Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio Bing advertisements running without a browser open


  • This topic is locked This topic is locked
23 replies to this topic

#1 jonknite

jonknite

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 27 June 2013 - 03:09 PM

They come and go randomly. Never any video, just sound.

 

DDS File Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 1.6.0_38
Run by Phyllis at 13:57:43 on 2013-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.1645 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\splwow64.exe
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\ptumlcmsvc64.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - 
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{18BD6029-83B9-4DBF-9A56-E40530AF6857} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{18BD6029-83B9-4DBF-9A56-E40530AF6857}\4627F67756C6C6 : DHCPNameServer = 65.175.128.46 65.175.128.47 192.168.1.1
TCP: Interfaces\{18BD6029-83B9-4DBF-9A56-E40530AF6857}\47D6F62696C656 : DHCPNameServer = 10.176.83.252 10.184.83.252
TCP: Interfaces\{3331F170-8F41-48C4-AE8C-A17CB703E73D} : DHCPNameServer = 66.174.95.44 66.174.71.33
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_38.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - a0495c1c-0dcc-4bd6-9e3c-557c88cf8ee5
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys [2011-10-11 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys [2011-10-11 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys [2011-10-11 561800]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130301.002\IDSviA64.sys [2013-3-1 513184]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-24 701512]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-5-12 65657]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;C:\Windows\System32\ptumlcmsvc64.exe [2011-7-8 134144]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2009-9-17 11576]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-10 139264]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-24 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-8 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PTUMLBUS;PTUML USB Composite Device Driver;C:\Windows\System32\drivers\PTUMLBUS.sys [2011-7-8 73616]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;C:\Windows\System32\drivers\PTUMLCVsp.sys [2011-7-8 182672]
S3 PTUMLMdm;PANTECH UML290;C:\Windows\System32\drivers\PTUMLMdm.sys [2011-7-8 182672]
S3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);C:\Windows\System32\drivers\PTUMLNET61.sys [2011-7-8 104976]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;C:\Windows\System32\drivers\PTUMLNVsp.sys [2011-7-8 183824]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;C:\Windows\System32\drivers\PTUMLRMNET.sys [2011-7-8 68624]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;C:\Windows\System32\drivers\PTUMLVsp.sys [2011-7-8 182672]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-17 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008030.006\symndisv.sys [2011-10-11 56952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-26 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-06-27 16:13:07 -------- d-----w- C:\Users\Phyllis\AppData\Local\{7CF8BFF4-67F5-46B1-A980-D097EEFBC3A9}
2013-06-26 18:39:49 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-06-26 18:39:35 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-26 18:39:24 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-26 18:39:15 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-26 18:09:00 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50389C16-59FF-4DC9-9423-72D7059FDA78}\mpengine.dll
2013-06-25 01:22:56 -------- d-----w- C:\Users\Phyllis\AppData\Roaming\Malwarebytes
2013-06-25 01:22:38 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-25 01:22:35 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-25 01:22:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 01:22:14 -------- d-----w- C:\Users\Phyllis\AppData\Local\Programs
2013-06-22 23:13:38 -------- d-----w- C:\Users\Phyllis\AppData\Local\ElevatedDiagnostics
2013-06-21 16:16:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-20 00:32:34 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-20 00:31:57 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-20 00:31:57 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-03 16:39:43 -------- d-----w- C:\Users\Phyllis\AppData\Local\{EBF953B1-656D-4594-AC11-4D02791AEB92}
2013-06-02 19:28:43 -------- d-----w- C:\Program Files\Enigma Software Group
2013-06-02 19:27:56 -------- d-----w- C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-02 19:27:54 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-02 19:20:47 -------- d-----w- C:\Users\Phyllis\AppData\Local\{D9CFC2FC-4DE7-438F-8811-F45A1CED881B}
.
==================== Find3M  ====================
.
2013-06-20 00:52:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-20 00:52:51 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 10:06:48 4167680 ----a-w- C:\Program Files (x86)\GUT8ACC.tmp
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 08:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:00:23.40 ===============
 
 
.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 28 June 2013 - 03:48 AM


Hello jonknite

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jonknite

jonknite
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 28 June 2013 - 08:52 AM

Hi!

 

Ran the reports shown, haven't heard the ads so far today.

 

ADW

 

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 07:04:12
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Phyllis - PHYLLIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Phyllis\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Phyllis\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\El Rosso\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Phyllis\AppData\Local\APN
Folder Deleted : C:\Users\Phyllis\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Phyllis\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Phyllis\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v3.5.6 (en-US)
 
File : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\prefs.js
 
C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\user.js ... Deleted !
 
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.apn_dbr", "ie_9.0.8112.16421");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "TV");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.cr-o", "");
Deleted : user_pref("extensions.asktb.crumb", "2012.12.31+10.53.43-toolbar007iad-US-TW91bnQgTGF1cmVsLE5KLFVuaX[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "OSJ000YYUS");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USNJ0336");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.ask.com/redirect?client=ff&s[...]
Deleted : user_pref("extensions.asktb.guid", "D50E28F7-B7C8-4DAB-A94F-B8F7DCC5F6C1");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "upd");
Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1360874655278");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1360877857764");
Deleted : user_pref("extensions.asktb.last-v", "3.15.14.100013");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Mount Laurel,NJ,United States");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "100000031");
Deleted : user_pref("extensions.asktb.oldVersion", "5.15.14.29495");
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "C9E150CD-9AB6-4500-B6DB-3C09551360C9");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "1/26/2013 9:41:43 AM");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Deleted : user_pref("extentions.y2layers.installId", "a0495c1c-0dcc-4bd6-9e3c-557c88cf8ee5");
 
File : C:\Users\El Rosso\AppData\Roaming\Mozilla\Firefox\Profiles\ybjprdf6.default\prefs.js
 
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.24] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.27] : keyword = "ask.com",
Deleted [l.31] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en[...]
Deleted [l.32] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
 
File : C:\Users\El Rosso\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [13021 octets] - [28/06/2013 07:04:12]
 
########## EOF - C:\AdwCleaner[S1].txt - [13082 octets] ##########
 

 

 

 

 

 

 

 

