  C:\Windows\System32\drivers\mouclass.sys - ok
16:06:42.0780 5868  [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
16:06:42.0780 5868  C:\Windows\System32\drivers\CmBatt.sys - ok
16:06:42.0787 5868  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
16:06:42.0787 5868  C:\Windows\System32\difxapi.dll - ok
16:06:42.0794 5868  [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
16:06:42.0794 5868  C:\Windows\System32\drivers\wmiacpi.sys - ok
16:06:42.0803 5868  [ 032D35C996F21D19A205A7C8F0B76F3C ] C:\Windows\System32\drivers\ATK64AMD.sys
16:06:42.0803 5868  C:\Windows\System32\drivers\ATK64AMD.sys - ok
16:06:42.0811 5868  [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
16:06:42.0811 5868  C:\Windows\System32\usp10.dll - ok
16:06:42.0819 5868  [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
16:06:42.0819 5868  C:\Windows\System32\drivers\CompositeBus.sys - ok
16:06:42.0827 5868  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
16:06:42.0827 5868  C:\Windows\System32\drivers\agilevpn.sys - ok
16:06:42.0832 5868  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
16:06:42.0833 5868  C:\Windows\System32\msctf.dll - ok
16:06:42.0839 5868  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
16:06:42.0839 5868  C:\Windows\System32\drivers\rasl2tp.sys - ok
16:06:42.0846 5868  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
16:06:42.0846 5868  C:\Windows\System32\drivers\ndistapi.sys - ok
16:06:42.0853 5868  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
16:06:42.0853 5868  C:\Windows\System32\normaliz.dll - ok
16:06:42.0865 5868  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
16:06:42.0865 5868  C:\Windows\System32\drivers\ndiswan.sys - ok
16:06:42.0870 5868  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
16:06:42.0870 5868  C:\Windows\System32\nsi.dll - ok
16:06:42.0876 5868  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
16:06:42.0876 5868  C:\Windows\System32\gdi32.dll - ok
16:06:42.0884 5868  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
16:06:42.0884 5868  C:\Windows\System32\drivers\raspppoe.sys - ok
16:06:42.0891 5868  [ B8509DCFCFD577F568BE4026BFD982C0 ] C:\Windows\System32\imagehlp.dll
16:06:42.0891 5868  C:\Windows\System32\imagehlp.dll - ok
16:06:42.0899 5868  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
16:06:42.0900 5868  C:\Windows\System32\drivers\raspptp.sys - ok
16:06:42.0907 5868  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
16:06:42.0907 5868  C:\Windows\System32\cfgmgr32.dll - ok
16:06:42.0914 5868  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
16:06:42.0914 5868  C:\Windows\System32\comctl32.dll - ok
16:06:42.0922 5868  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
16:06:42.0922 5868  C:\Windows\System32\drivers\rassstp.sys - ok
16:06:42.0929 5868  [ EB3F9C2DE1236B5D46B2291D82970E43 ] C:\Windows\System32\wintrust.dll
16:06:42.0929 5868  C:\Windows\System32\wintrust.dll - ok
16:06:42.0937 5868  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
16:06:42.0937 5868  C:\Windows\System32\drivers\ks.sys - ok
16:06:42.0944 5868  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
16:06:42.0944 5868  C:\Windows\System32\drivers\swenum.sys - ok
16:06:42.0952 5868  [ 3F9F2AFA135F0663946A006DD5FFD897 ] C:\Windows\System32\crypt32.dll
16:06:42.0952 5868  C:\Windows\System32\crypt32.dll - ok
16:06:42.0961 5868  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
16:06:42.0961 5868  C:\Windows\System32\drivers\umbus.sys - ok
16:06:42.0969 5868  [ DA68C291B4EF2DEC9C5963266BCAE454 ] C:\Windows\System32\KernelBase.dll
16:06:42.0969 5868  C:\Windows\System32\KernelBase.dll - ok
16:06:42.0981 5868  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
16:06:42.0981 5868  C:\Windows\System32\devobj.dll - ok
16:06:42.0988 5868  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
16:06:42.0988 5868  C:\Windows\System32\msasn1.dll - ok
16:06:42.0995 5868  [ 4C9042B8DF86C1E8E6240C218B99B39B ] C:\Windows\System32\drivers\usbhub.sys
16:06:42.0995 5868  C:\Windows\System32\drivers\usbhub.sys - ok
16:06:43.0003 5868  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
16:06:43.0003 5868  C:\Windows\SysWOW64\normaliz.dll - ok
16:06:43.0011 5868  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
16:06:43.0011 5868  C:\Windows\System32\drivers\ndproxy.sys - ok
16:06:43.0020 5868  [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
16:06:43.0020 5868  C:\Windows\System32\drivers\drmk.sys - ok
16:06:43.0027 5868  [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
16:06:43.0027 5868  C:\Windows\System32\drivers\portcls.sys - ok
16:06:43.0035 5868  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] C:\Windows\System32\drivers\nvhda64v.sys
16:06:43.0035 5868  C:\Windows\System32\drivers\nvhda64v.sys - ok
16:06:43.0042 5868  [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
16:06:43.0042 5868  C:\Windows\System32\drivers\ksthunk.sys - ok
16:06:43.0049 5868  [ CCEDD47ABD068C58C8513DEB785093BB ] C:\Windows\System32\drivers\RTKVHD64.sys
16:06:43.0050 5868  C:\Windows\System32\drivers\RTKVHD64.sys - ok
16:06:43.0058 5868  [ B26AFB54A534D634523C4FB66765B026 ] C:\Windows\System32\drivers\usbccgp.sys
16:06:43.0058 5868  C:\Windows\System32\drivers\usbccgp.sys - ok
16:06:43.0066 5868  [ 685FEC2407FC121EB937CB658B3C0F35 ] C:\Windows\System32\drivers\hidclass.sys
16:06:43.0066 5868  C:\Windows\System32\drivers\hidclass.sys - ok
16:06:43.0073 5868  [ B3BF6B5B50006DEF50B66306D99FCF6F ] C:\Windows\System32\drivers\hidusb.sys
16:06:43.0073 5868  C:\Windows\System32\drivers\hidusb.sys - ok
16:06:43.0080 5868  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
16:06:43.0080 5868  C:\Windows\System32\drivers\dxapi.sys - ok
16:06:43.0085 5868  [ F7755E762C67E2AFF6087AB5D2CE7A7A ] C:\Windows\System32\win32k.sys
16:06:43.0086 5868  C:\Windows\System32\win32k.sys - ok
16:06:43.0092 5868  [ BECBD7CD46776B8739EE18061F45A581 ] C:\Windows\System32\drivers\LEqdUsb.sys
16:06:43.0092 5868  C:\Windows\System32\drivers\LEqdUsb.sys - ok
16:06:43.0099 5868  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] C:\Windows\System32\drivers\kbdhid.sys
16:06:43.0099 5868  C:\Windows\System32\drivers\kbdhid.sys - ok
16:06:43.0106 5868  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
16:06:43.0106 5868  C:\Windows\System32\drivers\mouhid.sys - ok
16:06:43.0113 5868  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
16:06:43.0113 5868  C:\Windows\System32\csrss.exe - ok
16:06:43.0120 5868  [ 21D6BD7D62C270059EB8E2B1D4095880 ] C:\Windows\System32\drivers\LHidEqd.sys
16:06:43.0120 5868  C:\Windows\System32\drivers\LHidEqd.sys - ok
16:06:43.0127 5868  [ B6552D382FF070B4ED34CBD6737277C0 ] C:\Windows\System32\drivers\LHidFilt.Sys
16:06:43.0127 5868  C:\Windows\System32\drivers\LHidFilt.Sys - ok
16:06:43.0135 5868  [ 73C1F563AB73D459DFFE682D66476558 ] C:\Windows\System32\drivers\LMouFilt.Sys
16:06:43.0135 5868  C:\Windows\System32\drivers\LMouFilt.Sys - ok
16:06:43.0142 5868  [ 001CC10FA5E71AE1119115E126C8750D ] C:\Windows\System32\drivers\stream.sys
16:06:43.0142 5868  C:\Windows\System32\drivers\stream.sys - ok
16:06:43.0149 5868  [ 1CDADE078F46F10919F21E08E22D227D ] C:\Windows\System32\drivers\sncduvc.sys
16:06:43.0150 5868  C:\Windows\System32\drivers\sncduvc.sys - ok
16:06:43.0156 5868  [ A415C67B40DFB903ACCC1D40FBEE3269 ] C:\Windows\System32\drivers\snp2uvc.sys
16:06:43.0156 5868  C:\Windows\System32\drivers\snp2uvc.sys - ok
16:06:43.0163 5868  [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
16:06:43.0163 5868  C:\Windows\System32\csrsrv.dll - ok
16:06:43.0171 5868  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
16:06:43.0171 5868  C:\Windows\System32\basesrv.dll - ok
16:06:43.0177 5868  [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\System32\winsrv.dll
16:06:43.0177 5868  C:\Windows\System32\winsrv.dll - ok
16:06:43.0185 5868  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] C:\Windows\System32\drivers\winusb.sys
16:06:43.0185 5868  C:\Windows\System32\drivers\winusb.sys - ok
16:06:43.0192 5868  [ CF8D590BE3373029D57AF80914190682 ] C:\Windows\System32\drivers\WUDFRd.sys
16:06:43.0192 5868  C:\Windows\System32\drivers\WUDFRd.sys - ok
16:06:43.0200 5868  [ 080D3820DA6C046BE82FC8B45A893E83 ] C:\Windows\System32\drivers\USBSTOR.SYS
16:06:43.0200 5868  C:\Windows\System32\drivers\USBSTOR.SYS - ok
16:06:43.0206 5868  [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
16:06:43.0207 5868  C:\Windows\System32\drivers\monitor.sys - ok
16:06:43.0213 5868  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
16:06:43.0213 5868  C:\Windows\System32\tsddd.dll - ok
16:06:43.0220 5868  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
16:06:43.0221 5868  C:\Windows\System32\sxssrv.dll - ok
16:06:43.0227 5868  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
16:06:43.0227 5868  C:\Windows\System32\wininit.exe - ok
16:06:43.0234 5868  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
16:06:43.0234 5868  C:\Windows\System32\profapi.dll - ok
16:06:43.0241 5868  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
16:06:43.0241 5868  C:\Windows\System32\RpcRtRemote.dll - ok
16:06:43.0248 5868  [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
16:06:43.0248 5868  C:\Windows\System32\cdd.dll - ok
16:06:43.0254 5868  [ 0F5CD07A098D6A5989019CC377722989 ] C:\Windows\System32\KBDCA.DLL
16:06:43.0255 5868  C:\Windows\System32\KBDCA.DLL - ok
16:06:43.0261 5868  [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
16:06:43.0261 5868  C:\Windows\System32\KBDUS.DLL - ok
16:06:43.0269 5868  [ 283C64A094A763C2F3DE2C926AEAE8CD ] C:\Windows\System32\KBDCAN.DLL
16:06:43.0269 5868  C:\Windows\System32\KBDCAN.DLL - ok
16:06:43.0275 5868  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
16:06:43.0275 5868  C:\Windows\System32\WlS0WndH.dll - ok
16:06:43.0284 5868  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
16:06:43.0284 5868  C:\Windows\System32\sxs.dll - ok
16:06:43.0289 5868  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
16:06:43.0289 5868  C:\Windows\System32\winlogon.exe - ok
16:06:43.0296 5868  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
16:06:43.0296 5868  C:\Windows\System32\cryptbase.dll - ok
16:06:43.0303 5868  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
16:06:43.0303 5868  C:\Windows\System32\apphelp.dll - ok
16:06:43.0310 5868  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
16:06:43.0310 5868  C:\Windows\System32\services.exe - ok
16:06:43.0316 5868  [ 0793F40B9B8A1BDD266296409DBD91EA ] C:\Windows\System32\lsass.exe
16:06:43.0317 5868  C:\Windows\System32\lsass.exe - ok
16:06:43.0323 5868  [ 2A86E54B441AD41557F75DC5609B9793 ] C:\Windows\System32\sspicli.dll
16:06:43.0323 5868  C:\Windows\System32\sspicli.dll - ok
16:06:43.0330 5868  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
16:06:43.0330 5868  C:\Windows\System32\winsta.dll - ok
16:06:43.0334 5868  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
16:06:43.0334 5868  C:\Windows\System32\lsm.exe - ok
16:06:43.0341 5868  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
16:06:43.0341 5868  C:\Windows\System32\scext.dll - ok
16:06:43.0348 5868  [ D8A79180614C14F87DA1038FFEB56F71 ] C:\Windows\System32\sspisrv.dll
16:06:43.0348 5868  C:\Windows\System32\sspisrv.dll - ok
16:06:43.0355 5868  [ 9F84806B3991D338FFDFC4ECF86A6923 ] C:\Windows\System32\lsasrv.dll
16:06:43.0355 5868  C:\Windows\System32\lsasrv.dll - ok
16:06:43.0361 5868  [ 858DF0795CB5B4BACE0F33708925A414 ] C:\Windows\System32\secur32.dll
16:06:43.0362 5868  C:\Windows\System32\secur32.dll - ok
16:06:43.0369 5868  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
16:06:43.0369 5868  C:\Windows\System32\sysntfy.dll - ok
16:06:43.0375 5868  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