JRT File:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Phyllis on Fri 06/28/2013 at  7:12:01.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E06011BF-3BAD-45A9-A2D4-B4DEC0FE9650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{00600114-5D78-4868-A9AE-6902866BF982}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{00FCD06C-0232-4744-B767-363094752A4D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{01D3A6B4-61D9-4B74-9EEA-C173C568BB36}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{02133A6A-4D8D-44FD-AC4D-4E79F02ACF58}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{02B4652C-4C09-44CA-942A-89762BEDDF84}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{02F9EAF4-7239-4F3D-99BC-545E77915111}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{032ED694-11C8-46B9-BAA4-ED982367E69D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{03D43217-DDC0-4A6A-869F-7584BF86F3B0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{044036DF-5219-416E-AD40-D35E6981AF13}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{04D7E243-D388-4399-BCE3-E237585EF1F8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0501E0FC-A3E7-4B85-972D-BFB7FBA910F1}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{05240924-F1B6-43E3-860D-FC902FA931AD}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{056B6294-E498-48D1-9081-61485707B4B7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{05D80E56-2098-46CE-8BAC-CD0D289A2570}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{05E0ED26-14CC-456C-8486-102966AD635E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{05E9A33A-CA5B-4688-BCED-C7D1A864FAF9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{063FAF7E-3C64-4BCA-90AA-3AC748307BBE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{06EEAB24-7B22-40DA-8158-1C9BF8A01F28}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{077248D7-7D38-4CBA-AC5D-688B7FA5CAF5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{09BB1639-3138-425E-9318-3CB794DBECC2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{09E5A9F3-CF3D-4050-8CCA-E5A2C7DD1422}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{09F0B89D-5261-40FB-9F78-32BD421D8002}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0AA9568E-4635-4A56-91DE-656DAE2EB98C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0B7AF2F4-E2D2-497C-849A-78C333D3FA7A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0B883FD2-96CA-4959-BCB9-9B50BC2FF73C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0CC70B5D-1752-4E9E-BC31-CB39A029CD86}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0CD30F73-BE48-49E8-A789-FE050275B6BA}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0D15391D-6D96-4857-8511-BF75E285B5AB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0D9286F9-7CC9-47DF-A7C9-35E8EDF67703}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0DC3D6A3-3D21-47E5-9665-42C1C667A7D2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0E32ECAD-1934-4A8A-BCC0-BB5507ABB75B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0F054704-3994-4DA9-B62D-DF44B86174C3}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0F4253F8-DE43-4A59-BC91-5FB0AF01B97F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0FDAD671-AEFC-478A-B7F8-BEBE56EFE5D8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{0FE5A030-686C-486A-AA63-05741396077E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{100A6A1A-45FD-461D-B2D6-2DD6219BA2CE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{104EF4DD-7A39-428A-88AF-13D3376397F5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{13E58E1E-F8F1-4FD7-8FC1-FCB4F6F47995}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{14BDCED1-6810-47E0-B007-6864EDEF27DA}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{14DB30F4-1A95-46EA-B305-5DBFBAA4C0A2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{15171413-93E3-4E8D-ABE9-831144F529E2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{153429B9-CF8A-49FC-B8A8-08F0BE2C8C00}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{15B26E64-3FC2-43C0-B26D-1A61E9F0B81B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{167B2674-C960-449B-9D1E-7C54B1F48091}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{17802660-396E-473F-9F40-B1C481A347E6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{17A73AB7-1038-4DD6-956A-3D286F78F17C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{183518DA-45C2-479E-AF44-337C954BED43}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1847EF4C-A055-4355-8E0E-52400A018B52}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{187AC59E-043D-4475-8657-FF4376432618}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{18816834-11C7-434E-820A-5A59AE4F5CBB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{18C3A876-F3D3-4F15-B58B-25F976AFADA8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{18D5EB04-1079-4C0C-818D-A8C71E12C8A1}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1AAB31C4-AF26-4B87-8FF3-AC3A4843B0D6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1AF55CC7-04A1-406B-A4C4-33BB13C99A2C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1CB12C9E-6604-4C8F-BD76-D5F0E7AEB991}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1CBC8416-20F1-41CB-9331-0C92BCFC7EEA}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1EA89599-284C-417B-A1DA-24D13EF9F73E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1F735ADE-E6D8-4B05-975C-EA9E57F0C9E3}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1FB48035-EA4D-4C66-BA2C-A85AC23501AC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{1FFE4BC0-D340-4B6E-A9CB-3E7A5CC765F7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{20401C1A-F5C6-4B7B-80A3-4236F9B2C232}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{20AB9F0F-C214-4442-8AD4-1A641D2F73F6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{233B7B8F-6400-44EC-A5CD-5A5D91C383CC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{237699E9-DC9E-482B-AEEB-A2C9061C7C52}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{23810FC0-7F2C-4779-BC76-6E72830F0E18}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{23ECC18D-F2E1-421D-B044-7A4A51D8C1D6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2402FB57-2A20-4DC7-A277-BA137866B1BB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{278E95D9-0095-48C7-A8A7-725C2052C43B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{284687BB-FD3C-4767-B1DD-8E7DC8C31D23}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2892CD8C-6472-48BA-8229-4956AA9D1FC4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{28EBFDFA-7DC8-4F99-A0CE-B334E8F6D632}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2B2420D7-0487-42B1-A992-08B4D985FC6E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2B6E9D1D-4AE2-4A99-9ED0-6B0A36508C52}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2C711787-8400-4B3B-9F38-1BD0F0F84258}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2CF091C1-0E8C-4B03-A267-D963C73BF2D6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2D3BB570-DAA8-4C96-BD35-033E538228B0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2DB99F65-6474-488C-B667-32100255C82C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2E570FDA-2D6E-44D0-9962-397E6F57AE5F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2E984A5A-1096-4512-8216-713CD06EB840}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{2FB1590E-B115-418D-B17E-409B9C209E15}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{301E8906-4124-4DFF-BB0B-D1BA0DC7C682}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{32179FA8-C742-4F56-B4EB-D5D9F030DB46}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{32232644-B98A-4069-A7D9-591F22AE5861}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{33F830B3-0CD1-46E8-A037-ECC8364D31DB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{3482560C-E0F5-473C-B5D4-49BA98F19FFD}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{349003A7-ED14-4FF4-A8BB-E4E1FD645500}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{357056B1-AECA-4AED-BA7C-AF48D19FC005}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{35886020-D70B-4B79-A5CD-1887E6A72AFD}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{35CBFC55-566A-4E46-A65E-4DFCDCA2E84B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{375860A5-07CD-46C0-A858-D4AC9D01E4F9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{378B3419-29EA-48E2-947E-6EC5EFEBC824}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{387E255A-EBF2-4744-9690-644086F41736}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{38FC30C3-7DAB-4085-86EF-6CFEAE08AF3E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{3A2AE851-7477-4A4D-99C5-1F15B9067F49}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{3AB7491C-EC33-4A83-8CED-783925ACA225}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{3C672A81-C4E3-40E7-A5C8-4B165F2E0462}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{3CD60393-B0ED-42FA-A763-6B041E3092D0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{3EB27236-61E5-4573-8AE9-4F03C5A787D4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{3FDA6BF0-4096-4612-911B-E3E0803D6C33}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{40CF653C-C6F3-472A-B3DE-5B8B5D558CFE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{4112A6F8-B28C-44F4-87E5-B2E6EDF81774}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{42BF953B-0CE5-4D02-BE89-4B254D747B19}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{4336C071-82C7-4489-8BA1-246A7D72AF01}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{440E45F2-00D2-4258-A97A-98CC3D66E3AA}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{44345C5E-90A0-40BD-A6DB-1C7802D940F6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{45A8BD54-733C-41EA-9004-CCB38F443AA7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{47B0F79E-87D2-4B36-B7FE-BD9DA5C5A1C6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{496F6D7C-2AAA-460E-AB95-1C0BA8DA13B9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{49B2E6C7-4C92-457F-88D4-5A4324378081}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{4ADE8A15-0776-4DC8-A392-AE9299420E00}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{4D965264-7AC6-47CF-AC7F-070B0F9D2C93}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{4EB24F4C-7CC3-4F02-9F48-E271DE406291}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{4EF37740-A333-4DDB-99B0-95EA36DBC990}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{4F79194E-E288-4A6B-BA4D-945EF9DD635A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{500D9A96-3585-4993-918F-3180A14AB43B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{51AAE4FB-CD23-4B51-B45C-40A1009D7B8D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{52BF766C-37D2-4278-9558-A780F4D0F249}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{5372A364-3B03-4481-9561-3D5EE05E9574}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{56369F8E-36FD-4661-8000-221EC085ACE9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{58516083-57B6-4F41-8361-15C36CFB68CB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{58C825EF-0836-4A4F-87CB-9F35A5D440F4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{5906AA94-4105-4713-BAB6-BD2B543D7713}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{592F7672-AC96-4E14-8595-A5B1CD0184DC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{59796BF8-F36D-440F-8FA8-9C8B0F79158E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{597AAC79-C454-4D7D-97F1-799B8EA052BB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{59BD6A3A-C916-4879-9F3E-EFD6B751076D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{5C263CB0-0872-41F3-9C52-86517E4358AC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{5E4A608C-0BC9-4A23-9744-234E6D38BDC0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6023D19E-CBA4-4954-8F52-4FB1FA3077CF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{627ED122-0A29-4B86-8521-368CC258E3AF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{62AAEF22-58B7-4917-8A97-610067DFC74B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{62FF87A6-6A25-4B05-B51D-96EDD70AE2B4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{63047565-1BEB-4A54-B73E-2848729AC81E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6345935D-8615-45E0-B9BB-2B43FB181207}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6385225B-5906-4AF1-A2A7-870CA036763F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{66F4453E-7C68-409D-8732-DFBF9C242E55}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{69F437CB-6063-4B25-A945-021C2D92786A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6A102138-788A-44B5-AC75-B5BCDF6CB7D1}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6A78D620-F616-46F5-93A8-D7F8C30A0636}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6AC7BF2C-761C-4AC2-89E4-4A2A54A24B3D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6AE7F361-B81C-4A65-9292-9486A7943D9D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6B16A706-07A7-442A-BE13-FDEDD5E743AE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6B868FDD-1538-40B6-A6F9-25DEDA1A5E0C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6BF78B3B-B472-48BE-89C5-8EB629428F5D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6DA0444D-A1DC-4415-9A3F-6BE5806A0C2C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6EE091C8-A286-4204-9DDE-73D90EEE0D4D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{6F6DB8E5-DB9A-43BD-83FD-10A01ACF351A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{701482D1-DC8D-428C-92CC-CC5B5623BD44}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{71B97D97-AADE-468D-87DD-130FC836E698}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{72060A0B-1E7D-436D-9EAF-307B632A5931}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{722E04EC-19A5-4C01-875D-C352EBC99EC6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{74F3D75D-465A-425D-9768-817DA1BA1A33}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7507791B-D3F5-4984-B359-43B6218CC1D5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{75360862-7D30-4618-867C-2DC146A3E0FC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{75FD73FE-FA54-4C97-BFD3-D4D69667B32D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{76083EA1-184A-45CB-9C48-FC5F304D224E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{77AD150D-7E98-45DA-8299-9D57AEF402CF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7893F2F5-8C94-459D-BCD9-529AF3501955}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{78D7563E-99AD-439E-89D0-8112A82F6426}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{78DF9785-1A1D-487A-87DC-A1D50FA98A59}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{79F2FA2E-50DD-40D9-A5A4-D25AE02DC2A7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7A637A02-C423-415D-9504-2268F95F86FB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7BEA8F48-0642-484D-9956-92D50280AB78}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7CAA892D-6E1A-4196-A799-A1FF65D05FF8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7CF8BFF4-67F5-46B1-A980-D097EEFBC3A9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7EA6CE68-8A16-445A-8C3A-03043E887293}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{7FE27B7E-4D36-4219-8253-CD63645737D0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8035E723-51DF-493D-9744-129BAA567853}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{803869F0-2DE4-4BFD-9E7E-41D3147B58DE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{81104E6B-6A73-4EBF-8058-A2EA2B2D719D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{81144275-6E50-4D4A-A704-F68A0C6A88C2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{823AECF7-EC72-46EC-8A58-0CEE5ED1B51F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8297DCE9-927C-49AD-B6DA-D08EADFE272A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{838B6F7E-7432-40CE-89A1-1E733BB7DDDA}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{845FE43A-CBD0-4B04-B2C0-B11C7180BA22}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{857941A6-249C-4CFC-B1FB-FB38CC54892F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{86A25361-6807-4999-BF38-4A86CA17D4CF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{86EB4E38-8EE1-4172-98B0-1F24B9771047}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{88F01AEB-396D-4789-B2BC-870C94245B99}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8A45840A-D9B9-44DF-B1AE-BEAD44B27C6C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8A95F832-0E0A-4C8C-9F37-F23BAE813DC7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8BB3B1F0-6FEE-46A8-92B2-8821E9DA9DF2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8E8AF3BA-C20B-4CFE-91DC-DD420368282D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