16:06:43.0376 5868  C:\Windows\System32\wmsgapi.dll - ok
16:06:43.0382 5868  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
16:06:43.0383 5868  C:\Windows\System32\samsrv.dll - ok
16:06:43.0390 5868  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
16:06:43.0390 5868  C:\Windows\System32\scesrv.dll - ok
16:06:43.0396 5868  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
16:06:43.0396 5868  C:\Windows\System32\cryptdll.dll - ok
16:06:43.0403 5868  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
16:06:43.0403 5868  C:\Windows\System32\srvcli.dll - ok
16:06:43.0410 5868  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
16:06:43.0410 5868  C:\Windows\System32\wevtapi.dll - ok
16:06:43.0418 5868  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
16:06:43.0418 5868  C:\Windows\System32\cngaudit.dll - ok
16:06:43.0424 5868  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
16:06:43.0424 5868  C:\Windows\System32\authz.dll - ok
16:06:43.0431 5868  [ E08926B4E52F92FF8852BECC0E2F358A ] C:\Windows\System32\ncrypt.dll
16:06:43.0431 5868  C:\Windows\System32\ncrypt.dll - ok
16:06:43.0438 5868  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
16:06:43.0438 5868  C:\Windows\System32\bcrypt.dll - ok
16:06:43.0445 5868  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
16:06:43.0445 5868  C:\Windows\System32\msprivs.dll - ok
16:06:43.0453 5868  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
16:06:43.0453 5868  C:\Windows\System32\netjoin.dll - ok
16:06:43.0460 5868  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
16:06:43.0460 5868  C:\Windows\System32\negoexts.dll - ok
16:06:43.0467 5868  [ 16ECE8BD6734CC170B9AE74176E89A9B ] C:\Windows\System32\kerberos.dll
16:06:43.0467 5868  C:\Windows\System32\kerberos.dll - ok
16:06:43.0474 5868  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
16:06:43.0474 5868  C:\Windows\System32\version.dll - ok
16:06:43.0481 5868  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
16:06:43.0481 5868  C:\Windows\System32\cryptsp.dll - ok
16:06:43.0488 5868  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
16:06:43.0488 5868  C:\Windows\System32\mswsock.dll - ok
16:06:43.0494 5868  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
16:06:43.0495 5868  C:\Windows\System32\wship6.dll - ok
16:06:43.0502 5868  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
16:06:43.0502 5868  C:\Windows\System32\msv1_0.dll - ok
16:06:43.0509 5868  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
16:06:43.0509 5868  C:\Windows\System32\netlogon.dll - ok
16:06:43.0516 5868  [ A52B6CC24063CC83C78C0E6F24DEEC01 ] C:\Windows\System32\dnsapi.dll
16:06:43.0516 5868  C:\Windows\System32\dnsapi.dll - ok
16:06:43.0522 5868  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
16:06:43.0522 5868  C:\Windows\System32\logoncli.dll - ok
16:06:43.0529 5868  [ A199DE544BF5C61C134B22C7592226FC ] C:\Windows\System32\schannel.dll
16:06:43.0529 5868  C:\Windows\System32\schannel.dll - ok
16:06:43.0536 5868  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
16:06:43.0537 5868  C:\Windows\System32\wdigest.dll - ok
16:06:43.0543 5868  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
16:06:43.0543 5868  C:\Windows\System32\rsaenh.dll - ok
16:06:43.0551 5868  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
16:06:43.0551 5868  C:\Windows\System32\TSpkg.dll - ok
16:06:43.0558 5868  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
16:06:43.0558 5868  C:\Windows\System32\pku2u.dll - ok
16:06:43.0565 5868  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
16:06:43.0565 5868  C:\Windows\System32\bcryptprimitives.dll - ok
16:06:43.0573 5868  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
16:06:43.0574 5868  C:\Windows\System32\efslsaext.dll - ok
16:06:43.0581 5868  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
16:06:43.0581 5868  C:\Windows\System32\credssp.dll - ok
16:06:43.0585 5868  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
16:06:43.0585 5868  C:\Windows\System32\ubpm.dll - ok
16:06:43.0593 5868  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
16:06:43.0593 5868  C:\Windows\System32\scecli.dll - ok
16:06:43.0602 5868  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
16:06:43.0602 5868  C:\Windows\System32\svchost.exe - ok
16:06:43.0610 5868  [ B806E50427511BCF4AD8E8239C3E25FA ] C:\Windows\System32\umpnpmgr.dll
16:06:43.0610 5868  C:\Windows\System32\umpnpmgr.dll - ok
16:06:43.0617 5868  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
16:06:43.0617 5868  C:\Windows\System32\SPInf.dll - ok
16:06:43.0624 5868  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
16:06:43.0624 5868  C:\Windows\System32\devrtl.dll - ok
16:06:43.0631 5868  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
16:06:43.0631 5868  C:\Windows\System32\userenv.dll - ok
16:06:43.0638 5868  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
16:06:43.0638 5868  C:\Windows\System32\gpapi.dll - ok
16:06:43.0645 5868  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
16:06:43.0645 5868  C:\Windows\System32\umpo.dll - ok
16:06:43.0652 5868  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
16:06:43.0652 5868  C:\Windows\System32\pcwum.dll - ok
16:06:43.0658 5868  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
16:06:43.0659 5868  C:\Windows\System32\powrprof.dll - ok
16:06:43.0667 5868  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
16:06:43.0667 5868  C:\Windows\System32\drivers\luafv.sys - ok
16:06:43.0673 5868  [ D3381DC54C34D79B22CEE0D65BA91B7C ] C:\Windows\System32\drivers\WUDFPf.sys
16:06:43.0674 5868  C:\Windows\System32\drivers\WUDFPf.sys - ok
16:06:43.0681 5868  [ 72545FE7BD0410E72D00B0029DAE3700 ] C:\Windows\System32\nvvsvc.exe
16:06:43.0681 5868  C:\Windows\System32\nvvsvc.exe - ok
16:06:43.0687 5868  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
16:06:43.0687 5868  C:\Windows\System32\rpcss.dll - ok
16:06:43.0694 5868  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
16:06:43.0694 5868  C:\Windows\System32\RpcEpMap.dll - ok
16:06:43.0701 5868  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
16:06:43.0701 5868  C:\Windows\System32\WSHTCPIP.DLL - ok
16:06:43.0708 5868  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
16:06:43.0708 5868  C:\Windows\System32\wshqos.dll - ok
16:06:43.0715 5868  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
16:06:43.0716 5868  C:\Windows\System32\FirewallAPI.dll - ok
16:06:43.0722 5868  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
16:06:43.0722 5868  C:\Windows\System32\LogonUI.exe - ok
16:06:43.0729 5868  [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
16:06:43.0729 5868  C:\Windows\System32\authui.dll - ok
16:06:43.0737 5868  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
16:06:43.0737 5868  C:\Windows\System32\cryptui.dll - ok
16:06:43.0744 5868  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
16:06:43.0744 5868  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
16:06:43.0752 5868  [ C4C4736DCE60276E9B0CB0FE3A848586 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
16:06:43.0752 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe - ok
16:06:43.0758 5868  [ D124F55B9393C976963407DFF51FFA79 ] C:\Windows\SysWOW64\ntdll.dll
16:06:43.0759 5868  C:\Windows\SysWOW64\ntdll.dll - ok
16:06:43.0765 5868  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
16:06:43.0766 5868  C:\Windows\System32\shacct.dll - ok
16:06:43.0772 5868  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
16:06:43.0772 5868  C:\Windows\System32\samlib.dll - ok
16:06:43.0778 5868  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
16:06:43.0779 5868  C:\Windows\System32\propsys.dll - ok
16:06:43.0786 5868  [ 098EF40B77F88148349AAEBFE38E87C7 ] C:\Windows\System32\wow64.dll
16:06:43.0786 5868  C:\Windows\System32\wow64.dll - ok
16:06:43.0792 5868  [ C742077774E78A388F11EC943AD717FC ] C:\Windows\System32\wow64win.dll
16:06:43.0793 5868  C:\Windows\System32\wow64win.dll - ok
16:06:43.0800 5868  [ 99F5AEDBA338CE63F047D86E07DA36F6 ] C:\Windows\System32\wow64cpu.dll
16:06:43.0800 5868  C:\Windows\System32\wow64cpu.dll - ok
16:06:43.0807 5868  [ E80758CF485DB142FCA1EE03A34EAD05 ] C:\Windows\SysWOW64\kernel32.dll
16:06:43.0807 5868  C:\Windows\SysWOW64\kernel32.dll - ok
16:06:43.0814 5868  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
16:06:43.0814 5868  C:\Windows\System32\uxtheme.dll - ok
16:06:43.0822 5868  [ 61EABC3358D869519D851B08C8FA512D ] C:\Windows\SysWOW64\KernelBase.dll
16:06:43.0822 5868  C:\Windows\SysWOW64\KernelBase.dll - ok
16:06:43.0829 5868  [ 497BFEDDAF3950DD909C3B0C5558A25D ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
16:06:43.0829 5868  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll - ok
16:06:43.0836 5868  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
16:06:43.0837 5868  C:\Windows\System32\dui70.dll - ok
16:06:43.0841 5868  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
16:06:43.0841 5868  C:\Windows\System32\duser.dll - ok
16:06:43.0848 5868  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
16:06:43.0849 5868  C:\Windows\System32\SndVolSSO.dll - ok
16:06:43.0855 5868  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
16:06:43.0856 5868  C:\Windows\System32\hid.dll - ok
16:06:43.0862 5868  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
16:06:43.0862 5868  C:\Windows\System32\MMDevAPI.dll - ok
16:06:43.0869 5868  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
16:06:43.0870 5868  C:\Windows\System32\dwmapi.dll - ok
16:06:43.0876 5868  [ F501ED858B3C0E66345A5917DA136603 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll
16:06:43.0877 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll - ok
16:06:43.0883 5868  [ 39F91A948E6017B732C4A0B3086A8E32 ] C:\Windows\System32\xmllite.dll
16:06:43.0884 5868  C:\Windows\System32\xmllite.dll - ok
16:06:43.0890 5868  [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
16:06:43.0890 5868  C:\Windows\System32\WindowsCodecs.dll - ok
16:06:43.0897 5868  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
16:06:43.0898 5868  C:\Windows\System32\winbrand.dll - ok
16:06:43.0904 5868  [ 8885B22BC859556E85A7FBC149D83CE4 ] C:\Program Files (x86)\Trusteer\Rapport\bin\TRF.dll
16:06:43.0905 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\TRF.dll - ok
16:06:43.0911 5868  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
16:06:43.0911 5868  C:\Windows\SysWOW64\psapi.dll - ok
16:06:43.0918 5868  [ 3110B389F690794B7EA54FE5EE3A2C1C ] C:\Program Files (x86)\ASUS\SmartLogon\system\FaceCredentialProvider64.dll
16:06:43.0918 5868  C:\Program Files (x86)\ASUS\SmartLogon\system\FaceCredentialProvider64.dll - ok
16:06:43.0925 5868  [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
16:06:43.0925 5868  C:\Windows\SysWOW64\msvcrt.dll - ok
16:06:43.0933 5868  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
16:06:43.0933 5868  C:\Windows\SysWOW64\version.dll - ok
16:06:43.0940 5868  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
16:06:43.0940 5868  C:\Windows\SysWOW64\user32.dll - ok
16:06:43.0947 5868  [ 764908FE1FA96F93C95B1B67A0FCED29 ] C:\Windows\System32\netapi32.dll
16:06:43.0948 5868  C:\Windows\System32\netapi32.dll - ok
16:06:43.0954 5868  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
16:06:43.0954 5868  C:\Windows\System32\netutils.dll - ok
16:06:43.0961 5868  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
16:06:43.0961 5868  C:\Windows\System32\wkscli.dll - ok
16:06:43.0968 5868  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
16:06:43.0968 5868  C:\Windows\SysWOW64\gdi32.dll - ok
16:06:43.0978 5868  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
16:06:43.0978 5868  C:\Windows\System32\samcli.dll - ok
16:06:43.0985 5868  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
16:06:43.0986 5868  C:\Windows\SysWOW64\lpk.dll - ok
16:06:43.0992 5868  [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
16:06:43.0992 5868  C:\Windows\SysWOW64\usp10.dll - ok
16:06:43.0999 5868  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
16:06:44.0000 5868  C:\Windows\System32\wtsapi32.dll - ok
16:06:44.0006 5868  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
16:06:44.0006 5868  C:\Windows\SysWOW64\advapi32.dll - ok
16:06:44.0013 5868  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
16:06:44.0013 5868  C:\Windows\System32\VaultCredProvider.dll - ok
16:06:44.0025 5868  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
16:06:44.0025 5868  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
16:06:44.0029 5868  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
16:06:44.0030 5868  C:\Windows\SysWOW64\sechost.dll - ok
16:06:44.0037 5868  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
16:06:44.0037 5868  C:\Windows\SysWOW64\rpcrt4.dll - ok
16:06:44.0044 5868  [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
16:06:44.0044 5868  C:\Windows\System32\BioCredProv.dll - ok
16:06:44.0051 5868  [ 7224D964A6D657374C551C878EB2C386 ] C:\Windows\SysWOW64\sspicli.dll
16:06:44.0051 5868  C:\Windows\SysWOW64\sspicli.dll - ok
16:06:44.0057 5868  [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
16:06:44.0057 5868  C:\Windows\System32\winbio.dll - ok
16:06:44.0065 5868  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
16:06:44.0066 5868  C:\Windows\SysWOW64\cryptbase.dll - ok
16:06:44.0072 5868  [ 16AB4BD2ACC52109F43739BF0E89E18F ] C:\Windows\SysWOW64\shell32.dll
16:06:44.0072 5868  C:\Windows\SysWOW64\shell32.dll - ok
16:06:44.0079 5868  [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
16:06:44.0079 5868  C:\Windows\System32\credui.dll - ok
16:06:44.0086 5868  [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
16:06:44.0086 5868  C:\Windows\System32\vaultcli.dll - ok
16:06:44.0090 5868  [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
16:06:44.0090 5868  C:\Windows\System32\certCredProvider.dll - ok
16:06:44.0097 5868  [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
16:06:44.0098 5868  C:\Windows\System32\rasplap.dll - ok
16:06:44.0105 5868  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
16:06:44.0105 5868  C:\Windows\System32\rasapi32.dll - ok
16:06:44.0112 5868  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
16:06:44.0112 5868  C:\Windows\System32\rasman.dll - ok
16:06:44.0119 5868  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
16:06:44.0119 5868  C:\Windows\System32\rtutils.dll - ok
16:06:44.0126 5868  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
16:06:44.0126 5868  C:\Windows\SysWOW64\shlwapi.dll - ok
16:06:44.0133 5868  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\Program Files (x86)\Trusteer\Rapport\bin\msvcr80.dll
16:06:44.0133 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\msvcr80.dll - ok
16:06:44.0141 5868  [ 0029EBA325F2FC9B6BA46BEE33F32A09 ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
16:06:44.0141 5868  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll - ok
16:06:44.0148 5868  [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
16:06:44.0149 5868  C:\Windows\System32\oleacc.dll - ok
16:06:44.0155 5868  [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
16:06:44.0155 5868  C:\Windows\System32\UIAutomationCore.dll - ok
16:06:44.0161 5868  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
16:06:44.0161 5868  C:\Windows\SysWOW64\ole32.dll - ok
16:06:44.0169 5868  [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
16:06:44.0169 5868  C:\Windows\System32\msimg32.dll - ok
16:06:44.0176 5868  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
16:06:44.0176 5868  C:\Windows\SysWOW64\ws2_32.dll - ok
16:06:44.0183 5868  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
16:06:44.0183 5868  C:\Windows\SysWOW64\wtsapi32.dll - ok
16:06:44.0189 5868  [ 454E292861A4EF1D72F43F42BBAF6917 ] C:\Windows\SysWOW64\crypt32.dll
16:06:44.0190 5868  C:\Windows\SysWOW64\crypt32.dll - ok
16:06:44.0196 5868  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
16:06:44.0196 5868  C:\Windows\SysWOW64\nsi.dll - ok
16:06:44.0203 5868  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
16:06:44.0204 5868  C:\Windows\SysWOW64\msasn1.dll - ok
16:06:44.0210 5868  [ 028D74F61952756C9DFFF7969162BB39 ] C:\Windows\SysWOW64\oleaut32.dll
16:06:44.0210 5868  C:\Windows\SysWOW64\oleaut32.dll - ok
16:06:44.0218 5868  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\Program Files (x86)\Trusteer\Rapport\bin\msvcp80.dll
16:06:44.0219 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\msvcp80.dll - ok
16:06:44.0226 5868  [ A8CE0C7F1D37E0B8082608A148B6B976 ] C:\Windows\SysWOW64\secur32.dll
16:06:44.0226 5868  C:\Windows\SysWOW64\secur32.dll - ok
16:06:44.0235 5868  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
16:06:44.0235 5868  C:\Windows\SysWOW64\userenv.dll - ok
16:06:44.0243 5868  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
16:06:44.0243 5868  C:\Windows\SysWOW64\profapi.dll - ok
16:06:44.0251 5868  [ 5553611E2F9EA6F613079177F1233068 ] C:\Windows\SysWOW64\wininet.dll
16:06:44.0251 5868  C:\Windows\SysWOW64\wininet.dll - ok
16:06:44.0258 5868  [ EB8A00E8E9931A7EC04F920B09D880D8 ] C:\Windows\SysWOW64\iertutil.dll
16:06:44.0259 5868  C:\Windows\SysWOW64\iertutil.dll - ok
16:06:44.0267 5868  [ 9FAC0F6D5F3D922DB294E30CD3F62369 ] C:\Windows\SysWOW64\urlmon.dll
16:06:44.0268 5868  C:\Windows\SysWOW64\urlmon.dll - ok
16:06:44.0274 5868  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
16:06:44.0274 5868  C:\Windows\SysWOW64\wsock32.dll - ok
16:06:44.0280 5868  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
16:06:44.0281 5868  C:\Windows\SysWOW64\imm32.dll - ok
16:06:44.0288 5868  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
16:06:44.0288 5868  C:\Windows\SysWOW64\msctf.dll - ok
16:06:44.0295 5868  [ 0CE4D3BD306DA6D1F6F233C403F5B667 ] C:\Windows\SysWOW64\msi.dll
16:06:44.0295 5868  C:\Windows\SysWOW64\msi.dll - ok
16:06:44.0304 5868  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
16:06:44.0305 5868  C:\Windows\SysWOW64\cryptsp.dll - ok
16:06:44.0311 5868  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
16:06:44.0311 5868  C:\Windows\SysWOW64\rsaenh.dll - ok
16:06:44.0318 5868  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
16:06:44.0318 5868  C:\Windows\SysWOW64\ntmarta.dll - ok
16:06:44.0326 5868  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
16:06:44.0326 5868  C:\Windows\SysWOW64\Wldap32.dll - ok
16:06:44.0333 5868  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
16:06:44.0333 5868  C:\Windows\SysWOW64\winsta.dll - ok
16:06:44.0340 5868  [ 2088D9994332583EDB3C561DE31EA5AD ] C:\Windows\SysWOW64\ntoskrnl.exe
16:06:44.0340 5868  C:\Windows\SysWOW64\ntoskrnl.exe - ok
16:06:44.0345 5868  [ 8CE1A6D16B9077E91E192499EB611C5F ] C:\Windows\SysWOW64\netapi32.dll
16:06:44.0345 5868  C:\Windows\SysWOW64\netapi32.dll - ok
16:06:44.0353 5868  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
16:06:44.0353 5868  C:\Windows\SysWOW64\netutils.dll - ok
16:06:44.0359 5868  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
16:06:44.0360 5868  C:\Windows\SysWOW64\srvcli.dll - ok
16:06:44.0367 5868  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
16:06:44.0367 5868  C:\Windows\SysWOW64\wkscli.dll - ok
16:06:44.0374 5868  [ 65592E61FCE7551917D5A66C1EAB1D38 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll.data
16:06:44.0374 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll.data - ok
16:06:44.0382 5868  [ A8D80CABBBD30AB5258FAE5821B5D2EC ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
16:06:44.0382 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll - ok
16:06:44.0389 5868  [ EE8ACC5B14B10898B2A6932775395E24 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll.data
16:06:44.0389 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll.data - ok
16:06:44.0396 5868  [ 34203F2B7B23E189F5ECCF161F752E31 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll
16:06:44.0396 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll - ok
16:06:44.0404 5868  [ B89262DFCC5F567B73DFF55917A9A9E7 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll.data
16:06:44.0405 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll.data - ok
16:06:44.0412 5868  [ 84EDBC10F7BFBFC70BCC57CE8583742B ] C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll
16:06:44.0412 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll - ok
16:06:44.0419 5868  [ FD45F85E265B0BFDB19540AE0AACD650 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll.data
16:06:44.0419 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll.data - ok
16:06:44.0426 5868  [ EA1CB2B08253B240FA86988A8413E235 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll
16:06:44.0426 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll - ok
16:06:44.0434 5868  [ C1E9AAF3FC0FFB5EDB8795F02E1A2EFA ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll.data
16:06:44.0434 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll.data - ok
16:06:44.0441 5868  [ 3D9C52F96ABAE8E6E67620FE7DD7DB67 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll
16:06:44.0441 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll - ok
16:06:44.0449 5868  [ FD3C6F477ED5B6DA22AD473336DEDCCF ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll.data
16:06:44.0449 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll.data - ok
16:06:44.0456 5868  [ EE55F0156F1EA75A47374F5639983E22 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll
16:06:44.0456 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll - ok
16:06:44.0465 5868  [ 355129539881BCA4311EE32E79A99D67 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll
16:06:44.0465 5868  C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll - ok
16:06:44.0472 5868  [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
16:06:44.0472 5868  C:\Windows\SysWOW64\oleacc.dll - ok
16:06:44.0479 5868  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll
16:06:44.0479 5868  C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll - ok
16:06:44.0488 5868  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll
16:06:44.0488 5868  C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll - ok
16:06:44.0495 5868  [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll
16:06:44.0495 5868  C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll - ok
16:06:44.0503 5868  [ B00E9442B0BFE13C5ED2E5A07C20AEEC ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll
16:06:44.0503 5868  C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll - ok
16:06:44.0511 5868  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll
16:06:44.0511 5868  C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll - ok
16:06:44.0519 5868  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll
16:06:44.0519 5868  C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll - ok
16:06:44.0526 5868  [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll
16:06:44.0527 5868  C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll - ok
16:06:44.0535 5868  [ 81437FFE4702EEC19CE44E37929EC1F9 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll
16:06:44.0535 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll - ok
16:06:44.0541 5868  [ 2D0D2DA87BEA7144F2A17F19D0D17E4C ] C:\Windows\SysWOW64\wintrust.dll
16:06:44.0542 5868  C:\Windows\SysWOW64\wintrust.dll - ok
16:06:44.0549 5868  [ 1557FADD7DECA8C54AAB360EC125DB41 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
16:06:44.0549 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll - ok
16:06:44.0556 5868  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll
16:06:44.0557 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll - ok
16:06:44.0564 5868  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll
16:06:44.0564 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll - ok
16:06:44.0572 5868  [ 8DDCC5CB606133D914430841CAD180FA ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
16:06:44.0572 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll - ok
16:06:44.0579 5868  [ B7E3E9D97C0E11EEA30C8B305A38B087 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB.dll
16:06:44.0579 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\RapportVB.dll - ok
16:06:44.0587 5868  [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
16:06:44.0587 5868  C:\Windows\SysWOW64\comdlg32.dll - ok
16:06:44.0591 5868  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
16:06:44.0591 5868  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
16:06:44.0599 5868  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\msvcp80.dll
16:06:44.0599 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\msvcp80.dll - ok
16:06:44.0607 5868  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\msvcr80.dll
16:06:44.0607 5868  C:\ProgramData\Trusteer\Rapport\store\exts\RapportVB\baseline\msvcr80.dll - ok
16:06:44.0614 5868  [ B170C933C71C439AE44DD0865B01D04D ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll
16:06:44.0615 5868  C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll - ok
16:06:44.0623 5868  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll
16:06:44.0623 5868  C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll - ok
16:06:44.0633 5868  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll
16:06:44.0633 5868  C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll - ok
16:06:44.0642 5868  [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll
16:06:44.0642 5868  C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll - ok
16:06:44.0650 5868  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
16:06:44.0650 5868  C:\Windows\System32\wevtsvc.dll - ok
16:06:44.0657 5868  [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
16:06:44.0657 5868  C:\Windows\System32\audiosrv.dll - ok
16:06:44.0664 5868  [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
16:06:44.0664 5868  C:\Windows\System32\mmcss.dll - ok
16:06:44.0671 5868  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
16:06:44.0671 5868  C:\Windows\System32\avrt.dll - ok
16:06:44.0677 5868  [ 5C78838B4D166D1A27DB3A8A820C799A ] C:\Windows\System32\profsvc.dll
16:06:44.0677 5868  C:\Windows\System32\profsvc.dll - ok
16:06:44.0685 5868  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
16:06:44.0685 5868  C:\Windows\System32\wlansvc.dll - ok
16:06:44.0692 5868  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
16:06:44.0692 5868  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
16:06:44.0699 5868  [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
16:06:44.0699 5868  C:\Windows\System32\audiodg.exe - ok
16:06:44.0706 5868  [ 80E69670BDA10F32A941BA7358E33012 ] C:\Windows\System32\WUDFPlatform.dll
16:06:44.0706 5868  C:\Windows\System32\WUDFPlatform.dll - ok
16:06:44.0713 5868  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
16:06:44.0713 5868  C:\Windows\System32\adtschema.dll - ok
16:06:44.0720 5868  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
16:06:44.0720 5868  C:\Windows\System32\ntmarta.dll - ok
16:06:44.0727 5868  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
16:06:44.0727 5868  C:\Windows\System32\gpsvc.dll - ok
16:06:44.0734 5868  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
16:06:44.0734 5868  C:\Windows\System32\netprofm.dll - ok
16:06:44.0741 5868  [ 2DF36F15B2BC1571A6A542A3C2107920 ] C:\Windows\System32\nlaapi.dll
16:06:44.0741 5868  C:\Windows\System32\nlaapi.dll - ok
16:06:44.0749 5868  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
16:06:44.0749 5868  C:\Windows\System32\drivers\fltMgr.sys - ok
16:06:44.0756 5868  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
16:06:44.0757 5868  C:\Windows\System32\atl.dll - ok
16:06:44.0764 5868  [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
16:06:44.0764 5868  C:\Windows\System32\themeservice.dll - ok
16:06:44.0771 5868  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
16:06:44.0771 5868  C:\Windows\System32\MPSSVC.dll - ok
16:06:44.0777 5868  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
16:06:44.0777 5868  C:\Windows\System32\dsrole.dll - ok
16:06:44.0784 5868  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
16:06:44.0785 5868  C:\Windows\System32\slc.dll - ok
16:06:44.0791 5868  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
16:06:44.0791 5868  C:\Windows\System32\UXInit.dll - ok
16:06:44.0799 5868  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
16:06:44.0799 5868  C:\Windows\System32\PSHED.DLL - ok
16:06:44.0805 5868  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
16:06:44.0805 5868  C:\Windows\System32\es.dll - ok
16:06:44.0812 5868  [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
16:06:44.0812 5868  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
16:06:44.0819 5868  [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
16:06:44.0820 5868  C:\Windows\System32\comres.dll - ok
16:06:44.0826 5868  [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
16:06:44.0826 5868  C:\Windows\System32\Sens.dll - ok
16:06:44.0833 5868  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
16:06:44.0833 5868  C:\Windows\System32\uxsms.dll - ok
16:06:44.0840 5868  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
16:06:44.0840 5868  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
16:06:44.0845 5868  [ 3A50489C017292386C1C6CF6EB283F23 ] C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
16:06:44.0845 5868  C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE - ok
16:06:44.0852 5868  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
16:06:44.0852 5868  C:\Windows\System32\winmm.dll - ok
16:06:44.0859 5868  [ 7A95C95B6C4CF292D689106BCAE49543 ] C:\Windows\System32\WUDFSvc.dll
16:06:44.0859 5868  C:\Windows\System32\WUDFSvc.dll - ok
16:06:44.0866 5868  [ 59DF156711A76BCB993253EC6C9BBF41 ] C:\Windows\SysWOW64\dnsapi.dll
16:06:44.0867 5868  C:\Windows\SysWOW64\dnsapi.dll - ok
16:06:44.0873 5868  [ D7F82B30ED318E591E27C9C323846DD5 ] C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
16:06:44.0873 5868  C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe - ok
16:06:44.0880 5868  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
16:06:44.0881 5868  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
16:06:44.0888 5868  [ 45D629AAF007A0DED6689A7A031D2AC7 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
16:06:44.0888 5868  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - ok
16:06:44.0895 5868  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
16:06:44.0895 5868  C:\Windows\SysWOW64\winnsi.dll - ok
16:06:44.0903 5868  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
16:06:44.0903 5868  C:\Windows\SysWOW64\msimg32.dll - ok
16:06:44.0909 5868  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
16:06:44.0909 5868  C:\Windows\SysWOW64\rasapi32.dll - ok
16:06:44.0917 5868  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
16:06:44.0917 5868  C:\Windows\System32\imageres.dll - ok
16:06:44.0923 5868  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
16:06:44.0924 5868  C:\Windows\SysWOW64\winspool.drv - ok
16:06:44.0930 5868  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
16:06:44.0931 5868  C:\Windows\SysWOW64\rasman.dll - ok
16:06:44.0937 5868  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
16:06:44.0937 5868  C:\Windows\SysWOW64\rtutils.dll - ok
16:06:44.0944 5868  [ D0FF1CA89D013B94768A289023958F6B ] C:\Windows\System32\WUDFHost.exe
16:06:44.0944 5868  C:\Windows\System32\WUDFHost.exe - ok
16:06:44.0951 5868  [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
16:06:44.0951 5868  C:\Windows\SysWOW64\samcli.dll - ok
16:06:44.0958 5868  [ 6F91D8D79FCF30B17F45DCCAD4273BED ] C:\Windows\System32\nvsvc64.dll
16:06:44.0958 5868  C:\Windows\System32\nvsvc64.dll - ok
16:06:44.0965 5868  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
16:06:44.0965 5868  C:\Windows\System32\winspool.drv - ok
16:06:44.0974 5868  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
16:06:44.0974 5868  C:\Windows\SysWOW64\uxtheme.dll - ok
16:06:44.0982 5868  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
16:06:44.0982 5868  C:\Windows\SysWOW64\clbcatq.dll - ok
16:06:44.0989 5868  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
16:06:44.0989 5868  C:\Windows\SysWOW64\SensApi.dll - ok
16:06:44.0996 5868  [ EE7ADC41B8DC76C1B7140C51BDD52B2D ] C:\Windows\System32\nvapi64.dll
16:06:44.0996 5868  C:\Windows\System32\nvapi64.dll - ok
16:06:45.0003 5868  [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
16:06:45.0003 5868  C:\Windows\System32\oledlg.dll - ok
16:06:45.0010 5868  [ B4D0D2F098C7A68385560DF4551551CA ] C:\Windows\SysWOW64\quartz.dll
16:06:45.0010 5868  C:\Windows\SysWOW64\quartz.dll - ok
16:06:45.0021 5868  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
16:06:45.0021 5868  C:\Windows\System32\IPHLPAPI.DLL - ok
16:06:45.0028 5868  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
16:06:45.0028 5868  C:\Windows\System32\winnsi.dll - ok
16:06:45.0036 5868  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
16:06:45.0036 5868  C:\Windows\SysWOW64\winmm.dll - ok
16:06:45.0042 5868  [ 0805289E121F3E3C458C970B08314EB2 ] C:\Windows\System32\RtkCfg64.dll
16:06:45.0043 5868  C:\Windows\System32\RtkCfg64.dll - ok
16:06:45.0050 5868  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
16:06:45.0050 5868  C:\Windows\SysWOW64\dwmapi.dll - ok
16:06:45.0056 5868  [ CC5BF60E9D3F181C0B62AC91AD8634B8 ] C:\Windows\SysWOW64\qcap.dll
16:06:45.0056 5868  C:\Windows\SysWOW64\qcap.dll - ok
16:06:45.0063 5868  [ 1950B1C38AED4154BA79F77E36494D8A ] C:\Windows\System32\WUDFx.dll
16:06:45.0063 5868  C:\Windows\System32\WUDFx.dll - ok
16:06:45.0070 5868  [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
16:06:45.0070 5868  C:\Windows\System32\AudioSes.dll - ok
16:06:45.0077 5868  [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
16:06:45.0077 5868  C:\Windows\SysWOW64\msvfw32.dll - ok
16:06:45.0085 5868  [ C97BBC1F50B859CD729DD8FED715CCB1 ] C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
16:06:45.0085 5868  C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll - ok
16:06:45.0091 5868  [ 93FC6137A37838125D386CC06AF0D615 ] C:\Windows\System32\RtkAPO64.dll
16:06:45.0091 5868  C:\Windows\System32\RtkAPO64.dll - ok
16:06:45.0096 5868  [ D816A1C40398CFC2D5C3B5F589EA5F7B ] C:\Windows\System32\nvsvcr.dll
16:06:45.0096 5868  C:\Windows\System32\nvsvcr.dll - ok
16:06:45.0103 5868  [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
16:06:45.0103 5868  C:\Windows\System32\PortableDeviceClassExtension.dll - ok
16:06:45.0109 5868  [ A3287F8EB6182FB060C818524C7D6A63 ] C:\Windows\System32\dxtrans.dll
16:06:45.0109 5868  C:\Windows\System32\dxtrans.dll - ok
16:06:45.0117 5868  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
16:06:45.0117 5868  C:\Windows\System32\PortableDeviceTypes.dll - ok
16:06:45.0123 5868  [ FD2031A7D5BBB95DC8A763D20B352A46 ] C:\Windows\System32\imgutil.dll
16:06:45.0124 5868  C:\Windows\System32\imgutil.dll - ok
16:06:45.0130 5868  [ 8AF921B8072B495E02E42825D7D3AEC2 ] C:\Windows\System32\WpdMtp.dll
16:06:45.0130 5868  C:\Windows\System32\WpdMtp.dll - ok
16:06:45.0138 5868  [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
16:06:45.0138 5868  C:\Windows\System32\AudioEng.dll - ok
16:06:45.0144 5868  [ 4938A4350327E1A5DEB0CD134AC1AAA3 ] C:\Windows\System32\ddrawex.dll