8EE34440-CA2C-48F3-90EB-3183CC43BA6E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{8EF7F838-15EC-4DB3-93BC-FC3AADB91729}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{90CD2A1B-2EDD-4D66-8A5D-C4545831DA98}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{91BBD7A2-D5A2-4719-9DD1-230AD6631741}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{91BF54E9-95FE-4E90-8AD1-266FE5D449BF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{92724664-63B1-418D-B1DA-9DD971745E71}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{92E1C4DC-D297-46AD-ABC1-6C016EC58696}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{944C7F94-4BCA-42FE-B6AC-E8EB36D41958}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{954A26E3-331C-49D2-8B0C-2D3968C4D1A4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{95E73320-E78C-4C7F-869C-DEFEB1FF5BFF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9766994E-B0B8-45B9-B80F-FC1F9085B399}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{97DCE1DF-464E-4146-8140-733EFB78B654}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9830D02E-1E9B-4988-8048-5A126F052E4C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{987D2CA2-3A46-4534-AFF7-1A81393D5E02}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{987F9B40-6EEB-4BF2-B48F-FFDF5028E84F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9BB5666D-A47E-4A5D-AF9B-6139EA3C69CD}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9BE32F03-7341-4C78-80C4-749EBC76AA25}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9C3EE6A6-B26A-48E2-ACCF-17B90C7A14B2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9C7C37E0-F8C2-4C71-A94A-C63100FDCA36}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9DBDBB76-F2A3-4B7F-BFE0-AF3AA8FEB4DC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9DFF4382-6A8C-46DB-8B38-AA36287A4A65}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9ECEBCE7-E720-4E69-97F3-5ECB00647579}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9F23856D-9CD0-45CC-92DF-8F8C122CF037}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{9FE625AA-D74C-4164-8867-B36C8D74732C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A250AD38-0434-4AE5-A59F-A67F2DE74399}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A34F7571-1E8D-48E3-965D-158621B57969}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A3DC8860-566E-48CE-9D51-5752A7B645FB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A412C045-9CFD-4218-ACEC-61DF1B19A1C4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A56C025B-8F70-4CE0-8926-795C1037D2C2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A588113B-E2EC-4646-ACBF-001D7921BCE6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A69D4691-E532-470D-9B8C-8A85FB7E1CD6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A72D991F-6F08-4638-86A1-F4ABB332B8B8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A79F12C1-BE1B-4843-80E1-A98C858F786B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A81BE2F4-420A-447E-B22D-BFB7A1F89EB4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A8353537-FD8D-46E9-B9AE-40DB89B01011}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A85F9814-A277-43A2-8C2A-5B6337E0F2AF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A8B22E0C-734E-44D3-A958-80D5344C20C6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{A91115CF-7CB2-41AC-8919-9D64B1F6F241}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AA5724CE-5EAA-4937-AC8C-54E945E37501}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AACFC981-6CFF-4AC5-88ED-147186466454}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AAE9C84B-BF53-455C-B347-D70EEAAA2B5F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{ABC6AAC5-B700-41BB-A7AC-BA0BFF9417FD}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{ABFCF7A4-4470-44AE-91E3-65F9268A0134}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{ACACA287-C1C2-4A25-A178-5519514CD8E8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{ACD3776C-760B-4B72-AE8D-E7F2BF5847BD}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AD642061-D418-46AB-B0BE-0EE5EAB086EF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AD6897E9-E75A-4839-AC83-FD0CD7FCF9CB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{ADF92C67-7CC9-4A54-A379-CF47FCF1B4EB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AF284CC7-12E0-406B-9780-EF7F3F14096D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AFBD401F-65DD-493E-897B-F2434FEA3E74}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AFF886D8-E612-4A8F-8CCC-C06D4BFB88A8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{AFFD77A5-0042-4224-A8BA-D8CAAADCA9A5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B0E5EA81-7EBA-4391-921A-08DEFC656540}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B1964A2F-CD27-4E28-8213-11013CFD440E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B19770C5-41E8-4EEF-8356-C58CB71D84FC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B1C7293A-5D5F-4AB4-805F-19D620AF2696}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B2D40114-5087-45AF-BEA4-541EB682537A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B2EACB77-C1DA-4A86-951D-085D624FBFD9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B42592EA-E5EA-41E0-A18A-733EC6C4A5C2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B4561785-BB35-4626-B88F-4C4936D8CBB4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B496F197-5593-4862-9C7C-7B0116509F04}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B4A6C38C-8B39-4F7D-B6B7-0DB87C05DDDE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B4C08B23-334F-4E63-AE88-80E4AB1A9570}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B504640E-E740-478C-BB04-B8A298F3C224}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B54FE069-337C-4192-9E4C-5DF1D9AFF516}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B68D56BA-BD19-44DE-9C4C-4D080BD9990F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B6FB9DB4-E4C4-4B36-8EE7-DFBFEEF48627}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B7403EB5-F98D-4279-94A6-BE322BDA6F23}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B7AFD6B3-0286-42AC-9F09-FD57329BDD9D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B81E5F8D-A5A2-48B3-91DE-3895A83E5DF7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B85E0B4B-983D-4A44-8959-B6FDE36AFA90}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{B9E8B4E7-F10E-4B67-87A0-571B3F6E5AB6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{BA11A881-33A5-4B56-BCF7-5DEEDEB81C58}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{BA6ACCEC-0D48-4420-A2CF-0203159BF979}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{BACA1C9B-29B7-4BE4-8D7D-DBD5CA15E50B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{BBA2E5E6-526B-4ACB-97F4-B00BED7357B6}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{BE8755D5-3D59-4508-97B4-6DD717623C84}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C058FA95-3AA0-45C1-9FE5-186E1CB9A89D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C1159499-509A-459D-9642-32EA0FD8393D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C15B379A-89D0-4BB1-93E9-B968184A3BFF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C1660140-21C1-40FC-90B9-D0277F82618E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C1887375-1327-4940-89A9-0E574C986537}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C1BEB142-32E6-4DA9-8EB7-6FAF895D7F76}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C2A12BA5-4BB3-4EC4-89A1-2941B4A08D1A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C2C6F2FC-326D-4904-96B2-78F426821DD2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C31B4AB1-313B-44BC-84FD-441983CEF448}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C32C49EA-5E12-4695-B9B9-FDFF08154092}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C34AC589-2CF6-4B97-BEF6-32B664ED0934}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C3671BFE-E9DC-4DD0-8C08-ECE57C234555}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C3E720A3-DFFE-423D-B8CB-30C15131DEDD}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C4D1D35A-DB5C-4DB8-98AB-6A79FB8350AC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C50CB1E3-B53E-4A0C-AFA0-7CF1E53287DC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C60C49C7-69CA-4B2A-BB57-4179FA54C3B7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C661275A-810C-4DD2-B53C-DDB822BD929C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C6AF49A4-9B26-4327-9C53-F1D6BEC5229A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C6BCA84F-A05C-45C6-B5DB-A2DC8CFB4783}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C80E329C-66BB-4171-9863-52D03C08E11B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C87FC8CA-297D-4F8D-BE52-7BC9320504D5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{C95A44C5-70E5-4A46-849D-F3A8218FF44E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CA1DFF13-631C-4FCA-894D-C5803B4C0C95}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CAC38EA7-AA96-495D-88E6-4C38D13E0E5B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CB5EDDEE-E63D-4D9F-9637-BB08876688A7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CC218275-0AAD-4DDF-86B4-FFC158A60E3F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CCA27CBB-F420-43D6-9915-10F90C30FB2D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CE145E78-9B98-4A5D-B3BE-3BF1D0E6BA68}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CE522032-C85D-477E-A672-FCD054BF30DE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CE67E526-003F-4BD8-B2C2-AC6E8D050130}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{CF62C5B4-1A60-4AFC-8738-FB0C7119D420}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D0145062-9B4B-42E0-802D-82459FB6C741}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D1AADD38-35D5-4398-AFCB-1DC325452C5D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D1D9F802-1571-422A-A39B-4CA1BC9C69C2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D1EB64D5-39EB-4BE0-88A2-437D8A92C276}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D4B0324A-F3F0-462F-B5EE-F06FF56111B9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D5742446-2504-4C6C-9A8C-5EA7D271AE81}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D6E05BDE-97B0-44A1-857B-2FFD667A73B4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D6F34F82-78C6-4600-87BE-CD20CC8F74E0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D8B4C5B8-D363-4695-AD9A-0FE8042D550D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D96137C8-F703-4044-AAF2-B62E19E3072C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D98CA581-80F2-4919-A3BA-E132B6EA970F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D9CFC2FC-4DE7-438F-8811-F45A1CED881B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{D9FB12D1-7BE6-4A45-957E-2AFB5DD6361F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DA4EF40E-FA6B-4CB7-ADFD-EC336E05CE04}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DB30D999-8FC8-4409-A696-4D4E7317DB47}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DB5E546C-1CFE-4377-8FBC-2D1112309278}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DC1AA7DB-3232-44D2-AFB0-C426617869C8}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DDD5CE9C-9280-41C3-B78C-9339A15F342E}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DE514D61-67BC-4C17-AE7D-30125191FEFB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DEA1246D-A12B-411B-A764-A1C108B3D744}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DF03D1CB-94EB-4994-9685-0DD2226DB1D5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DF21DA0D-6137-4B68-8523-773A4586FB44}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{DF6D2342-30EE-439C-AC03-66D425154FCA}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E02235DA-2180-4257-B421-A655D7EED11B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E043E2A4-2884-4E1F-9D95-6D4F86D92658}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E0715535-1B18-44A2-B258-07A0F679F070}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E0EC28C1-B1E8-492F-8F1D-B9B8B6744E7A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E16A59C6-ABC5-43E4-91E2-8D9A4E64F6F5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E2BBEEB0-61D2-4360-B5E1-2B6FA412C57C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E3F94664-BA1E-45C0-9B3C-849B839F5075}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E4176FDF-8271-4489-926B-A30B2455F7FC}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E42B230D-87CD-46C5-9036-5EB5F38A259A}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E42FE703-ED71-4FE2-8562-56CC9274499C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E433E8BD-5F08-4F8F-B51E-7126F6604918}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E5F7613D-1D9B-448E-B574-EEFE47C1702F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E7096C7A-2BE7-4155-8A15-99B0EBE68B1C}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E7581664-3A38-4296-A634-01B5686E588F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E7A0D6A9-2A9C-44D4-B98C-80D92632B7CB}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E7F1D71F-1C52-48FE-8578-9E9BDD807CE0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E80B0D61-BE4E-4A5C-931A-F3BB8A1754F4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E86D0C58-B640-4D71-853C-D55CF5A507D5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E8F3D0CE-B281-4322-9983-CA27D3CC1464}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E915B461-00C1-4EBE-B671-7CB127716378}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E928CF2D-EA55-4173-B853-227A236A47F9}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{E9491E74-D1A5-4964-9FFA-8683D865E0D1}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{EAAD3F19-F3B2-4C80-AE36-E6528F33D946}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{EAAFF2C5-5A1E-4BC8-80BF-B0614FCF8CB4}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{EAE72ACB-6CB5-4DF0-94F3-2DF7134F799F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{EB5FEB72-7F8C-4C6C-B7A3-2E207F87D5C0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{EB79E629-81A7-4C6A-B8B7-B08924A4C246}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{EBF953B1-656D-4594-AC11-4D02791AEB92}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{EC3D97CA-5142-4D54-89BF-3DDAAC9B5C82}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{ED7EDF4F-E47F-45CF-AD62-B2FD114D48D7}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F00853F0-3CA1-40E1-9BF0-CB979C9D126D}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F18E1EB1-7DEF-45FA-8259-59115E78C3EF}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F1DC2CF4-1E65-4C9D-BE8B-795A2C843C1B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F350FCEE-DF48-469E-BE3B-CE373F679C20}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F3CC41B1-CF56-47B5-B452-7DA8809DAF43}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F3E8DFB2-62A9-4F0E-9DA5-53EB10C08DB2}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F3EDF192-8EFB-4241-A639-6B867113378F}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F46F5FCF-6437-4FF1-BFBF-C91847E2BC39}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F509C8EF-000D-4953-A61B-EDE4DBAF8526}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F53C4358-882F-42F8-9832-4D73BEAA57D1}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F5CC2430-BD34-43AE-92F9-B37814877703}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F6383BDC-7F10-4EF4-8A04-F8B42D9CCDFE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F6C3F268-FC70-4547-8393-6FCF531900C5}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F6D6B5B4-DD94-4B45-B828-E24EA274F3EE}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F7853BFE-08D5-4790-9E20-D597EC85F9D0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F8168BC2-976F-44ED-B3B5-B1EAC5AD8555}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{F962A52D-F08D-41B7-95DB-1B9D39122907}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{FAC6902B-4FA5-4410-8C76-B8D2BAD30633}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{FB3F3B47-8C15-48C6-BC10-EA9A34371581}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{FD0F5D2A-21B6-471C-9241-6B9C78E978F0}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{FD20EA8D-4780-4D01-8476-EB80C04E3C76}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{FD79012F-54F1-487F-92C3-CC88522581ED}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{FF128C57-A832-41B9-9FED-AFE275F2AA3B}
Successfully deleted: [Empty Folder] C:\Users\Phyllis\appdata\local\{FF3B4475-8245-4AB2-8A79-9F404AB045D8}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/28/2013 at  7:23:28.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 28 June 2013 - 01:18 PM