16:06:45.0145 5868  C:\Windows\System32\ddrawex.dll - ok
16:06:45.0152 5868  [ 8652C38F5028E1E987DAD6FBEF4DA55F ] C:\Windows\System32\WpdMtpUS.dll
16:06:45.0152 5868  C:\Windows\System32\WpdMtpUS.dll - ok
16:06:45.0159 5868  [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
16:06:45.0160 5868  C:\Windows\System32\ddraw.dll - ok
16:06:45.0167 5868  [ 5D0F03EEF3205F66ECFBE72A7CBBAD1F ] C:\Windows\System32\winusb.dll
16:06:45.0167 5868  C:\Windows\System32\winusb.dll - ok
16:06:45.0174 5868  [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
16:06:45.0174 5868  C:\Windows\System32\dciman32.dll - ok
16:06:45.0181 5868  [ 2F31597DA72FE328E1F7FEBF8548759C ] C:\Windows\System32\pngfilt.dll
16:06:45.0181 5868  C:\Windows\System32\pngfilt.dll - ok
16:06:45.0188 5868  [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
16:06:45.0189 5868  C:\Windows\System32\drivers\lltdio.sys - ok
16:06:45.0195 5868  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
16:06:45.0195 5868  C:\Windows\System32\drivers\nwifi.sys - ok
16:06:45.0202 5868  [ F41831D2A3D6E2152525EA3F75316ACD ] C:\Windows\System32\wpd_ci.dll
16:06:45.0203 5868  C:\Windows\System32\wpd_ci.dll - ok
16:06:45.0209 5868  [ 894611A2264EE383F14C67660CE1D0F2 ] C:\Windows\System32\dispci.dll
16:06:45.0209 5868  C:\Windows\System32\dispci.dll - ok
16:06:45.0216 5868  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
16:06:45.0216 5868  C:\Windows\System32\drivers\ndisuio.sys - ok
16:06:45.0223 5868  [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
16:06:45.0223 5868  C:\Windows\System32\wdi.dll - ok
16:06:45.0229 5868  [ 25E5C2C674002B2ECC1EF0EC978CF206 ] C:\Windows\System32\nvcod164.dll
16:06:45.0230 5868  C:\Windows\System32\nvcod164.dll - ok
16:06:45.0237 5868  [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
16:06:45.0237 5868  C:\Windows\System32\drivers\rspndr.sys - ok
16:06:45.0244 5868  [ 295657F93F6B19DEEA804048E1CB4FF9 ] C:\Windows\System32\lz32.dll
16:06:45.0244 5868  C:\Windows\System32\lz32.dll - ok
16:06:45.0251 5868  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
16:06:45.0251 5868  C:\Windows\System32\nsisvc.dll - ok
16:06:45.0257 5868  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
16:06:45.0258 5868  C:\Windows\System32\lmhsvc.dll - ok
16:06:45.0264 5868  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
16:06:45.0264 5868  C:\Windows\System32\keyiso.dll - ok
16:06:45.0271 5868  [ CD55F5355D8F55D44C9F4ED875705BD6 ] C:\Windows\System32\dnsrslvr.dll
16:06:45.0272 5868  C:\Windows\System32\dnsrslvr.dll - ok
16:06:45.0279 5868  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
16:06:45.0279 5868  C:\Windows\System32\eapsvc.dll - ok
16:06:45.0286 5868  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
16:06:45.0286 5868  C:\Windows\System32\nrpsrv.dll - ok
16:06:45.0292 5868  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
16:06:45.0293 5868  C:\Windows\System32\FWPUCLNT.DLL - ok
16:06:45.0300 5868  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
16:06:45.0300 5868  C:\Windows\System32\dhcpcore.dll - ok
16:06:45.0306 5868  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
16:06:45.0307 5868  C:\Windows\System32\dnsext.dll - ok
16:06:45.0313 5868  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
16:06:45.0314 5868  C:\Windows\System32\eapphost.dll - ok
16:06:45.0321 5868  [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
16:06:45.0321 5868  C:\Windows\System32\dhcpcore6.dll - ok
16:06:45.0327 5868  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
16:06:45.0327 5868  C:\Windows\System32\dhcpcsvc.dll - ok
16:06:45.0335 5868  [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
16:06:45.0335 5868  C:\Windows\System32\dhcpcsvc6.dll - ok
16:06:45.0342 5868  [ 6A1B51F414E2F83ECC2B9AFA0121FEF6 ] C:\Windows\System32\sysclass.dll
16:06:45.0342 5868  C:\Windows\System32\sysclass.dll - ok
16:06:45.0347 5868  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
16:06:45.0347 5868  C:\Windows\System32\umb.dll - ok
16:06:45.0354 5868  [ 7FDF18E7A5E552A52A3DE24EA62BF23B ] C:\Windows\System32\mmci.dll
16:06:45.0354 5868  C:\Windows\System32\mmci.dll - ok
16:06:45.0361 5868  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
16:06:45.0361 5868  C:\Windows\System32\wlanmsm.dll - ok
16:06:45.0368 5868  [ 64D6AD700DDF182038BA4CDA8D97E272 ] C:\Windows\System32\mmcico.dll
16:06:45.0368 5868  C:\Windows\System32\mmcico.dll - ok
16:06:45.0375 5868  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
16:06:45.0375 5868  C:\Windows\System32\wlansec.dll - ok
16:06:45.0382 5868  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
16:06:45.0382 5868  C:\Windows\System32\onex.dll - ok
16:06:45.0388 5868  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
16:06:45.0389 5868  C:\Windows\System32\dllhost.exe - ok
16:06:45.0395 5868  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
16:06:45.0395 5868  C:\Windows\System32\eappprxy.dll - ok
16:06:45.0403 5868  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
16:06:45.0404 5868  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
16:06:45.0411 5868  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
16:06:45.0411 5868  C:\Windows\System32\eappcfg.dll - ok
16:06:45.0418 5868  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
16:06:45.0418 5868  C:\Windows\System32\IDStore.dll - ok
16:06:45.0425 5868  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
16:06:45.0425 5868  C:\Windows\System32\wlgpclnt.dll - ok
16:06:45.0432 5868  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
16:06:45.0432 5868  C:\Windows\System32\l2gpstore.dll - ok
16:06:45.0438 5868  [ B54EEA10775929CCE3127FF48180878A ] C:\Windows\System32\nvhdagenco6420103.dll
16:06:45.0439 5868  C:\Windows\System32\nvhdagenco6420103.dll - ok
16:06:45.0445 5868  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
16:06:45.0445 5868  C:\Windows\System32\wlanutil.dll - ok
16:06:45.0452 5868  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
16:06:45.0452 5868  C:\Windows\System32\WinSCard.dll - ok
16:06:45.0459 5868  [ 5C29199C9F0EDE64F17F268084EC4392 ] C:\Windows\System32\msxml6.dll
16:06:45.0459 5868  C:\Windows\System32\msxml6.dll - ok
16:06:45.0466 5868  [ BDE8E4A243B2F6C8E8F864F03F1C9DCE ] C:\Windows\System32\nvcohda6.dll
16:06:45.0466 5868  C:\Windows\System32\nvcohda6.dll - ok
16:06:45.0473 5868  [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] C:\Windows\System32\FBAgent.exe
16:06:45.0473 5868  C:\Windows\System32\FBAgent.exe - ok
16:06:45.0480 5868  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
16:06:45.0480 5868  C:\Windows\System32\netcfgx.dll - ok
16:06:45.0487 5868  [ CF6850A72BEB4845A3BFFB3F5E8014B2 ] C:\Windows\System32\pdh.dll
16:06:45.0488 5868  C:\Windows\System32\pdh.dll - ok
16:06:45.0494 5868  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
16:06:45.0494 5868  C:\Windows\System32\drivers\vwifimp.sys - ok
16:06:45.0501 5868  [ 18E5C2F937F9DEB8C282DF66A3761925 ] C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
16:06:45.0502 5868  C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe - ok
16:06:45.0508 5868  [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] C:\Program Files\ATKGFNEX\ASMMAP64.sys
16:06:45.0509 5868  C:\Program Files\ATKGFNEX\ASMMAP64.sys - ok
16:06:45.0516 5868  [ 7C157574A181B19B9DCF5F339E25337E ] C:\Program Files\ATKGFNEX\GFNEXSrv.exe
16:06:45.0516 5868  C:\Program Files\ATKGFNEX\GFNEXSrv.exe - ok
16:06:45.0523 5868  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
16:06:45.0523 5868  C:\Windows\SysWOW64\apphelp.dll - ok
16:06:45.0529 5868  [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
16:06:45.0529 5868  C:\Windows\System32\shsvcs.dll - ok
16:06:45.0537 5868  [ 25306651A6252E8E84CB4B0E73E551AA ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
16:06:45.0537 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe - ok
16:06:45.0545 5868  [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
16:06:45.0545 5868  C:\Windows\System32\schedsvc.dll - ok
16:06:45.0553 5868  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
16:06:45.0553 5868  C:\Windows\System32\ktmw32.dll - ok
16:06:45.0560 5868  [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
16:06:45.0560 5868  C:\Windows\System32\taskcomp.dll - ok
16:06:45.0566 5868  [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
16:06:45.0567 5868  C:\Windows\System32\fveapi.dll - ok
16:06:45.0574 5868  [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
16:06:45.0574 5868  C:\Windows\System32\tbs.dll - ok
16:06:45.0580 5868  [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
16:06:45.0581 5868  C:\Windows\System32\fvecerts.dll - ok
16:06:45.0587 5868  [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
16:06:45.0587 5868  C:\Windows\System32\taskeng.exe - ok
16:06:45.0594 5868  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
16:06:45.0594 5868  C:\Windows\System32\drivers\http.sys - ok
16:06:45.0599 5868  [ E601860AA04CE2198DBC6AC2AF80AFF7 ] C:\Windows\System32\perfos.dll
16:06:45.0599 5868  C:\Windows\System32\perfos.dll - ok
16:06:45.0606 5868  [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
16:06:45.0606 5868  C:\Windows\System32\wiarpc.dll - ok
16:06:45.0612 5868  [ B96C17B5DC1424D56EEA3A99E97428CD ] C:\Windows\System32\spoolsv.exe
16:06:45.0612 5868  C:\Windows\System32\spoolsv.exe - ok
16:06:45.0619 5868  [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
16:06:45.0619 5868  C:\Windows\System32\TSChannel.dll - ok
16:06:45.0626 5868  [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
16:06:45.0626 5868  C:\Windows\System32\taskhost.exe - ok
16:06:45.0633 5868  [ 50D28F3F8B7C17056520C80A29EFE17C ] C:\Windows\System32\lpksetup.exe
16:06:45.0633 5868  C:\Windows\System32\lpksetup.exe - ok
16:06:45.0640 5868  [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
16:06:45.0640 5868  C:\Windows\System32\AtBroker.exe - ok
16:06:45.0647 5868  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
16:06:45.0647 5868  C:\Windows\System32\mpr.dll - ok
16:06:45.0655 5868  [ 2BA3C1B040FA5C83C78D25DB36B57710 ] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
16:06:45.0655 5868  C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll - ok
16:06:45.0668 5868  [ 069E22DD49A1A962AEE3B7DCE2DC4A50 ] C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
16:06:45.0668 5868  C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe - ok
16:06:45.0674 5868  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
16:06:45.0674 5868  C:\Windows\System32\userinit.exe - ok
16:06:45.0681 5868  [ 6369F960C28A16F4502C480EEDE3652C ] C:\Windows\System32\dpx.dll
16:06:45.0681 5868  C:\Windows\System32\dpx.dll - ok
16:06:45.0688 5868  [ E208FE3B69BF7D8BDCFC3C7284476CF6 ] C:\Windows\System32\nvcpl.dll
16:06:45.0688 5868  C:\Windows\System32\nvcpl.dll - ok
16:06:45.0695 5868  [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
16:06:45.0695 5868  C:\Windows\System32\PlaySndSrv.dll - ok
16:06:45.0702 5868  [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
16:06:45.0702 5868  C:\Windows\System32\dwm.exe - ok
16:06:45.0709 5868  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
16:06:45.0709 5868  C:\Windows\System32\MsCtfMonitor.dll - ok
16:06:45.0716 5868  [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
16:06:45.0717 5868  C:\Windows\System32\dwmredir.dll - ok
16:06:45.0723 5868  [ AC4C51EB24AA95B77F705AB159189E24 ] C:\Windows\explorer.exe
16:06:45.0723 5868  C:\Windows\explorer.exe - ok
16:06:45.0730 5868  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
16:06:45.0731 5868  C:\Windows\System32\msutb.dll - ok
16:06:45.0737 5868  [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
16:06:45.0737 5868  C:\Windows\System32\dwmcore.dll - ok
16:06:45.0744 5868  [ 10FB16B50AFFDA6D44588F3C445DC273 ]%2