Hello jonknite

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jonknite

jonknite
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 29 June 2013 - 08:26 PM

ComboFix Log

 

ComboFix 13-06-28.02 - Phyllis 06/28/2013  17:20:49.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2189 [GMT -6:00]
Running from: c:\users\Phyllis\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\6EEF.tmp
c:\programdata\Microsoft\Windows\DRM\B737.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-28 to 2013-06-28  )))))))))))))))))))))))))))))))
.
.
2013-06-28 23:33 . 2013-06-28 23:33 -------- d-----w- c:\users\El Rosso\AppData\Local\temp
2013-06-28 23:33 . 2013-06-28 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-28 13:20 . 2013-06-28 13:20 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\offreg.dll
2013-06-28 13:11 . 2013-06-28 13:11 -------- d-----w- c:\windows\ERUNT
2013-06-28 13:10 . 2013-06-28 13:11 -------- d-----w- C:\JRT
2013-06-28 13:03 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\mpengine.dll
2013-06-26 18:39 . 2013-06-26 18:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-06-26 18:39 . 2013-06-26 18:39 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-26 18:39 . 2013-06-26 18:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-26 18:39 . 2013-06-26 18:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\users\Phyllis\AppData\Roaming\Malwarebytes
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\programdata\Malwarebytes
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-25 01:22 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\users\Phyllis\AppData\Local\Programs
2013-06-22 23:13 . 2013-06-22 23:13 -------- d-----w- c:\users\Phyllis\AppData\Local\ElevatedDiagnostics
2013-06-22 22:55 . 2013-06-22 22:55 -------- d-----w- c:\users\El Rosso\AppData\Roaming\Motorola Mobility
2013-06-21 16:16 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-20 00:32 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-20 00:31 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-20 00:31 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-02 19:28 . 2013-06-02 19:28 -------- d-----w- c:\program files\Enigma Software Group
2013-06-02 19:27 . 2013-06-10 12:24 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-02 19:27 . 2013-06-02 19:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 16:18 . 2010-12-26 01:09 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-20 00:52 . 2012-06-25 12:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-20 00:52 . 2011-09-19 03:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-19 00:24 . 2013-05-19 00:24 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-19 00:24 . 2013-05-19 00:24 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-19 00:24 . 2013-05-19 00:24 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-19 00:24 . 2013-05-19 00:24 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-19 00:24 . 2013-05-19 00:24 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-19 00:24 . 2013-05-19 00:24 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-19 00:24 . 2013-05-19 00:24 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-19 00:24 . 2013-05-19 00:24 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-19 00:24 . 2013-05-19 00:24 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-19 00:24 . 2013-05-19 00:24 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-19 00:24 . 2013-05-19 00:24 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-19 00:24 . 2013-05-19 00:24 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-19 00:24 . 2013-05-19 00:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-19 00:24 . 2013-05-19 00:24 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-19 00:24 . 2013-05-19 00:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-19 00:24 . 2013-05-19 00:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-19 00:24 . 2013-05-19 00:24 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-19 00:24 . 2013-05-19 00:24 441856 ----a-w- c:\windows\system32\html.iec
2013-05-19 00:24 . 2013-05-19 00:24 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-19 00:24 . 2013-05-19 00:24 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-19 00:24 . 2013-05-19 00:24 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-19 00:24 . 2013-05-19 00:24 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-19 00:24 . 2013-05-19 00:24 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-19 00:24 . 2013-05-19 00:24 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-19 00:24 . 2013-05-19 00:24 235008 ----a-w- c:\windows\system32\url.dll
2013-05-19 00:24 . 2013-05-19 00:24 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-19 00:24 . 2013-05-19 00:24 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-19 00:24 . 2013-05-19 00:24 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-19 00:24 . 2013-05-19 00:24 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-19 00:24 . 2013-05-19 00:24 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-19 00:24 . 2013-05-19 00:24 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-19 00:24 . 2013-05-19 00:24 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-19 00:24 . 2013-05-19 00:24 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-19 00:24 . 2013-05-19 00:24 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-19 00:24 . 2013-05-19 00:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-19 00:24 . 2013-05-19 00:24 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-19 00:24 . 2013-05-19 00:24 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-19 00:24 . 2013-05-19 00:24 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-19 00:24 . 2013-05-19 00:24 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-19 00:24 . 2013-05-19 00:24 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-19 00:24 . 2013-05-19 00:24 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-19 00:24 . 2013-05-19 00:24 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-19 00:24 . 2013-05-19 00:24 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-19 00:24 . 2013-05-19 00:24 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-19 00:24 . 2013-05-19 00:24 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-19 00:24 . 2013-05-19 00:24 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-19 00:24 . 2013-05-19 00:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-19 00:24 . 2013-05-19 00:24 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-19 00:24 . 2013-05-19 00:24 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-18 23:48 . 2011-11-17 03:22 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 10:06 . 2013-05-17 10:06 4167680 ----a-w- c:\program files (x86)\GUT8ACC.tmp
2013-05-02 08:06 . 2010-02-25 15:04 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-19 00:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-19 00:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-19 00:46 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-19 00:46 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-19 00:46 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-19 00:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 04:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-19 00:46 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-19 00:46 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-19 00:46 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-05-11 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLBUS.sys [x]
R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLCVsp.sys [x]
R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLMdm.sys [x]
R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLNET61.sys [x]
R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLNVsp.sys [x]
R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLRMNET.sys [x]
R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLVsp.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130301.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130301.002\IDSvia64.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe;c:\windows\SYSNATIVE\ptumlcmsvc64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-25 02:12 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 00:52]
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 00:29]
.
2013-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 00:29]
.
2013-06-09 c:\windows\Tasks\HPCeeScheduleForPhyllis.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKU-Default-RunOnce-KodakHomeCenter - c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-28  17:37:20
ComboFix-quarantined-files.txt  2013-06-28 23:37
.
Pre-Run: 167,936,339,968 bytes free
Post-Run: 170,024,153,088 bytes free
.
- - End Of File - - 630FE01D7D088168DC1EE638EFA9875E
8065AB345E5F3212518E1E127758D69E


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 29 June 2013 - 09:08 PM


Hello jonknite

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jonknite

jonknite
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 02 July 2013 - 02:05 PM

Twice I thought I posted, but then I go back and it's not here, trying a different PC and now I see the post is too long, don't see a way to attach so I will split it into two posts, here is part 1 of TDDSKiller:

 

10:14:48.0353 4332  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:14:48.0915 4332  ============================================================
10:14:48.0915 4332  Current date / time: 2013/06/30 10:14:48.0915
10:14:48.0915 4332  SystemInfo:
10:14:48.0915 4332 
10:14:48.0915 4332  OS Version: 6.1.7601 ServicePack: 1.0
10:14:48.0915 4332  Product type: Workstation
10:14:48.0915 4332  ComputerName: PHYLLIS-PC
10:14:48.0915 4332  UserName: Phyllis
10:14:48.0915 4332  Windows directory: C:\Windows
10:14:48.0915 4332  System windows directory: C:\Windows
10:14:48.0915 4332  Running under WOW64
10:14:48.0915 4332  Processor architecture: Intel x64
10:14:48.0915 4332  Number of processors: 2
10:14:48.0915 4332  Page size: 0x1000
10:14:48.0915 4332  Boot type: Normal boot
10:14:48.0915 4332  ============================================================
10:14:51.0925 4332  BG loaded
10:14:52.0690 4332  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0xEE72, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040
10:14:52.0705 4332  ============================================================
10:14:52.0705 4332  \Device\Harddisk0\DR0:
10:14:52.0705 4332  MBR partitions:
10:14:52.0705 4332  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:14:52.0705 4332  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B9A4000
10:14:52.0705 4332  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BA08000, BlocksNum 0x17BD000
10:14:52.0705 4332  ============================================================
10:14:52.0721 4332  C: <-> \Device\Harddisk0\DR0\Partition2
10:14:52.0830 4332  D: <-> \Device\Harddisk0\DR0\Partition3
10:14:52.0830 4332  ============================================================
10:14:52.0830 4332  Initialize success
10:14:52.0830 4332  ============================================================
10:15:42.0810 6028  ============================================================
10:15:42.0810 6028  Scan started
10:15:42.0810 6028  Mode: Manual; SigCheck; TDLFS;
10:15:42.0810 6028  ============================================================
10:15:43.0793 6028  ================ Scan system memory ========================
10:15:43.0793 6028  System memory - ok
10:15:43.0793 6028  ================ Scan services =============================
10:15:43.0996 6028  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:15:44.0089 6028  1394ohci - ok
10:15:44.0152 6028  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:15:44.0167 6028  ACPI - ok
10:15:44.0198 6028  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:15:44.0230 6028  AcpiPmi - ok
10:15:44.0339 6028  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:15:44.0354 6028  AdobeARMservice - ok
10:15:44.0510 6028  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:15:44.0542 6028  AdobeFlashPlayerUpdateSvc - ok
10:15:44.0573 6028  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:15:44.0604 6028  adp94xx - ok
10:15:44.0651 6028  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:15:44.0666 6028  adpahci - ok
10:15:44.0698 6028  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:15:44.0713 6028  adpu320 - ok
10:15:44.0744 6028  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:15:44.0807 6028  AeLookupSvc - ok
10:15:44.0885 6028  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:15:44.0947 6028  AFD - ok
10:15:44.0994 6028  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:15:45.0010 6028  agp440 - ok
10:15:45.0025 6028  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:15:45.0072 6028  ALG - ok
10:15:45.0103 6028  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:15:45.0119 6028  aliide - ok
10:15:45.0119 6028  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:15:45.0134 6028  amdide - ok
10:15:45.0181 6028  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:15:45.0212 6028  AmdK8 - ok
10:15:45.0259 6028  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:15:45.0306 6028  AmdPPM - ok
10:15:45.0368 6028  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:15:45.0400 6028  amdsata - ok
10:15:45.0431 6028  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:15:45.0446 6028  amdsbs - ok
10:15:45.0478 6028  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:15:45.0478 6028  amdxata - ok
10:15:45.0540 6028  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:15:45.0602 6028  AppID - ok
10:15:45.0634 6028  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:15:45.0696 6028  AppIDSvc - ok
10:15:45.0743 6028  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
10:15:45.0790 6028  Appinfo - ok
10:15:45.0899 6028  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:15:45.0914 6028  arc - ok
10:15:45.0946 6028  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:15:45.0977 6028  arcsas - ok
10:15:46.0195 6028  aspnet_state - ok
10:15:46.0304 6028  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:15:46.0445 6028  AsyncMac - ok
10:15:46.0492 6028  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:15:46.0507 6028  atapi - ok
10:15:46.0601 6028  [ 96ABF88241F90FF647E55C934C55C2F1 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:15:46.0663 6028  athr - ok
10:15:46.0741 6028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:15:46.0819 6028  AudioEndpointBuilder - ok
10:15:46.0819 6028  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:15:46.0866 6028  AudioSrv - ok
10:15:46.0928 6028  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:15:46.0975 6028  AxInstSV - ok
10:15:47.0006 6028  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:15:47.0053 6028  b06bdrv - ok
10:15:47.0116 6028  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:15:47.0147 6028  b57nd60a - ok
10:15:47.0209 6028  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:15:47.0240 6028  BDESVC - ok
10:15:47.0272 6028  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:15:47.0350 6028  Beep - ok
10:15:47.0428 6028  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:15:47.0490 6028  BFE - ok
10:15:47.0630 6028  [ 4D7F8401EAE7EAA4EF702FA6F4153269 ] BHDrvx64        C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
10:15:47.0662 6028  BHDrvx64 - ok
10:15:47.0708 6028  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
10:15:47.0786 6028  BITS - ok
10:15:47.0833 6028  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:15:47.0911 6028  blbdrive - ok
10:15:47.0974 6028  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:15:48.0005 6028  bowser - ok
10:15:48.0036 6028  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:15:48.0098 6028  BrFiltLo - ok
10:15:48.0114 6028  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:15:48.0145 6028  BrFiltUp - ok
10:15:48.0176 6028  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:15:48.0270 6028  BridgeMP - ok
10:15:48.0317 6028  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:15:48.0364 6028  Browser - ok
10:15:48.0410 6028  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:15:48.0457 6028  Brserid - ok
10:15:48.0473 6028  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:15:48.0504 6028  BrSerWdm - ok
10:15:48.0551 6028  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:15:48.0613 6028  BrUsbMdm - ok
10:15:48.0644 6028  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:15:48.0660 6028  BrUsbSer - ok
10:15:48.0707 6028  [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
10:15:48.0754 6028  BTCFilterService - ok
10:15:48.0800 6028  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:15:48.0910 6028  BTHMODEM - ok
10:15:48.0956 6028  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:15:49.0097 6028  bthserv - ok
10:15:49.0144 6028  catchme - ok
10:15:49.0190 6028  [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL        C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:15:49.0222 6028  CAXHWAZL - ok
10:15:49.0284 6028  [ A2E6AB452B9393CA8D11D28827E0E1A1 ] ccHP            C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
10:15:49.0300 6028  ccHP - ok
10:15:49.0331 6028  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:15:49.0378 6028  cdfs - ok
10:15:49.0440 6028  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:15:49.0502 6028  cdrom - ok
10:15:49.0565 6028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:15:49.0643 6028  CertPropSvc - ok
10:15:49.0690 6028  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:15:49.0736 6028  circlass - ok
10:15:49.0783 6028  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:15:49.0799 6028  CLFS - ok
10:15:49.0830 6028  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:15:49.0846 6028  clr_optimization_v2.0.50727_32 - ok
10:15:49.0908 6028  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:15:49.0924 6028  clr_optimization_v2.0.50727_64 - ok
10:15:50.0017 6028  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:15:50.0048 6028  clr_optimization_v4.0.30319_32 - ok
10:15:50.0080 6028  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:15:50.0095 6028  clr_optimization_v4.0.30319_64 - ok
10:15:50.0126 6028  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:15:50.0142 6028  CmBatt - ok
10:15:50.0189 6028  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:15:50.0204 6028  cmdide - ok
10:15:50.0236 6028  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:15:50.0267 6028  CNG - ok
10:15:50.0345 6028  [ A44DFDB81DC62B11760881175E5B2266 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:15:50.0360 6028  CnxtHdAudService - ok
10:15:50.0579 6028  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:15:50.0594 6028  Com4QLBEx - ok
10:15:50.0672 6028  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:15:50.0704 6028  Compbatt - ok
10:15:50.0750 6028  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:15:50.0782 6028  CompositeBus - ok
10:15:50.0813 6028  COMSysApp - ok
10:15:50.0844 6028  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:15:50.0860 6028  crcdisk - ok
10:15:50.0922 6028  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:15:50.0969 6028  CryptSvc - ok
10:15:51.0031 6028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:15:51.0094 6028  DcomLaunch - ok
10:15:51.0156 6028  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:15:51.0234 6028  defragsvc - ok
10:15:51.0296 6028  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:15:51.0359 6028  DfsC - ok
10:15:51.0421 6028  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:15:51.0484 6028  Dhcp - ok
10:15:51.0515 6028  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:15:51.0577 6028  discache - ok
10:15:51.0655 6028  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:15:51.0671 6028  Disk - ok
10:15:51.0718 6028  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:15:51.0749 6028  Dnscache - ok
10:15:51.0796 6028  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:15:51.0858 6028  dot3svc - ok
10:15:51.0905 6028  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:15:51.0983 6028  DPS - ok
10:15:52.0014 6028  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:15:52.0030 6028  drmkaud - ok
10:15:52.0092 6028  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:15:52.0139 6028  DXGKrnl - ok
10:15:52.0186 6028  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:15:52.0232 6028  EapHost - ok
10:15:52.0357 6028  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:15:52.0451 6028  ebdrv - ok
10:15:52.0544 6028  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:15:52.0576 6028  eeCtrl - ok
10:15:52.0607 6028  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:15:52.0654 6028  EFS - ok
10:15:52.0747 6028  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:15:52.0794 6028  ehRecvr - ok
10:15:52.0841 6028  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:15:52.0888 6028  ehSched - ok
10:15:52.0950 6028  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:15:52.0966 6028  elxstor - ok
10:15:53.0028 6028  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:15:53.0044 6028  EraserUtilRebootDrv - ok
10:15:53.0075 6028  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:15:53.0122 6028  ErrDev - ok
10:15:53.0184 6028  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:15:53.0246 6028  EventSystem - ok
10:15:53.0309 6028  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:15:53.0387 6028  exfat - ok
10:15:53.0418 6028  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:15:53.0465 6028  fastfat - ok
10:15:53.0527 6028  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:15:53.0558 6028  Fax - ok
10:15:53.0574 6028  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:15:53.0652 6028  fdc - ok
10:15:53.0699 6028  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:15:53.0761 6028  fdPHost - ok
10:15:53.0792 6028  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:15:53.0839 6028  FDResPub - ok
10:15:53.0902 6028  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:15:53.0917 6028  FileInfo - ok
10:15:53.0948 6028  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:15:54.0026 6028  Filetrace - ok
10:15:54.0058 6028  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:15:54.0073 6028  flpydisk - ok
10:15:54.0136 6028  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:15:54.0167 6028  FltMgr - ok
10:15:54.0354 6028  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
10:15:54.0401 6028  FontCache - ok
10:15:54.0448 6028  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:15:54.0479 6028  FontCache3.0.0.0 - ok
10:15:54.0494 6028  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:15:54.0510 6028  FsDepends - ok
10:15:54.0557 6028  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
10:15:54.0572 6028  fssfltr - ok
10:15:54.0666 6028  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:15:54.0713 6028  fsssvc - ok
10:15:54.0744 6028  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:15:54.0760 6028  Fs_Rec - ok
10:15:54.0806 6028  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:15:54.0822 6028  fvevol - ok
10:15:54.0869 6028  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:15:54.0884 6028  gagp30kx - ok
10:15:54.0947 6028  [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:15:54.0962 6028  GameConsoleService - ok
10:15:55.0025 6028  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:15:55.0087 6028  gpsvc - ok
10:15:55.0150 6028  [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
10:15:55.0165 6028  grmnusb - ok
10:15:55.0274 6028  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:15:55.0290 6028  gupdate - ok
10:15:55.0321 6028  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:15:55.0337 6028  gupdatem - ok
10:15:55.0352 6028  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:15:55.0384 6028  hcw85cir - ok
10:15:55.0446 6028  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:15:55.0508 6028  HdAudAddService - ok
10:15:55.0540 6028  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:15:55.0571 6028  HDAudBus - ok
10:15:55.0618 6028  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:15:55.0633 6028  HidBatt - ok
10:15:55.0664 6028  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:15:55.0680 6028  HidBth - ok
10:15:55.0696 6028  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:15:55.0727 6028  HidIr - ok
10:15:55.0758 6028  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
10:15:55.0805 6028  hidserv - ok
10:15:55.0852 6028  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:15:55.0867 6028  HidUsb - ok
10:15:55.0898 6028  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:15:55.0961 6028  hkmsvc - ok
10:15:55.0992 6028  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:15:56.0039 6028  HomeGroupListener - ok
10:15:56.0086 6028  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:15:56.0117 6028  HomeGroupProvider - ok
10:15:56.0148 6028  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:15:56.0179 6028  HpqKbFiltr - ok
10:15:56.0288 6028  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:15:56.0320 6028  hpqwmiex - ok
10:15:56.0382 6028  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:15:56.0382 6028  HpSAMD - ok
10:15:56.0491 6028  [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:15:56.0538 6028  HsfXAudioService - ok
10:15:56.0600 6028  [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:15:56.0663 6028  HSF_DPV - ok
10:15:56.0741 6028  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:15:56.0819 6028  HTTP - ok
10:15:56.0850 6028  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:15:56.0866 6028  hwpolicy - ok
10:15:56.0912 6028  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:15:56.0928 6028  i8042prt - ok
10:15:56.0975 6028  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:15:57.0006 6028  iaStorV - ok
10:15:57.0068 6028  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:15:57.0100 6028  idsvc - ok
10:15:57.0287 6028  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130301.002\IDSvia64.sys
10:15:57.0318 6028  IDSVia64 - ok
10:15:57.0646 6028  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:15:57.0817 6028  igfx - ok
10:15:57.0848 6028  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:15:57.0864 6028  iirsp - ok
10:15:58.0082 6028  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:15:58.0160 6028  IKEEXT - ok
10:15:58.0238 6028  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
10:15:58.0285 6028  IntcHdmiAddService - ok
10:15:58.0332 6028  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:15:58.0363 6028  intelide - ok
10:15:58.0410 6028  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:15:58.0441 6028  intelppm - ok
10:15:58.0472 6028  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:15:58.0535 6028  IPBusEnum - ok