#7 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 03:34 PM

This doesn't want to post the whole thing so I'll attach if you say so....  here's the part you said to c&p . 

 

 

============================================================
16:09:14.0620 5580  Scan finished
16:09:14.0620 5580  ============================================================
16:09:14.0635 5584  Detected object count: 7
16:09:14.0635 5584  Actual detected object count: 7
16:09:21.0389 5584  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:21.0389 5584  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:21.0390 5584  Boonty Games ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:21.0390 5584  Boonty Games ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:21.0392 5584  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:21.0393 5584  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:21.0397 5584  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:21.0397 5584  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:21.0400 5584  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:21.0400 5584  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:21.0403 5584  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:21.0403 5584  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:21.0407 5584  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:09:21.0407 5584  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:09:29.0211 1000  Deinitialize success
 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 14 April 2013 - 04:01 PM


Hello baymerlou


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo





I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 04:04 PM

thanks gringo.. here's the report from the Malwarebytes scan and clean;

 

==============================================

 

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 1.339000 GHz
Memory total: 4258291712, free: 2291572736

------------ Kernel report ------------
     04/14/2013 16:14:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\96959736.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys
\SystemRoot\System32\Drivers\NAVx64\1309010.00E\SRTSP64.SYS
\SystemRoot\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS
\SystemRoot\system32\drivers\NAVx64\1309010.00E\SRTSPX64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20130413.016\ENG64.SYS
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130412.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800a0c4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a0\
Lower Device Object: 0xfffffa80077c6780
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c34530
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80046f5050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.14.06
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c34530, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c35040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c34530, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003cf5e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046f5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a010d68d10, 0xfffffa8004c34530, 0xfffffa800ba20090
Lower DeviceData: 0xfffff8a014827840, 0xfffffa80046f5050, 0xfffffa800bac2860
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76692CA8

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 30714232

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30716280  Numsec = 244188000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 274904280  Numsec = 701863785

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800a0c4060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006d61670, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a0c4060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80077c6780, DeviceName: \Device\000000a0\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0195df130, 0xfffffa800a0c4060, 0xfffffa800ba98090
Lower DeviceData: 0xfffff8a0194dd130, 0xfffffa80077c6780, 0xfffffa800b53e090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16AAAAC7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> [Trojan.Vundo]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0} --> [Trojan.Vundo]
Infected: c:\Users\Deb Laptop\AppData\Local\Temp\Vid-Saver-rs.exe --> [Adware.GamePlayLabs]
Infected: HKCU\SOFTWARE\Trymedia Systems --> [Adware.TryMedia]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 1.339000 GHz
Memory total: 4258291712, free: 3027091456

Removal queue found; removal started
Removing c:\Users\Deb Laptop\AppData\Local\Temp\Vid-Saver-rs.exe...
Removal finished
=======================================
 



#10 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 04:20 PM

ok here's the log of AdwCleaner

 

On this most recent reboot Firefox took even longer to load and it stalled in a 'not responding' stance for a while, about 1 minute or 2.   I see instances of that Delta were still lurking, hopefully all this will clean that crap out of my system for good.

 

==================================

 

# AdwCleaner v2.200 - Logfile created 04/14/2013 at 17:10:54
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Deb Laptop - DEB-LAPTOP-PC
# Boot Mode : Normal
# Running from : C:\Users\Deb Laptop\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\searchplugins\delta.xml
File Deleted : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\searchplugins\searchbrowsing.xml
File Deleted : C:\Users\DEBLAP~1\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\MyWebSearch
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Deb Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\Deb Laptop\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Deb Laptop\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Deb Laptop\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Deb Laptop\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Deb Laptop\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Deb Laptop\AppData\Roaming\iWin
Folder Deleted : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\Conduit
Folder Deleted : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\ConduitEngine
Folder Deleted : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\jetpack
Folder Deleted : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\WinampToolbarData
Folder Deleted : C:\Users\Deb Laptop\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\DEBLAP~1\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\5f68c8ab63ae848
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1700389
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5f68c8ab63ae848
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=40BC485B390AD84C --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchbrowsing.com/?uid=3cf2f846aae5da1e4786ae9ad02d5d75&pid=100&v=1 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\prefs.js

C:\Users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\user.js ... Deleted !