10:15:58.0582 6028  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:15:58.0660 6028  IpFilterDriver - ok
10:15:58.0722 6028  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:15:58.0753 6028  iphlpsvc - ok
10:15:58.0800 6028  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:15:58.0878 6028  IPMIDRV - ok
10:15:58.0925 6028  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:15:59.0018 6028  IPNAT - ok
10:15:59.0050 6028  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:15:59.0096 6028  IRENUM - ok
10:15:59.0159 6028  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:15:59.0174 6028  isapnp - ok
10:15:59.0206 6028  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:15:59.0237 6028  iScsiPrt - ok
10:15:59.0284 6028  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:15:59.0299 6028  kbdclass - ok
10:15:59.0330 6028  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:15:59.0471 6028  kbdhid - ok
10:15:59.0486 6028  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:15:59.0518 6028  KeyIso - ok
10:15:59.0596 6028  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:15:59.0611 6028  KSecDD - ok
10:15:59.0689 6028  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:15:59.0705 6028  KSecPkg - ok
10:15:59.0752 6028  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:15:59.0814 6028  ksthunk - ok
10:15:59.0892 6028  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:16:00.0001 6028  KtmRm - ok
10:16:00.0095 6028  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:16:00.0188 6028  LanmanServer - ok
10:16:00.0235 6028  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:16:00.0298 6028  LanmanWorkstation - ok
10:16:00.0407 6028  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:16:00.0438 6028  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:16:00.0438 6028  LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:16:00.0500 6028  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:16:00.0578 6028  lltdio - ok
10:16:00.0656 6028  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:16:00.0828 6028  lltdsvc - ok
10:16:00.0922 6028  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:16:00.0968 6028  lmhosts - ok
10:16:01.0109 6028  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:16:01.0156 6028  LSI_FC - ok
10:16:01.0187 6028  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:16:01.0202 6028  LSI_SAS - ok
10:16:01.0218 6028  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:16:01.0234 6028  LSI_SAS2 - ok
10:16:01.0265 6028  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:16:01.0296 6028  LSI_SCSI - ok
10:16:01.0327 6028  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:16:01.0374 6028  luafv - ok
10:16:01.0452 6028  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:16:01.0483 6028  MBAMProtector - ok
10:16:01.0577 6028  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:16:01.0592 6028  MBAMScheduler - ok
10:16:01.0639 6028  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:16:01.0670 6028  MBAMService - ok
10:16:01.0717 6028  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:16:01.0748 6028  Mcx2Svc - ok
10:16:01.0795 6028  [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:16:01.0811 6028  mdmxsdk - ok
10:16:01.0826 6028  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:16:01.0842 6028  megasas - ok
10:16:01.0873 6028  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:16:01.0889 6028  MegaSR - ok
10:16:01.0936 6028  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:16:01.0967 6028  MMCSS - ok
10:16:01.0998 6028  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:16:02.0060 6028  Modem - ok
10:16:02.0092 6028  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:16:02.0123 6028  monitor - ok
10:16:02.0185 6028  [ 43E754047C6DEE50666554D3C66D6279 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
10:16:02.0216 6028  motccgp - ok
10:16:02.0248 6028  [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
10:16:02.0294 6028  motccgpfl - ok
10:16:02.0372 6028  [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
10:16:02.0388 6028  Motorola Device Manager - ok
10:16:02.0404 6028  [ 19BC2161C3FCCED802F1BCD9B78C3466 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
10:16:02.0435 6028  MotoSwitchService - ok
10:16:02.0466 6028  [ C4F1495598C7E1FEF53BCFD84A5BD53E ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
10:16:02.0497 6028  Motousbnet - ok
10:16:02.0544 6028  [ D075B1D964A314D240F5498773EE89DF ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
10:16:02.0575 6028  motusbdevice - ok
10:16:02.0622 6028  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:16:02.0638 6028  mouclass - ok
10:16:02.0669 6028  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:16:02.0684 6028  mouhid - ok
10:16:02.0731 6028  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:16:02.0747 6028  mountmgr - ok
10:16:02.0794 6028  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:16:02.0809 6028  mpio - ok
10:16:02.0840 6028  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:16:02.0887 6028  mpsdrv - ok
10:16:02.0934 6028  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:16:02.0996 6028  MpsSvc - ok
10:16:03.0043 6028  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:16:03.0074 6028  MRxDAV - ok
10:16:03.0106 6028  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:16:03.0152 6028  mrxsmb - ok
10:16:03.0184 6028  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:16:03.0215 6028  mrxsmb10 - ok
10:16:03.0246 6028  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:16:03.0262 6028  mrxsmb20 - ok
10:16:03.0293 6028  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:16:03.0324 6028  msahci - ok
10:16:03.0371 6028  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:16:03.0386 6028  msdsm - ok
10:16:03.0418 6028  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:16:03.0449 6028  MSDTC - ok
10:16:03.0496 6028  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:16:03.0527 6028  Msfs - ok
10:16:03.0558 6028  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:16:03.0620 6028  mshidkmdf - ok
10:16:03.0652 6028  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:16:03.0667 6028  msisadrv - ok
10:16:03.0698 6028  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:16:03.0761 6028  MSiSCSI - ok
10:16:03.0776 6028  msiserver - ok
10:16:03.0792 6028  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:16:03.0854 6028  MSKSSRV - ok
10:16:03.0886 6028  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:16:03.0964 6028  MSPCLOCK - ok
10:16:03.0979 6028  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:16:04.0042 6028  MSPQM - ok
10:16:04.0088 6028  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:16:04.0120 6028  MsRPC - ok
10:16:04.0166 6028  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:16:04.0166 6028  mssmbios - ok
10:16:04.0182 6028  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:16:04.0244 6028  MSTEE - ok
10:16:04.0260 6028  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:16:04.0291 6028  MTConfig - ok
10:16:04.0307 6028  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:16:04.0322 6028  Mup - ok
10:16:04.0369 6028  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:16:04.0432 6028  napagent - ok
10:16:04.0556 6028  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:16:04.0634 6028  NativeWifiP - ok
10:16:04.0775 6028  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130302.016\ENG64.SYS
10:16:04.0790 6028  NAVENG - ok
10:16:04.0884 6028  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130302.016\EX64.SYS
10:16:04.0931 6028  NAVEX15 - ok
10:16:04.0993 6028  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:16:05.0040 6028  NDIS - ok
10:16:05.0071 6028  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:16:05.0134 6028  NdisCap - ok
10:16:05.0180 6028  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:16:05.0212 6028  NdisTapi - ok
10:16:05.0258 6028  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:16:05.0321 6028  Ndisuio - ok
10:16:05.0352 6028  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:16:05.0461 6028  NdisWan - ok
10:16:05.0508 6028  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:16:05.0555 6028  NDProxy - ok
10:16:05.0586 6028  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:16:05.0648 6028  NetBIOS - ok
10:16:05.0695 6028  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:16:05.0742 6028  NetBT - ok
10:16:05.0758 6028  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:16:05.0773 6028  Netlogon - ok
10:16:05.0804 6028  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:16:05.0882 6028  Netman - ok
10:16:05.0914 6028  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:16:05.0976 6028  netprofm - ok
10:16:06.0023 6028  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:16:06.0038 6028  NetTcpPortSharing - ok
10:16:06.0194 6028  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
10:16:06.0382 6028  netw5v64 - ok
10:16:06.0444 6028  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:16:06.0460 6028  nfrd960 - ok
10:16:06.0506 6028  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:16:06.0538 6028  NlaSvc - ok
10:16:06.0662 6028  [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
10:16:06.0662 6028  Norton Internet Security - ok
10:16:06.0694 6028  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:16:06.0740 6028  Npfs - ok
10:16:06.0772 6028  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:16:06.0834 6028  nsi - ok
10:16:06.0865 6028  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:16:06.0912 6028  nsiproxy - ok
10:16:06.0990 6028  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:16:07.0052 6028  Ntfs - ok
10:16:07.0068 6028  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:16:07.0115 6028  Null - ok
10:16:07.0146 6028  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:16:07.0162 6028  nvraid - ok
10:16:07.0208 6028  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:16:07.0224 6028  nvstor - ok
10:16:07.0286 6028  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:16:07.0302 6028  nv_agp - ok
10:16:07.0318 6028  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:16:07.0349 6028  ohci1394 - ok
10:16:07.0396 6028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:16:07.0442 6028  p2pimsvc - ok
10:16:07.0474 6028  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:16:07.0489 6028  p2psvc - ok
10:16:07.0520 6028  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:16:07.0552 6028  Parport - ok
10:16:07.0583 6028  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:16:07.0598 6028  partmgr - ok
10:16:07.0614 6028  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:16:07.0645 6028  PcaSvc - ok
10:16:07.0676 6028  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:16:07.0692 6028  pci - ok
10:16:07.0723 6028  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:16:07.0739 6028  pciide - ok
10:16:07.0770 6028  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:16:07.0786 6028  pcmcia - ok
10:16:07.0817 6028  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:16:07.0832 6028  pcw - ok
10:16:07.0848 6028  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:16:07.0895 6028  PEAUTH - ok
10:16:07.0942 6028  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:16:07.0973 6028  PerfHost - ok
10:16:08.0035 6028  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:16:08.0113 6028  pla - ok
10:16:08.0191 6028  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:16:08.0222 6028  PlugPlay - ok
10:16:08.0347 6028  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:16:08.0394 6028  PNRPAutoReg - ok
10:16:08.0441 6028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:16:08.0472 6028  PNRPsvc - ok
10:16:08.0519 6028  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:16:08.0612 6028  PolicyAgent - ok
10:16:08.0659 6028  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:16:08.0722 6028  Power - ok
10:16:08.0784 6028  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:16:08.0846 6028  PptpMiniport - ok
10:16:08.0878 6028  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:16:08.0909 6028  Processor - ok
10:16:08.0956 6028  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:16:09.0002 6028  ProfSvc - ok
10:16:09.0018 6028  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:16:09.0034 6028  ProtectedStorage - ok
10:16:09.0096 6028  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:16:09.0143 6028  Psched - ok
10:16:09.0205 6028  [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
10:16:09.0205 6028  PST Service ( UnsignedFile.Multi.Generic ) - warning
10:16:09.0205 6028  PST Service - detected UnsignedFile.Multi.Generic (1)
10:16:09.0268 6028  [ 2560DB8A045D185D362701D492E99D0F ] PTUMLBUS        C:\Windows\system32\DRIVERS\PTUMLBUS.sys
10:16:09.0283 6028  PTUMLBUS - ok
10:16:09.0346 6028  [ 66E99FFB64340CAC2FBA80C641FFDA42 ] ptumlcmsvc      C:\Windows\system32\ptumlcmsvc64.exe
10:16:09.0361 6028  ptumlcmsvc ( UnsignedFile.Multi.Generic ) - warning
10:16:09.0361 6028  ptumlcmsvc - detected UnsignedFile.Multi.Generic (1)
10:16:09.0408 6028  [ 0092419334CA8378B7D10B57FABFDCA6 ] PTUMLCVsp       C:\Windows\system32\DRIVERS\PTUMLCVsp.sys
10:16:09.0424 6028  PTUMLCVsp - ok
10:16:09.0470 6028  [ BB6D24C3AD3CB07B9567B000ABF77938 ] PTUMLMdm        C:\Windows\system32\DRIVERS\PTUMLMdm.sys
10:16:09.0486 6028  PTUMLMdm - ok
10:16:09.0533 6028  [ 5123769F12D0C8A1B3D36EFCEAE1CC0D ] PTUMLNET61      C:\Windows\system32\DRIVERS\PTUMLNET61.sys
10:16:09.0548 6028  PTUMLNET61 - ok
10:16:09.0564 6028  [ 0E67A3B1B5FAAFB986BE0973DA294E38 ] PTUMLNVsp       C:\Windows\system32\DRIVERS\PTUMLNVsp.sys
10:16:09.0580 6028  PTUMLNVsp - ok
10:16:09.0611 6028  [ F8EBA6F77D1FA4E2B21F91E72B4BF174 ] PTUMLRMNET      C:\Windows\system32\DRIVERS\PTUMLRMNET.sys
10:16:09.0626 6028  PTUMLRMNET - ok
10:16:09.0658 6028  [ B5E70B0FA8FC4768BE08EA8E48083995 ] PTUMLVsp        C:\Windows\system32\DRIVERS\PTUMLVsp.sys
10:16:09.0673 6028  PTUMLVsp - ok
10:16:09.0907 6028  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:16:09.0954 6028  ql2300 - ok
10:16:10.0001 6028  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:16:10.0016 6028  ql40xx - ok
10:16:10.0048 6028  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:16:10.0079 6028  QWAVE - ok
10:16:10.0094 6028  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:16:10.0126 6028  QWAVEdrv - ok
10:16:10.0157 6028  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:16:10.0219 6028  RasAcd - ok
10:16:10.0266 6028  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:16:10.0297 6028  RasAgileVpn - ok
10:16:10.0313 6028  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:16:10.0375 6028  RasAuto - ok
10:16:10.0422 6028  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:16:10.0469 6028  Rasl2tp - ok
10:16:10.0516 6028  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:16:10.0562 6028  RasMan - ok
10:16:10.0594 6028  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:16:10.0656 6028  RasPppoe - ok
10:16:10.0687 6028  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:16:10.0750 6028  RasSstp - ok
10:16:10.0796 6028  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:16:10.0843 6028  rdbss - ok
10:16:10.0859 6028  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:16:10.0968 6028  rdpbus - ok
10:16:11.0093 6028  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:16:11.0155 6028  RDPCDD - ok
10:16:11.0171 6028  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:16:11.0233 6028  RDPENCDD - ok
10:16:11.0249 6028  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:16:11.0280 6028  RDPREFMP - ok
10:16:11.0311 6028  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:16:11.0342 6028  RDPWD - ok
10:16:11.0405 6028  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:16:11.0436 6028  rdyboost - ok
10:16:11.0452 6028  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:16:11.0514 6028  RemoteAccess - ok
10:16:11.0545 6028  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:16:11.0608 6028  RemoteRegistry - ok
10:16:11.0686 6028  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:16:11.0701 6028  RichVideo - ok
10:16:11.0717 6028  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:16:11.0795 6028  RpcEptMapper - ok
10:16:11.0810 6028  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:16:11.0857 6028  RpcLocator - ok
10:16:11.0904 6028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:16:11.0951 6028  RpcSs - ok
10:16:11.0982 6028  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:16:12.0029 6028  rspndr - ok
10:16:12.0060 6028  [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
10:16:12.0091 6028  RSUSBSTOR - ok
10:16:12.0138 6028  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:16:12.0169 6028  RTL8167 - ok
10:16:12.0185 6028  RtsUIR - ok
10:16:12.0216 6028  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:16:12.0232 6028  SamSs - ok
10:16:12.0278 6028  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:16:12.0294 6028  sbp2port - ok
10:16:12.0341 6028  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:16:12.0403 6028  SCardSvr - ok
10:16:12.0450 6028  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:16:12.0528 6028  scfilter - ok
10:16:12.0590 6028  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:16:12.0668 6028  Schedule - ok
10:16:12.0715 6028  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:16:12.0746 6028  SCPolicySvc - ok
10:16:12.0809 6028  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
10:16:12.0824 6028  sdbus - ok
10:16:12.0871 6028  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:16:12.0902 6028  SDRSVC - ok
10:16:12.0949 6028  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:16:13.0012 6028  secdrv - ok
10:16:13.0058 6028  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:16:13.0105 6028  seclogon - ok
10:16:13.0152 6028  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
10:16:13.0214 6028  SENS - ok
10:16:13.0261 6028  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:16:13.0292 6028  SensrSvc - ok