Deleted : user_pref("CT1098640..clientLogIsEnabled", true);
Deleted : user_pref("CT1098640..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1098640..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1098640.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1098640.AppTrackingLastCheckTime", "Sun Mar 27 2011 23:20:56 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT1098640.CTID", "CT1098640");
Deleted : user_pref("CT1098640.CommunitiesChangesLastCheckTime", "Sun Mar 27 2011 23:20:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1098640.CommunityChanged", true);
Deleted : user_pref("CT1098640.CurrentServerDate", "28-3-2011");
Deleted : user_pref("CT1098640.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1098640.DialogsGetterLastCheckTime", "Sun Mar 27 2011 23:20:47 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT1098640.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1098640.DownloadDomainsListLastCheckTime", "Sun Mar 27 2011 23:20:45 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1098640.DownloadDomainsListLastServerUpdateTime", "1201073583");
Deleted : user_pref("CT1098640.DownloadReferralCookieData", "");
Deleted : user_pref("CT1098640.FeedLastCount128295885701037994", 0);
Deleted : user_pref("CT1098640.FeedPollDate128295885701037994", "Sun Mar 27 2011 23:20:46 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1098640.FirstServerDate", "5-3-2011");
Deleted : user_pref("CT1098640.FirstTime", true);
Deleted : user_pref("CT1098640.FirstTimeFF3", true);
Deleted : user_pref("CT1098640.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1098640.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1098640.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1098640.HasUserGlobalKeys", true);
Deleted : user_pref("CT1098640.Initialize", true);
Deleted : user_pref("CT1098640.InitializeCommonPrefs", true);
Deleted : user_pref("CT1098640.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT1098640.InstalledDate", "Sat Mar 05 2011 10:43:13 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT1098640.InvalidateCache", false);
Deleted : user_pref("CT1098640.IsGrouping", false);
Deleted : user_pref("CT1098640.IsMulticommunity", true);
Deleted : user_pref("CT1098640.IsOpenThankYouPage", false);
Deleted : user_pref("CT1098640.IsOpenUninstallPage", true);
Deleted : user_pref("CT1098640.LanguagePackLastCheckTime", "Sun Mar 27 2011 23:20:47 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT1098640.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1098640.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1098640.LastLogin_2.5.6.0", "Sat Mar 05 2011 10:43:15 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1098640.LastLogin_3.3.3.2", "Sun Mar 27 2011 23:20:47 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1098640.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT1098640.Locale", "en-us");
Deleted : user_pref("CT1098640.LoginCache", 4);
Deleted : user_pref("CT1098640.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1098640.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1098640.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1098640.RadioIsPodcast", false);
Deleted : user_pref("CT1098640.RadioLastCheckTime", "Sun Mar 27 2011 23:20:46 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1098640.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1098640.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT1098640.RadioMediaID", "4817804");
Deleted : user_pref("CT1098640.RadioMediaType", "Media Player");
Deleted : user_pref("CT1098640.RadioMenuSelectedID", "EBRadioMenu_CT10986404817804");
Deleted : user_pref("CT1098640.RadioStationName", "Adult%20Alternative");
Deleted : user_pref("CT1098640.RadioStationURL", "hxxp://syndication.choiceradio.com/asxplay/asx-music/406.asx[...]
Deleted : user_pref("CT1098640.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1098640.SavedHomepage", "chrome://speeddial/content/speeddial.xul");
Deleted : user_pref("CT1098640.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1098640.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1098640.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT109[...]
Deleted : user_pref("CT1098640.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1098640.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1098640.SearchInNewTabLastCheckTime", "Sun Mar 27 2011 23:20:48 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT1098640.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1098640.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1098640.ServiceMapLastCheckTime", "Sun Mar 27 2011 23:20:45 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT1098640.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1098640.SettingsLastCheckTime", "Sun Mar 27 2011 23:20:46 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT1098640.SettingsLastUpdate", "1297856523");
Deleted : user_pref("CT1098640.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1098640.ThirdPartyComponentsLastCheck", "Sun Mar 27 2011 23:20:45 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT1098640.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT1098640.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1098640");
Deleted : user_pref("CT1098640.UserID", "UN06845389025137882");
Deleted : user_pref("CT1098640.WeatherNetwork", "");
Deleted : user_pref("CT1098640.WeatherPollDate", "Sat Mar 05 2011 10:43:17 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT1098640.WeatherUnit", "C");
Deleted : user_pref("CT1098640.clientLogIsEnabled", true);
Deleted : user_pref("CT1098640.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1098640.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT1098640.globalFirstTimeInfoLastCheckTime", "Sun Mar 27 2011 23:20:47 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1098640.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1098640.myStuffEnabled", true);
Deleted : user_pref("CT1098640.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1098640.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1098640.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1098640.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1098640.oldAppsList", "200,128333897468069547,128295879817444167,128295979035569280,128[...]
Deleted : user_pref("CT1098640.testingCtid", "");
Deleted : user_pref("CT1098640.toolbarAppMetaDataLastCheckTime", "Sun Mar 27 2011 23:20:47 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1098640.toolbarContextMenuLastCheckTime", "Sun Mar 27 2011 23:20:47 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1098640.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT1700389.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1700389.CT1703508.CommunityChanged", true);
Deleted : user_pref("CT1700389.CT1703532.CommunityChanged", true);
Deleted : user_pref("CT1700389.CT1703539.CommunityChanged", true);
Deleted : user_pref("CT1700389.CT1703544.CommunityChanged", true);
Deleted : user_pref("CT1700389.CT1703548.CommunityChanged", true);
Deleted : user_pref("CT1700389.CTID", "CT1700389");
Deleted : user_pref("CT1700389.CommunitiesChangesLastCheckTime", "Sat Sep 25 2010 10:11:17 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1700389.CommunityChanged", true);
Deleted : user_pref("CT1700389.CurrentServerDate", "25-9-2010");
Deleted : user_pref("CT1700389.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1700389.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1700389.DownloadDomainsListLastCheckTime", "Thu Sep 23 2010 18:03:08 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1700389.DownloadDomainsListLastServerUpdateTime", "1201073583");
Deleted : user_pref("CT1700389.DownloadReferralCookieData", "");
Deleted : user_pref("CT1700389.EMailNotifierPollDate", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT1700389.FeedLastCount128491938150862572", 468);
Deleted : user_pref("CT1700389.FeedPollDate128763355875137803", "Thu Sep 23 2010 18:03:09 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763356097638018", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763356222169378", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763356772169656", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763356922168881", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763357141387910", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763358174356670", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763358378888162", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763358813731428", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763359039981926", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763359203575264", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763359372794293", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763359763731872", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763360041543951", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate128763360326700728", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate129091015757496686", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedPollDate129235662726843848", "Thu Sep 23 2010 18:03:09 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT1700389.FeedTTL128763356097638018", 5);
Deleted : user_pref("CT1700389.FeedTTL128763356222169378", 10);
Deleted : user_pref("CT1700389.FeedTTL128763356772169656", 10);
Deleted : user_pref("CT1700389.FeedTTL128763357141387910", 5);
Deleted : user_pref("CT1700389.FeedTTL128763359763731872", 5);
Deleted : user_pref("CT1700389.FeedTTL128763360326700728", 60);
Deleted : user_pref("CT1700389.FirstServerDate", "24-9-2010");
Deleted : user_pref("CT1700389.FirstTime", true);
Deleted : user_pref("CT1700389.FirstTimeFF3", true);
Deleted : user_pref("CT1700389.FirstTimeSettingsDone", true);
Deleted : user_pref("CT1700389.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1700389.GroupingLastCheckTime", "Sat Sep 25 2010 10:11:17 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT1700389.GroupingLastErrorCode", "");
Deleted : user_pref("CT1700389.GroupingLastResponse", true);
Deleted : user_pref("CT1700389.GroupingLastServerUpdateTime", "129278345265330000");
Deleted : user_pref("CT1700389.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1700389.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1700389.Initialize", true);
Deleted : user_pref("CT1700389.InitializeCommonPrefs", true);
Deleted : user_pref("CT1700389.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT1700389.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT1700389.InstalledDate", "Thu Sep 23 2010 18:03:08 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT1700389.InvalidateCache", false);
Deleted : user_pref("CT1700389.IsGrouping", true);
Deleted : user_pref("CT1700389.IsMulticommunity", true);
Deleted : user_pref("CT1700389.IsOpenThankYouPage", true);
Deleted : user_pref("CT1700389.IsOpenUninstallPage", true);
Deleted : user_pref("CT1700389.LanguagePackLastCheckTime", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT1700389.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1700389.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1700389.LastLogin_2.6.0.15", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1700389.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT1700389.Locale", "en-us");
Deleted : user_pref("CT1700389.LoginCache", 4);
Deleted : user_pref("CT1700389.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1700389.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1700389.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1700389.RadioIsPodcast", false);
Deleted : user_pref("CT1700389.RadioLastCheckTime", "Sat Sep 25 2010 10:11:18 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1700389.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1700389.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT1700389.RadioMediaID", "9816740");
Deleted : user_pref("CT1700389.RadioMediaType", "Media Player");
Deleted : user_pref("CT1700389.RadioMenuSelectedID", "EBRadioMenu_CT17003899816740");
Deleted : user_pref("CT1700389.RadioStationName", "KABC%20");
Deleted : user_pref("CT1700389.RadioStationURL", "hxxp://citadelcc-kabc-am.wm.llnwd.net/citadelcc_KABC_AM");
Deleted : user_pref("CT1700389.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1700389.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1700389.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1700389.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT170[...]
Deleted : user_pref("CT1700389.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1700389.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1700389.SearchInNewTabLastCheckTime", "Sat Sep 25 2010 10:11:17 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT1700389.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1700389.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1700389.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1700389.SettingsLastCheckTime", "Sat Sep 25 2010 10:11:17 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT1700389.SettingsLastUpdate", "1283353726");
Deleted : user_pref("CT1700389.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1700389.ThirdPartyComponentsLastCheck", "Thu Sep 23 2010 18:03:07 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT1700389.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT1700389.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT1700389.Uninstall", true);
Deleted : user_pref("CT1700389.UserID", "UN72339871402653854");
Deleted : user_pref("CT1700389.WeatherNetwork", "");
Deleted : user_pref("CT1700389.WeatherPollDate", "Sat Sep 25 2010 10:11:19 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT1700389.WeatherUnit", "C");
Deleted : user_pref("CT1700389.clientLogIsEnabled", false);
Deleted : user_pref("CT1700389.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1700389.myStuffEnabled", true);
Deleted : user_pref("CT1700389.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1700389.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1700389.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1700389.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1700389.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1098640");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/5747/5719/CA", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/CA", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1098640", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1098640",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1098640/CT1098640[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/equalizer_de[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/minimize.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/play.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/stop.gif", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Poppy/vol.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1700389,CT1098640,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1700389,CT1098640");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 09 2011 08:00:48 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 29 2011 09:19:53 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Mar 28 2011 16:39:58 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "c13150a5-8b22-4c35-9c74-e1d421de8697");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Mar 27 2011 23:20:46 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "ee098b28-5a37-4bef-ba42-ae5a65865f9e");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1098640");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Mar 29 2011 09:19:53 GMT-0400 (Eastern Dayl[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Mar 09 2011 08:00:50 GMT-0500 (Eastern St[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/09/2011 16");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 09 2011 08:00:50 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Mar 09 2011 08:00:50 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Wed Mar 09 2011 08:00:50 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 09 2011 08:00:49 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("ConduitEngine.UserID", "UN44499234322180226");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Mar 09 2011 08:00:50 GMT-0500 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Mar 09 2011 08:00:50 GMT-0500 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Deleted : user_pref("avg.install.userHPSettings", "hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mnt[...]
Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "free-downloads.net Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&Sea[...]
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "40bc2649000000000000485b390ad84c");
Deleted : user_pref("extensions.delta.instlDay", "15805");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1616:39:41");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
Deleted : user_pref("extensions.speeddial.thumbnail-6-url", "hxxps://mail.google.com/mail/?shva=1#inbox");
Deleted : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "1");
Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "0");
Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
Deleted : user_pref("winamp_toolbar.metrics.originalDate", "21");
Deleted : user_pref("winamp_toolbar.metrics.originalHours", "21");
Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "13");
Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "9");
Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "55");
Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
Deleted : user_pref("winamp_toolbar.search.searchtype", "web");
Deleted : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
Deleted : user_pref("winamp_toolbar.winamp.appversion", "1");
Deleted : user_pref("winamp_toolbar.winamp.artist", "");
Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.volume", "0");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Deb Laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.31] : keyword = "searchbrowsing.com",
Deleted [l.34] : search_url = "hxxp://www.searchbrowsing.com/search/?uid=3cf2f846aae5da1e4786ae9ad02d5d75&o=1&[...]
Deleted [l.1372] : homepage = "hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrId=40BC485B390AD84C",
Deleted [l.1675] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?affID=121845&babsrc=HP_ss&mntrI[...]

*************************

AdwCleaner[S1].txt - [38581 octets] - [14/04/2013 17:10:54]

########## EOF - C:\AdwCleaner[S1].txt - [38642 octets] ##########
 



#11 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 04:28 PM

Ok,,, getting faster, FF not lagging this round.

 

Here's the log of RogueKiller

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Deb Laptop [Admin rights]
Mode : Remove -- Date : 04/14/2013 17:26:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 secure.tune-up.com
127.0.0.1 sendblaster.com
127.0.0.1 www.sendblaster.com
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 0cd6ad52f5165f1aee84dad147ddf121
[BSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30716280 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 274904280 | Size: 342706 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04142013_02d1726.txt >>
RKreport[1]_S_04142013_02d1723.txt ; RKreport[2]_D_04142013_02d1726.txt


 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 14 April 2013 - 08:38 PM


Hello baymerlou

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had

  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 April 2013 - 09:44 PM

ComboFix 13-04-14.01 - Deb Laptop 14/04/2013  22:04:09.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4061.2089 [GMT -4:00]
Running from: c:\users\Deb Laptop\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Deb Laptop\g2mdlhlpx.exe
c:\users\Deb Laptop\GoToAssistDownloadHelper.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-15 to 2013-04-15  )))))))))))))))))))))))))))))))
.
.
2013-04-14 20:14 . 2013-04-14 20:14    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-13 23:41 . 2013-04-14 02:12    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\Hidden Objects DeadlyAssociation
2013-04-13 19:55 . 2013-04-13 19:55    26520    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-12 02:16 . 2013-04-12 02:16    --------    d-----w-    c:\windows\SysWow64\searchplugins
2013-04-12 02:16 . 2013-04-12 02:16    --------    d-----w-    c:\windows\SysWow64\Extensions
2013-04-12 00:33 . 2013-04-12 00:33    --------    d-----w-    c:\program files\Realtek
2013-04-12 00:33 . 2013-04-12 00:34    --------    d-----w-    c:\windows\SysWow64\RTCOM
2013-04-12 00:31 . 2012-01-30 15:43    836544    ----a-w-    c:\windows\system32\tadefxapo264.dll
2013-04-12 00:31 . 2012-01-10 14:20    65944    ----a-w-    c:\windows\system32\tepeqapo64.dll
2013-04-12 00:31 . 2011-03-17 16:17    1361336    ----a-w-    c:\windows\system32\tosade.dll
2013-04-12 00:31 . 2011-03-07 21:11    148416    ----a-w-    c:\windows\system32\tadefxapo.dll
2013-04-12 00:31 . 2013-03-26 18:38    1659464    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2013-04-12 00:31 . 2013-03-26 21:06    2797128    ----a-w-    c:\windows\system32\RtPgEx64.dll
2013-04-12 00:31 . 2011-12-20 19:32    331880    ----a-w-    c:\windows\system32\RtlCPAPI64.dll
2013-04-12 00:31 . 2013-03-30 01:42    3379272    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2013-04-12 00:31 . 2011-11-22 20:28    14952    ----a-w-    c:\windows\system32\RtkCoLDR64.dll
2013-04-12 00:31 . 2010-11-03 22:30    149608    ----a-w-    c:\windows\system32\RtkCfg64.dll
2013-04-12 00:30 . 2013-03-26 19:40    3693128    ----a-w-    c:\windows\system32\RtkAPO64.dll
2013-04-12 00:30 . 2013-03-12 22:16    613448    ----a-w-    c:\windows\system32\RtDataProc64.dll
2013-04-12 00:30 . 2013-02-19 22:52    991816    ----a-w-    c:\windows\system32\RtkApi64.dll
2013-04-12 00:30 . 2010-11-08 11:31    375128    ----a-w-    c:\windows\system32\RTEEP64A.dll
2013-04-12 00:30 . 2010-11-08 11:31    101208    ----a-w-    c:\windows\system32\RTEEL64A.dll
2013-04-12 00:30 . 2010-11-08 11:31    78680    ----a-w-    c:\windows\system32\RTEEG64A.dll
2013-04-12 00:30 . 2010-11-08 11:31    204120    ----a-w-    c:\windows\system32\RTEED64A.dll
2013-04-12 00:30 . 2013-02-20 22:55    1284680    ----a-w-    c:\windows\system32\RTCOM64.dll
2013-04-12 00:30 . 2010-11-08 11:31    310104    ----a-w-    c:\windows\system32\RP3DHT64.dll
2013-04-12 00:30 . 2010-11-08 11:31    310104    ----a-w-    c:\windows\system32\RP3DAA64.dll
2013-04-12 00:30 . 2013-03-27 20:57    135240    ----a-w-    c:\windows\system32\RCoInstII64.dll
2013-04-12 00:30 . 2013-03-26 21:04    2734624    ----a-w-    c:\windows\system32\FMAPO64.dll
2013-04-12 00:29 . 2012-06-20 21:26    110592    ----a-w-    c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-04-12 00:29 . 2012-03-08 15:47    108640    ----a-w-    c:\windows\system32\AERTAR64.dll
2013-04-12 00:29 . 2013-03-23 07:43    208072    ----a-w-    c:\windows\system32\AERTAC64.dll
2013-04-12 00:27 . 2005-11-14 03:19    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-04-11 23:36 . 2013-04-11 23:36    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-04-09 13:18 . 2013-04-09 13:18    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\TheInvisibleMan_v_1_0_0
2013-04-08 23:00 . 2013-04-08 23:00    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\Origaming Media
2013-04-08 23:00 . 2013-04-08 23:00    --------    d-----w-    c:\programdata\Origaming Media
2013-04-04 17:34 . 2013-04-05 01:35    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-03-31 20:08 . 2013-03-31 20:08    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\GreenSauceGames
2013-03-29 23:55 . 2013-03-29 23:55    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\bicyclestudios
2013-03-23 19:18 . 2013-03-23 19:18    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\STAHKM
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-09 13:09 . 2012-08-17 00:28    691592    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-09 13:09 . 2012-02-05 22:30    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 17:16 . 2012-12-08 15:56    236248    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-02-18 13:22 . 2013-02-18 13:22    31080    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-02-18 13:22 . 2013-02-18 13:22    1472360    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 13:22 . 2013-02-18 13:22    189288    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-01-16 20:02 . 2010-02-28 21:22    2079816    ----a-w-    c:\windows\RtlExUpd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"A73260CBE533D7E8F03B8E7523B9963D8C125B70._service_run"="c:\users\Deb Laptop\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-06 2904984]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-06 36760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-28 12862]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-24 1207312]
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe [2011-10-5 5385552]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-28 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 SuperMounter;SuperMounter; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-12 40448]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-02 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-05 503352]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2013-04-02 236248]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130412.001\IDSvia64.sys [2012-09-06 513184]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-04-09 586072]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-04-02 228600]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-04-02 357272]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-04-02 1124184]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-02-20 239176]
S2 SupThrSrv;Super Thruster Service;c:\esupport\SupThrSrv\SupThrSrv.exe [2009-09-04 80512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 13:09]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 16:39]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 16:39]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007218383-3813033219-3666941640-1001Core.job
- c:\users\Deb Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 01:49]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007218383-3813033219-3666941640-1001UA.job
- c:\users\Deb Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 01:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
IE: DiaryOne: Save full text - c:\program files (x86)\DiaryOne\Script\fullcatcher.htm
IE: DiaryOne: Save selected text - c:\program files (x86)\DiaryOne\Script\catcher.htm
IE: Download with Mipony - file://d:\##my games\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-sdApp.exe - c:\program files (x86)\ShoppingDaisy\sdApp.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-64445415.sys
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adaptec UDF Reader - c:\windows\system32\UDFRUNIN.EXE
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2013-04-14  22:30:28 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-15 02:30
.
Pre-Run: 15,183,679,488 bytes free
Post-Run: 16,564,563,968 bytes free
.
- - End Of File - - F7101200DA0578B42B413FDEF7E0E741

 

 

Computer seems to be running fine right now, I'll have to do some more surfing on FF to see if the lagging has stopped.  

 

I'll turn on all my services now, it's late and I'll post tomorrow after I've had some more time on the computer.

 

Thanks for all your help, it's awesome.    I've learned so much.   Next step will be assistance in learning why my husbands' laptop is so slow.   But that's for another thread and subject.  
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:37 AM

Posted 14 April 2013 - 10:08 PM


Hello baymerlou

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
      • let me know of any problems you may have had
        • How is the computer doing now after running the script?
      Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 baymerlou

baymerlou
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 April 2013 - 08:21 AM

ComboFix 13-04-14.01 - Deb Laptop 15/04/2013   7:23.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4061.2047 [GMT -4:00]
Running from: c:\users\Deb Laptop\Desktop\ComboFix.exe
Command switches used :: c:\users\Deb Laptop\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\Autorun.inf
I:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-15 to 2013-04-15  )))))))))))))))))))))))))))))))
.
.
2013-04-15 11:36 . 2013-04-15 11:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-15 11:36 . 2013-04-15 11:36    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-04-14 20:14 . 2013-04-14 20:14    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-13 23:41 . 2013-04-14 02:12    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\Hidden Objects DeadlyAssociation
2013-04-13 19:55 . 2013-04-13 19:55    26520    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-12 02:16 . 2013-04-12 02:16    --------    d-----w-    c:\windows\SysWow64\searchplugins
2013-04-12 02:16 . 2013-04-12 02:16    --------    d-----w-    c:\windows\SysWow64\Extensions
2013-04-12 00:33 . 2013-04-12 00:33    --------    d-----w-    c:\program files\Realtek
2013-04-12 00:33 . 2013-04-12 00:34    --------    d-----w-    c:\windows\SysWow64\RTCOM
2013-04-12 00:31 . 2012-01-30 15:43    836544    ----a-w-    c:\windows\system32\tadefxapo264.dll
2013-04-12 00:31 . 2012-01-10 14:20    65944    ----a-w-    c:\windows\system32\tepeqapo64.dll
2013-04-12 00:31 . 2011-03-17 16:17    1361336    ----a-w-    c:\windows\system32\tosade.dll
2013-04-12 00:31 . 2011-03-07 21:11    148416    ----a-w-    c:\windows\system32\tadefxapo.dll
2013-04-12 00:31 . 2013-03-26 18:38    1659464    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2013-04-12 00:31 . 2013-03-26 21:06    2797128    ----a-w-    c:\windows\system32\RtPgEx64.dll
2013-04-12 00:31 . 2011-12-20 19:32    331880    ----a-w-    c:\windows\system32\RtlCPAPI64.dll
2013-04-12 00:31 . 2013-03-30 01:42    3379272    ----a-w-    c:\windows\system32\drivers\RTKVHD64.sys
2013-04-12 00:31 . 2011-11-22 20:28    14952    ----a-w-    c:\windows\system32\RtkCoLDR64.dll
2013-04-12 00:31 . 2010-11-03 22:30    149608    ----a-w-    c:\windows\system32\RtkCfg64.dll
2013-04-12 00:30 . 2013-03-26 19:40    3693128    ----a-w-    c:\windows\system32\RtkAPO64.dll
2013-04-12 00:30 . 2013-03-12 22:16    613448    ----a-w-    c:\windows\system32\RtDataProc64.dll
2013-04-12 00:30 . 2013-02-19 22:52    991816    ----a-w-    c:\windows\system32\RtkApi64.dll
2013-04-12 00:30 . 2010-11-08 11:31    375128    ----a-w-    c:\windows\system32\RTEEP64A.dll
2013-04-12 00:30 . 2010-11-08 11:31    101208    ----a-w-    c:\windows\system32\RTEEL64A.dll
2013-04-12 00:30 . 2010-11-08 11:31    78680    ----a-w-    c:\windows\system32\RTEEG64A.dll
2013-04-12 00:30 . 2010-11-08 11:31    204120    ----a-w-    c:\windows\system32\RTEED64A.dll
2013-04-12 00:30 . 2013-02-20 22:55    1284680    ----a-w-    c:\windows\system32\RTCOM64.dll
2013-04-12 00:30 . 2010-11-08 11:31    310104    ----a-w-    c:\windows\system32\RP3DHT64.dll
2013-04-12 00:30 . 2010-11-08 11:31    310104    ----a-w-    c:\windows\system32\RP3DAA64.dll
2013-04-12 00:30 . 2013-03-27 20:57    135240    ----a-w-    c:\windows\system32\RCoInstII64.dll
2013-04-12 00:30 . 2013-03-26 21:04    2734624    ----a-w-    c:\windows\system32\FMAPO64.dll
2013-04-12 00:29 . 2012-06-20 21:26    110592    ----a-w-    c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-04-12 00:29 . 2012-03-08 15:47    108640    ----a-w-    c:\windows\system32\AERTAR64.dll
2013-04-12 00:29 . 2013-03-23 07:43    208072    ----a-w-    c:\windows\system32\AERTAC64.dll
2013-04-12 00:27 . 2005-11-14 03:19    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-04-11 23:36 . 2013-04-11 23:36    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-04-09 13:18 . 2013-04-09 13:18    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\TheInvisibleMan_v_1_0_0
2013-04-08 23:00 . 2013-04-08 23:00    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\Origaming Media
2013-04-08 23:00 . 2013-04-08 23:00    --------    d-----w-    c:\programdata\Origaming Media
2013-04-04 17:34 . 2013-04-05 01:35    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-03-31 20:08 . 2013-03-31 20:08    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\GreenSauceGames
2013-03-29 23:55 . 2013-03-29 23:55    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\bicyclestudios
2013-03-23 19:18 . 2013-03-23 19:18    --------    d-----w-    c:\users\Deb Laptop\AppData\Roaming\STAHKM
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-09 13:09 . 2012-08-17 00:28    691592    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-09 13:09 . 2012-02-05 22:30    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 17:16 . 2012-12-08 15:56    236248    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-02-18 13:22 . 2013-02-18 13:22    31080    ----a-w-    c:\windows\system32\nvhdap64.dll
2013-02-18 13:22 . 2013-02-18 13:22    1472360    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 13:22 . 2013-02-18 13:22    189288    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2013-01-16 20:02 . 2010-02-28 21:22    2079816    ----a-w-    c:\windows\RtlExUpd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"A73260CBE533D7E8F03B8E7523B9963D8C125B70._service_run"="c:\users\Deb Laptop\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-06 2904984]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-06 36760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-28 12862]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-24 1207312]
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe [2011-10-5 5385552]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-28 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 SuperMounter;SuperMounter; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-12 40448]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-02 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-05 503352]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2013-04-02 236248]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20130412.001\IDSvia64.sys [2012-09-06 513184]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-04-09 586072]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-04-02 228600]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-04-02 357272]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-04-02 1124184]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-02-20 239176]
S2 SupThrSrv;Super Thruster Service;c:\esupport\SupThrSrv\SupThrSrv.exe [2009-09-04 80512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [2013-02-19 175352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 13:09]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 16:39]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 16:39]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007218383-3813033219-3666941640-1001Core.job
- c:\users\Deb Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 01:49]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007218383-3813033219-3666941640-1001UA.job
- c:\users\Deb Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-09 01:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
IE: DiaryOne: Save full text - c:\program files (x86)\DiaryOne\Script\fullcatcher.htm
IE: DiaryOne: Save selected text - c:\program files (x86)\DiaryOne\Script\catcher.htm
IE: Download with Mipony - file://d:\##my games\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Deb Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\e12eaq74.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adaptec UDF Reader - c:\windows\system32\UDFRUNIN.EXE
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-15  07:42:53
ComboFix-quarantined-files.txt  2013-04-15 11:42
ComboFix2.txt  2013-04-15 02:30
.
Pre-Run: 15,204,151,296 bytes free
Post-Run: 15,126,917,120 bytes free
.
- - End Of File - - 2989E5CB89B3ABAE89223A03B0BFE65E

 

---------------------------

 

Computer seems to be fine, I'll have to do some surfing and reorganizing my fonts since they were all reset and of course turn on all my firewall and antivirus programs.   Thanks for your help, hope this is all my system needed, a little TLC.   :)   I'll post back in a little while to let you know an update.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users