10:16:13.0339 6028  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:16:13.0370 6028  Serenum - ok
10:16:13.0402 6028  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:16:13.0433 6028  Serial - ok
10:16:13.0464 6028  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:16:13.0495 6028  sermouse - ok
10:16:13.0542 6028  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:16:13.0604 6028  SessionEnv - ok
10:16:13.0651 6028  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:16:13.0698 6028  sffdisk - ok
10:16:13.0714 6028  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:16:13.0776 6028  sffp_mmc - ok
10:16:13.0776 6028  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:16:13.0807 6028  sffp_sd - ok
10:16:13.0838 6028  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:16:13.0885 6028  sfloppy - ok
10:16:13.0963 6028  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:16:14.0026 6028  SharedAccess - ok
10:16:14.0072 6028  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:16:14.0135 6028  ShellHWDetection - ok
10:16:14.0182 6028  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:16:14.0182 6028  SiSRaid2 - ok
10:16:14.0228 6028  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:16:14.0244 6028  SiSRaid4 - ok
10:16:14.0291 6028  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:16:14.0353 6028  Smb - ok
10:16:14.0400 6028  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:16:14.0431 6028  SNMPTRAP - ok
10:16:14.0462 6028  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:16:14.0478 6028  spldr - ok
10:16:14.0525 6028  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:16:14.0556 6028  Spooler - ok
10:16:14.0665 6028  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:16:14.0774 6028  sppsvc - ok
10:16:14.0806 6028  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:16:14.0868 6028  sppuinotify - ok
10:16:15.0008 6028  [ 9E399476E5D5E0D3C8822C857A7E9A9A ] SRTSP           C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
10:16:15.0040 6028  SRTSP - ok
10:16:15.0055 6028  [ 3D7717B582F0365E75071556936E5A6B ] SRTSPX          C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
10:16:15.0071 6028  SRTSPX - ok
10:16:15.0102 6028  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:16:15.0149 6028  srv - ok
10:16:15.0180 6028  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:16:15.0211 6028  srv2 - ok
10:16:15.0242 6028  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:16:15.0258 6028  SrvHsfHDA - ok
10:16:15.0305 6028  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:16:15.0352 6028  SrvHsfV92 - ok
10:16:15.0398 6028  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:16:15.0414 6028  SrvHsfWinac - ok
10:16:15.0461 6028  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:16:15.0492 6028  srvnet - ok
10:16:15.0539 6028  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:16:15.0617 6028  SSDPSRV - ok
10:16:15.0664 6028  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
10:16:15.0679 6028  SSPORT - ok
10:16:15.0679 6028  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:16:15.0726 6028  SstpSvc - ok
10:16:15.0757 6028  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:16:15.0773 6028  stexstor - ok
10:16:15.0820 6028  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:16:15.0866 6028  StillCam - ok
10:16:15.0929 6028  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:16:15.0960 6028  stisvc - ok
10:16:16.0007 6028  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:16:16.0022 6028  swenum - ok
10:16:16.0069 6028  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:16:16.0132 6028  swprv - ok
10:16:16.0210 6028  [ 4F87BB5389A93778EBC363B28271A65B ] SymEFA          C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
10:16:16.0241 6028  SymEFA - ok
10:16:16.0272 6028  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:16:16.0288 6028  SymEvent - ok
10:16:16.0303 6028  [ B4AF6633ECD674B74BD4E80788299D2A ] SYMFW           C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS
10:16:16.0319 6028  SYMFW - ok
10:16:16.0350 6028  [ 212BBF5A964513980D5DE9397381534F ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
10:16:16.0366 6028  SymIM - ok
10:16:16.0412 6028  [ D451A05F7E7B9D1F9F8FB76B2A16D786 ] SYMNDISV        C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS
10:16:16.0428 6028  SYMNDISV - ok
10:16:16.0444 6028  [ 33B37CB0A74F1F4B78A665ECE9184095 ] SYMTDI          C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
10:16:16.0459 6028  SYMTDI - ok
10:16:16.0490 6028  [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:16:16.0506 6028  SynTP - ok
10:16:16.0568 6028  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:16:16.0646 6028  SysMain - ok
10:16:16.0678 6028  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:16:16.0724 6028  TabletInputService - ok
10:16:16.0756 6028  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:16:16.0818 6028  TapiSrv - ok
10:16:16.0849 6028  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:16:16.0912 6028  TBS - ok
10:16:17.0005 6028  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:16:17.0068 6028  Tcpip - ok
10:16:17.0099 6028  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:16:17.0146 6028  TCPIP6 - ok
10:16:17.0177 6028  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:16:17.0224 6028  tcpipreg - ok
10:16:17.0270 6028  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:16:17.0302 6028  TDPIPE - ok
10:16:17.0348 6028  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:16:17.0380 6028  TDTCP - ok
10:16:17.0458 6028  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:16:17.0504 6028  tdx - ok
10:16:17.0551 6028  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:16:17.0582 6028  TermDD - ok
10:16:17.0629 6028  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:16:17.0723 6028  TermService - ok
10:16:17.0754 6028  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:16:17.0816 6028  Themes - ok
10:16:17.0863 6028  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:16:17.0910 6028  THREADORDER - ok
10:16:17.0926 6028  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:16:17.0988 6028  TrkWks - ok
10:16:18.0050 6028  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:16:18.0128 6028  TrustedInstaller - ok
10:16:18.0160 6028  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:16:18.0238 6028  tssecsrv - ok
10:16:18.0300 6028  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:16:18.0331 6028  TsUsbFlt - ok
10:16:18.0394 6028  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:16:18.0440 6028  tunnel - ok
10:16:18.0456 6028  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:16:18.0472 6028  uagp35 - ok
10:16:18.0518 6028  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:16:18.0612 6028  udfs - ok
10:16:18.0659 6028  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:16:18.0674 6028  UI0Detect - ok
10:16:18.0706 6028  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:16:18.0721 6028  uliagpkx - ok
10:16:18.0768 6028  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
10:16:18.0815 6028  umbus - ok
10:16:18.0846 6028  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:16:18.0877 6028  UmPass - ok
10:16:18.0908 6028  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:16:18.0971 6028  upnphost - ok
10:16:18.0986 6028  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:16:19.0033 6028  usbccgp - ok
10:16:19.0064 6028  USBCCID - ok
10:16:19.0096 6028  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:16:19.0127 6028  usbcir - ok
10:16:19.0158 6028  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:16:19.0205 6028  usbehci - ok
10:16:19.0252 6028  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:16:19.0298 6028  usbhub - ok
10:16:19.0330 6028  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:16:19.0345 6028  usbohci - ok
10:16:19.0376 6028  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:16:19.0423 6028  usbprint - ok
10:16:19.0454 6028  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:16:19.0486 6028  usbscan - ok
10:16:19.0517 6028  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:16:19.0548 6028  USBSTOR - ok
10:16:19.0595 6028  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:16:19.0642 6028  usbuhci - ok
10:16:19.0688 6028  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:16:19.0704 6028  usbvideo - ok
10:16:19.0735 6028  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:16:19.0813 6028  UxSms - ok
10:16:19.0844 6028  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:16:19.0860 6028  VaultSvc - ok
10:16:19.0891 6028  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:16:19.0891 6028  vdrvroot - ok
10:16:19.0954 6028  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:16:20.0032 6028  vds - ok
10:16:20.0078 6028  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:16:20.0110 6028  vga - ok
10:16:20.0125 6028  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:16:20.0188 6028  VgaSave - ok
10:16:20.0234 6028  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:16:20.0266 6028  vhdmp - ok
10:16:20.0312 6028  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:16:20.0328 6028  viaide - ok
10:16:20.0344 6028  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:16:20.0359 6028  volmgr - ok
10:16:20.0390 6028  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:16:20.0437 6028  volmgrx - ok
10:16:20.0453 6028  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:16:20.0468 6028  volsnap - ok
10:16:20.0515 6028  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:16:20.0531 6028  vsmraid - ok
10:16:20.0609 6028  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:16:20.0702 6028  VSS - ok
10:16:20.0749 6028  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:16:20.0780 6028  vwifibus - ok
10:16:20.0827 6028  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:16:20.0858 6028  vwififlt - ok
10:16:20.0890 6028  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:16:20.0936 6028  vwifimp - ok
10:16:21.0077 6028  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:16:21.0155 6028  W32Time - ok
10:16:21.0186 6028  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:16:21.0202 6028  WacomPen - ok
10:16:21.0264 6028  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:16:21.0342 6028  WANARP - ok
10:16:21.0342 6028  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:16:21.0389 6028  Wanarpv6 - ok
10:16:21.0451 6028  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:16:21.0498 6028  WatAdminSvc - ok
10:16:21.0576 6028  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:16:21.0638 6028  wbengine - ok
10:16:21.0670 6028  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:16:21.0685 6028  WbioSrvc - ok
10:16:21.0732 6028  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:16:21.0779 6028  wcncsvc - ok
10:16:21.0810 6028  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:16:21.0826 6028  WcsPlugInService - ok
10:16:21.0857 6028  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:16:21.0872 6028  Wd - ok
10:16:21.0919 6028  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:16:21.0950 6028  Wdf01000 - ok
10:16:21.0966 6028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:16:22.0013 6028  WdiServiceHost - ok
10:16:22.0013 6028  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:16:22.0044 6028  WdiSystemHost - ok
10:16:22.0091 6028  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:16:22.0138 6028  WebClient - ok
10:16:22.0184 6028  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:16:22.0262 6028  Wecsvc - ok
10:16:22.0294 6028  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:16:22.0340 6028  wercplsupport - ok
10:16:22.0372 6028  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:16:22.0434 6028  WerSvc - ok
10:16:22.0481 6028  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:16:22.0512 6028  WfpLwf - ok
10:16:22.0528 6028  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:16:22.0543 6028  WIMMount - ok
10:16:22.0590 6028  [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:16:22.0621 6028  winachsf - ok
10:16:22.0637 6028  WinDefend - ok
10:16:22.0652 6028  WinHttpAutoProxySvc - ok
10:16:22.0699 6028  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:16:22.0762 6028  Winmgmt - ok
10:16:22.0855 6028  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:16:22.0949 6028  WinRM - ok
10:16:23.0011 6028  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:16:23.0058 6028  WinUsb - ok
10:16:23.0105 6028  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:16:23.0198 6028  Wlansvc - ok
10:16:23.0339 6028  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:16:23.0386 6028  wlidsvc - ok
10:16:23.0432 6028  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:16:23.0448 6028  WmiAcpi - ok
10:16:23.0479 6028  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:16:23.0510 6028  wmiApSrv - ok
10:16:23.0573 6028  WMPNetworkSvc - ok
10:16:23.0604 6028  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:16:23.0620 6028  WPCSvc - ok
10:16:23.0651 6028  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:16:23.0682 6028  WPDBusEnum - ok
10:16:23.0698 6028  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:16:23.0744 6028  ws2ifsl - ok
10:16:23.0776 6028  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
10:16:23.0807 6028  wscsvc - ok
10:16:23.0822 6028  WSearch - ok
10:16:23.0916 6028  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:16:23.0978 6028  wuauserv - ok
10:16:24.0010 6028  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:16:24.0056 6028  WudfPf - ok
10:16:24.0134 6028  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:16:24.0150 6028  WUDFRd - ok
10:16:24.0197 6028  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:16:24.0228 6028  wudfsvc - ok
10:16:24.0275 6028  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:16:24.0322 6028  WwanSvc - ok
10:16:24.0384 6028  [ E8F3FA126A06F8E7088F63757112A186 ] XAudio          C:\Windows\system32\DRIVERS\XAudio64.sys
10:16:24.0431 6028  XAudio - ok
10:16:24.0493 6028  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
10:16:24.0524 6028  yukonw7 - ok
10:16:24.0571 6028  ================ Scan global ===============================
10:16:24.0587 6028  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:16:24.0634 6028  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:16:24.0634 6028  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:16:24.0665 6028  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:16:24.0696 6028  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:16:24.0696 6028  [Global] - ok
10:16:24.0696 6028  ================ Scan MBR ==================================
10:16:24.0727 6028  [ 790D362A4D78D926A387C9ECDDEA1152 ] \Device\Harddisk0\DR0
10:16:24.0727 6028  Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:16:24.0774 6028  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
10:16:24.0774 6028  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
10:16:24.0852 6028  ================ Scan VBR ==================================
10:16:24.0852 6028  [ 40785AAC6EE4936A8F336984EF34EDC2 ] \Device\Harddisk0\DR0\Partition1
10:16:24.0852 6028  \Device\Harddisk0\DR0\Partition1 - ok
10:16:24.0883 6028  [ D890AEAB26B687114BB5467CEB012C7F ] \Device\Harddisk0\DR0\Partition2
10:16:24.0883 6028  \Device\Harddisk0\DR0\Partition2 - ok
10:16:24.0930 6028  [ B726F95986DB65D5757D175EF3DC3CA8 ] \Device\Harddisk0\DR0\Partition3
10:16:24.0930 6028  \Device\Harddisk0\DR0\Partition3 - ok
10:16:24.0930 6028  ================ Scan active images ========================
10:16:24.0930 6028  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
10:16:24.0930 6028  C:\Windows\System32\drivers\crashdmp.sys - ok
10:16:24.0946 6028  [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
10:16:24.0946 6028  C:\Windows\System32\drivers\Dumpata.sys - ok
10:16:24.0946 6028  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
10:16:24.0946 6028  C:\Windows\System32\drivers\dumpfve.sys - ok
10:16:24.0961 6028  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] C:\Windows\System32\drivers\msahci.sys
10:16:24.0961 6028  C:\Windows\System32\drivers\msahci.sys - ok
10:16:24.0961 6028  [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
10:16:24.0961 6028  C:\Windows\System32\drivers\cdrom.sys - ok
10:16:24.0977 6028  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
10:16:24.0977 6028  C:\Windows\System32\drivers\null.sys - ok
10:16:24.0977 6028  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
10:16:24.0977 6028  C:\Windows\System32\drivers\beep.sys - ok
10:16:24.0992 6028  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
10:16:24.0992 6028  C:\Windows\System32\drivers\RDPCDD.sys - ok
10:16:24.0992 6028  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
10:16:24.0992 6028  C:\Windows\System32\drivers\vga.sys - ok
10:16:25.0008 6028  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
10:16:25.0008 6028  C:\Windows\System32\drivers\videoprt.sys - ok
10:16:25.0008 6028  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
10:16:25.0008 6028  C:\Windows\System32\drivers\watchdog.sys - ok
10:16:25.0024 6028  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
10:16:25.0024 6028  C:\Windows\System32\drivers\RDPENCDD.sys - ok
10:16:25.0024 6028  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
10:16:25.0024 6028  C:\Windows\System32\drivers\msfs.sys - ok
10:16:25.0024 6028  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
10:16:25.0024 6028  C:\Windows\System32\drivers\npfs.sys - ok
10:16:25.0039 6028  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
10:16:25.0039 6028  C:\Windows\System32\drivers\RDPREFMP.sys - ok
10:16:25.0039 6028  [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
10:16:25.0039 6028  C:\Windows\System32\drivers\tdi.sys - ok
10:16:25.0055 6028  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
10:16:25.0055 6028  C:\Windows\System32\drivers\tdx.sys - ok
10:16:25.0055 6028  [ 33B37CB0A74F1F4B78A665ECE9184095 ] C:\Windows\System32\drivers\NISx64\1008030.006\symtdi.sys
10:16:25.0055 6028  C:\Windows\System32\drivers\NISx64\1008030.006\symtdi.sys - ok
10:16:25.0070 6028  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] C:\Windows\System32\drivers\SYMEVENT64x86.SYS
10:16:25.0070 6028  C:\Windows\System32\drivers\SYMEVENT64x86.SYS - ok
10:16:25.0070 6028  [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
10:16:25.0070 6028  C:\Windows\System32\drivers\afd.sys - ok
10:16:25.0086 6028  [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
10:16:25.0086 6028  C:\Windows\System32\drivers\netbt.sys - ok
10:16:25.0086 6028  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
10:16:25.0086 6028  C:\Windows\System32\drivers\wfplwf.sys - ok
10:16:25.0102 6028  [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
10:16:25.0102 6028  C:\Windows\System32\drivers\ws2ifsl.sys - ok
10:16:25.0102 6028  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
10:16:25.0102 6028  C:\Windows\System32\drivers\netbios.sys - ok
10:16:25.0117 6028  [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
10:16:25.0117 6028  C:\Windows\System32\drivers\pacer.sys - ok
10:16:25.0117 6028  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
10:16:25.0117 6028  C:\Windows\System32\drivers\serial.sys - ok
10:16:25.0117 6028  [ 212BBF5A964513980D5DE9397381534F ] C:\Windows\System32\drivers\SymIMV.sys
10:16:25.0117 6028  C:\Windows\System32\drivers\SymIMV.sys - ok
10:16:25.0133 6028  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
10:16:25.0133 6028  C:\Windows\System32\drivers\vwififlt.sys - ok
10:16:25.0133 6028  [ 3D7717B582F0365E75071556936E5A6B ] C:\Windows\System32\drivers\NISx64\1008030.006\srtspx64.sys
10:16:25.0133 6028  C:\Windows\System32\drivers\NISx64\1008030.006\srtspx64.sys - ok
10:16:25.0148 6028  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
10:16:25.0148 6028  C:\Windows\System32\drivers\termdd.sys - ok
10:16:25.0148 6028  [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
10:16:25.0148 6028  C:\Windows\System32\drivers\wanarp.sys - ok
10:16:25.0164 6028  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
10:16:25.0164 6028  C:\Windows\System32\drivers\nsiproxy.sys - ok
10:16:25.0164 6028  [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
10:16:25.0164 6028  C:\Windows\System32\drivers\rdbss.sys - ok
10:16:25.0180 6028  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
10:16:25.0180 6028  C:\Windows\System32\drivers\mssmbios.sys - ok
10:16:25.0180 6028  [ A48928D4CCA6F8B731989DB08CF2C0AB ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130301.002\IDSviA64.sys
10:16:25.0180 6028  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130301.002\IDSviA64.sys - ok
10:16:25.0180 6028  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:16:25.0180 6028  C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys - ok
10:16:25.0195 6028  [ C5BCCB378D0A896304A3E71BE7215983 ] C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:16:25.0195 6028  C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
10:16:25.0195 6028  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
10:16:25.0195 6028  C:\Windows\System32\drivers\dfsc.sys - ok
10:16:25.0211 6028  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
10:16:25.0211 6028  C:\Windows\System32\drivers\discache.sys - ok
10:16:25.0211 6028  [ A2E6AB452B9393CA8D11D28827E0E1A1 ] C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys
10:16:25.0211 6028  C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys - ok
10:16:25.0226 6028  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
10:16:25.0226 6028  C:\Windows\System32\drivers\blbdrive.sys - ok
10:16:25.0226 6028  [ 4D7F8401EAE7EAA4EF702FA6F4153269 ] C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys
10:16:25.0226 6028  C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys - ok
10:16:25.0226 6028  [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
10:16:25.0242 6028  C:\Windows\System32\drivers\intelppm.sys - ok
10:16:25.0242 6028  [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
10:16:25.0242 6028  C:\Windows\System32\drivers\tunnel.sys - ok
10:16:25.0242 6028  [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
10:16:25.0242 6028  C:\Windows\System32\drivers\wmiacpi.sys - ok
10:16:25.0258 6028  [ 677AA5991026A65ADA128C4B59CF2BAD ] C:\Windows\System32\drivers\igdkmd64.sys
10:16:25.0258 6028  C:\Windows\System32\drivers\igdkmd64.sys - ok
10:16:25.0258 6028  [ F0371DE302FFFF8F086661611BE60848 ] C:\Windows\System32\smss.exe
10:16:25.0258 6028  C:\Windows\System32\smss.exe - ok
10:16:25.0273 6028  [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
10:16:25.0273 6028  C:\Windows\System32\ntdll.dll - ok
10:16:25.0273 6028  [ AF2E16242AA723F68F461B6EAE2EAD3D ] C:\Windows\System32\drivers\dxgkrnl.sys
10:16:25.0273 6028  C:\Windows\System32\drivers\dxgkrnl.sys - ok
10:16:25.0273 6028  [ 1F04CFB79DD5FB7694468CE3FB3DCC31 ] C:\Windows\System32\drivers\dxgmms1.sys
10:16:25.0273 6028  C:\Windows\System32\drivers\dxgmms1.sys - ok
10:16:25.0289 6028  [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
10:16:25.0289 6028  C:\Windows\System32\drivers\usbport.sys - ok
10:16:25.0289 6028  [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
10:16:25.0289 6028  C:\Windows\System32\drivers\usbehci.sys - ok
10:16:25.0304 6028  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
10:16:25.0304 6028  C:\Windows\System32\drivers\usbuhci.sys - ok
10:16:25.0304 6028  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
10:16:25.0304 6028  C:\Windows\System32\drivers\hdaudbus.sys - ok
10:16:25.0320 6028  [ B49DC435AE3695BAC5623DD94B05732D ] C:\Windows\System32\drivers\Rt64win7.sys
10:16:25.0320 6028  C:\Windows\System32\drivers\Rt64win7.sys - ok
10:16:25.0320 6028  [ 96ABF88241F90FF647E55C934C55C2F1 ] C:\Windows\System32\drivers\athrx.sys
10:16:25.0320 6028  C:\Windows\System32\drivers\athrx.sys - ok
10:16:25.0336 6028  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
10:16:25.0336 6028  C:\Windows\System32\drivers\i8042prt.sys - ok
10:16:25.0336 6028  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
10:16:25.0336 6028  C:\Windows\System32\drivers\vwifibus.sys - ok
10:16:25.0351 6028  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
10:16:25.0351 6028  C:\Windows\System32\autochk.exe - ok
10:16:25.0351 6028  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
10:16:25.0351 6028  C:\Windows\System32\lpk.dll - ok
10:16:25.0367 6028  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
10:16:25.0367 6028  C:\Windows\System32\normaliz.dll - ok
10:16:25.0367 6028  [ 9AF482D058BE59CC28BCE52E7C4B747C ] C:\Windows\System32\drivers\HpqKbFiltr.sys
10:16:25.0367 6028  C:\Windows\System32\drivers\HpqKbFiltr.sys - ok
10:16:25.0367 6028  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
10:16:25.0367 6028  C:\Windows\System32\drivers\kbdclass.sys - ok
10:16:25.0382 6028  [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
10:16:25.0382 6028  C:\Windows\System32\drivers\usbd.sys - ok
10:16:25.0382 6028  [ BCF305959B53B200CEB2AD25AD22F8A7 ] C:\Windows\System32\drivers\SynTP.sys
10:16:25.0382 6028  C:\Windows\System32\drivers\SynTP.sys - ok
10:16:25.0398 6028  [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
10:16:25.0398 6028  C:\Windows\System32\Wldap32.dll - ok
10:16:25.0398 6028  [ C9152A497D0CA33CE9D729F1179DDB01 ] C:\Windows\System32\urlmon.dll
10:16:25.0398 6028  C:\Windows\System32\urlmon.dll - ok
10:16:25.0398 6028  [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
10:16:25.0398 6028  C:\Windows\System32\ole32.dll - ok
10:16:25.0414 6028  [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
10:16:25.0414 6028  C:\Windows\System32\drivers\CmBatt.sys - ok
10:16:25.0414 6028  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
10:16:25.0414 6028  C:\Windows\System32\drivers\mouclass.sys - ok
10:16:25.0429 6028  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
10:16:25.0429 6028  C:\Windows\System32\drivers\agilevpn.sys - ok
10:16:25.0429 6028  [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
10:16:25.0429 6028  C:\Windows\System32\drivers\CompositeBus.sys - ok
10:16:25.0445 6028  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
10:16:25.0445 6028  C:\Windows\System32\drivers\ndistapi.sys - ok
10:16:25.0445 6028  [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
10:16:25.0445 6028  C:\Windows\System32\drivers\rasl2tp.sys - ok
10:16:25.0460 6028  [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
10:16:25.0460 6028  C:\Windows\System32\drivers\ndiswan.sys - ok
10:16:25.0460 6028  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
10:16:25.0460 6028  C:\Windows\System32\drivers\raspppoe.sys - ok
10:16:25.0460 6028  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
10:16:25.0460 6028  C:\Windows\System32\drivers\raspptp.sys - ok
10:16:25.0476 6028  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
10:16:25.0476 6028  C:\Windows\System32\drivers\rassstp.sys - ok
10:16:25.0476 6028  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
10:16:25.0476 6028  C:\Windows\System32\advapi32.dll - ok
10:16:25.0492 6028  [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
10:16:25.0492 6028  C:\Windows\System32\drivers\ks.sys - ok
10:16:25.0492 6028  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
10:16:25.0492 6028  C:\Windows\System32\drivers\swenum.sys - ok
10:16:25.0492 6028  [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
10:16:25.0492 6028  C:\Windows\System32\drivers\umbus.sys - ok
10:16:25.0507 6028  [ 12716D987D475B051F35895659159705 ] C:\Windows\System32\wininet.dll
10:16:25.0507 6028  C:\Windows\System32\wininet.dll - ok
10:16:25.0507 6028  [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
10:16:25.0507 6028  C:\Windows\System32\drivers\usbhub.sys - ok
10:16:25.0523 6028  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
10:16:25.0523 6028  C:\Windows\System32\psapi.dll - ok
10:16:25.0523 6028  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
10:16:25.0523 6028  C:\Windows\System32\sechost.dll - ok
10:16:25.0538 6028  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
10:16:25.0538 6028  C:\Windows\System32\drivers\ndproxy.sys - ok
10:16:25.0538 6028  [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
10:16:25.0538 6028  C:\Windows\System32\drivers\drmk.sys - ok
10:16:25.0538 6028  [ A44DFDB81DC62B11760881175E5B2266 ] C:\Windows\System32\drivers\CHDRT64.sys
10:16:25.0538 6028  C:\Windows\System32\drivers\CHDRT64.sys - ok
10:16:25.0554 6028  [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
10:16:25.0554 6028  C:\Windows\System32\drivers\ksthunk.sys - ok
10:16:25.0554 6028  [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
10:16:25.0554 6028  C:\Windows\System32\drivers\portcls.sys - ok
10:16:25.0570 6028  [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] C:\Windows\System32\drivers\CAXHWAZL.sys
10:16:25.0570 6028  C:\Windows\System32\drivers\CAXHWAZL.sys - ok
10:16:25.0570 6028  [ 26C5D00321937E49B6BC91029947D094 ] C:\Windows\System32\drivers\CAX_DPV.sys
10:16:25.0570 6028  C:\Windows\System32\drivers\CAX_DPV.sys - ok
10:16:25.0585 6028  [ A6EA7A3FC4B00F48535B506DB1E86EFD ] C:\Windows\System32\drivers\CAX_CNXT.sys
10:16:25.0585 6028  C:\Windows\System32\drivers\CAX_CNXT.sys - ok
10:16:25.0585 6028  [ 800BA92F7010378B09F9ED9270F07137 ] C:\Windows\System32\drivers\modem.sys
10:16:25.0585 6028  C:\Windows\System32\drivers\modem.sys - ok
10:16:25.0601 6028  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] C:\Windows\System32\drivers\IntcHdmi.sys
10:16:25.0601 6028  C:\Windows\System32\drivers\IntcHdmi.sys - ok
10:16:25.0601 6028  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
10:16:25.0601 6028  C:\Windows\System32\clbcatq.dll - ok
10:16:25.0601 6028  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
10:16:25.0601 6028  C:\Windows\System32\msctf.dll - ok
10:16:25.0616 6028  [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
10:16:25.0616 6028  C:\Windows\System32\shlwapi.dll - ok
10:16:25.0616 6028  [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
10:16:25.0616 6028  C:\Windows\System32\gdi32.dll - ok
10:16:25.0632 6028  [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
10:16:25.0632 6028  C:\Windows\System32\comdlg32.dll - ok
10:16:25.0632 6028  [ 1BFC94665BCA35F9001ADC7BFB167C63 ] C:\Windows\System32\shell32.dll
10:16:25.0632 6028  C:\Windows\System32\shell32.dll - ok
10:16:25.0648 6028  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
10:16:25.0648 6028  C:\Windows\System32\difxapi.dll - ok
10:16:25.0648 6028  [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
10:16:25.0648 6028  C:\Windows\System32\imagehlp.dll - ok
10:16:25.0663 6028  [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
10:16:25.0663 6028  C:\Windows\System32\rpcrt4.dll - ok
10:16:25.0663 6028  [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
10:16:25.0663 6028  C:\Windows\System32\kernel32.dll - ok
10:16:25.0663 6028  [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
10:16:25.0663 6028  C:\Windows\System32\drivers\usbccgp.sys - ok
10:16:25.0679 6028  [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
10:16:25.0679 6028  C:\Windows\System32\drivers\usbvideo.sys - ok
10:16:25.0679 6028  [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
10:16:25.0679 6028  C:\Windows\System32\usp10.dll - ok
10:16:25.0694 6028  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
10:16:25.0694 6028  C:\Windows\System32\imm32.dll - ok
10:16:25.0694 6028  [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
10:16:25.0694 6028  C:\Windows\System32\msvcrt.dll - ok
10:16:25.0710 6028  [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
10:16:25.0710 6028  C:\Windows\System32\user32.dll - ok
10:16:25.0710 6028  [ 1BDF694C5BA91A1576DA907DA3077EF8 ] C:\Windows\System32\iertutil.dll
10:16:25.0710 6028  C:\Windows\System32\iertutil.dll - ok
10:16:25.0710 6028  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
10:16:25.0710 6028  C:\Windows\System32\nsi.dll - ok
10:16:25.0726 6028  [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
10:16:25.0726 6028  C:\Windows\System32\oleaut32.dll - ok
10:16:25.0726 6028  [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
10:16:25.0726 6028  C:\Windows\System32\ws2_32.dll - ok
10:16:25.0741 6028  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
10:16:25.0741 6028  C:\Windows\System32\setupapi.dll - ok
10:16:25.0741 6028  [ 9094039A00485F71C4DE64BF51F64C46 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
10:16:25.0741 6028  C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
10:16:25.0757 6028  [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
10:16:25.0757 6028  C:\Windows\System32\wintrust.dll - ok
10:16:25.0757 6028  [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
10:16:25.0757 6028  C:\Windows\System32\cfgmgr32.dll - ok
10:16:25.0757 6028  [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
10:16:25.0757 6028  C:\Windows\System32\KernelBase.dll - ok
10:16:25.0772 6028  [ 64A4AB126E24FD3F58EBE64852773DB5 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
10:16:25.0772 6028  C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
10:16:25.0772 6028  [ A96D5ECA5742603E0E345C4F6B801F5E ] C:\Windows\System32\crypt32.dll
10:16:25.0772 6028  C:\Windows\System32\crypt32.dll - ok
10:16:25.0788 6028  [ F49E92B50CED5C9F1725D3C0329FD933 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
10:16:25.0788 6028  C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
10:16:25.0788 6028  [ 0E6FBF19D9DFBB77316C23DF91F8A101 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
10:16:25.0788 6028  C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
10:16:25.0804 6028  [ AFC3DB5C6EB8CA8017DDB81D6C0AD02A ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
10:16:25.0804 6028  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
10:16:25.0804 6028  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
10:16:25.0804 6028  C:\Windows\System32\comctl32.dll - ok
10:16:25.0819 6028  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
10:16:25.0819 6028  C:\Windows\System32\devobj.dll - ok
10:16:25.0819 6028  [ 72723D3E4781BADC62C3180C137E7B23 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
10:16:25.0819 6028  C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
10:16:25.0819 6028  [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
10:16:25.0819 6028  C:\Windows\System32\msasn1.dll - ok
10:16:25.0835 6028  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
10:16:25.0835 6028  C:\Windows\SysWOW64\normaliz.dll - ok
10:16:25.0835 6028  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
10:16:25.0835 6028  C:\Windows\System32\drivers\dxapi.sys - ok
10:16:25.0850 6028  [ A11523523B31086DD760C0189C763359 ] C:\Windows\System32\win32k.sys
10:16:25.0850 6028  C:\Windows\System32\win32k.sys - ok
10:16:25.0850 6028  [ CEC1EDF4022DC4DCA40384DCEC672B0E ] C:\Windows\System32\csrsrv.dll
10:16:25.0850 6028  C:\Windows\System32\csrsrv.dll - ok
10:16:25.0866 6028  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
10:16:25.0866 6028  C:\Windows\System32\csrss.exe - ok
10:16:25.0866 6028  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
10:16:25.0866 6028  C:\Windows\System32\basesrv.dll - ok
10:16:25.0866 6028  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
10:16:25.0866 6028  C:\Windows\System32\winsrv.dll - ok
10:16:25.0882 6028  [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
10:16:25.0882 6028  C:\Windows\System32\drivers\monitor.sys - ok
10:16:25.0882 6028  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
10:16:25.0882 6028  C:\Windows\System32\sxssrv.dll - ok
10:16:25.0897 6028  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
10:16:25.0897 6028  C:\Windows\System32\tsddd.dll - ok
10:16:25.0897 6028  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
10:16:25.0897 6028  C:\Windows\System32\wininit.exe - ok
10:16:25.0913 6028  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
10:16:25.0913 6028  C:\Windows\System32\profapi.dll - ok
10:16:25.0913 6028  [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
10:16:25.0913 6028  C:\Windows\System32\RpcRtRemote.dll - ok
10:16:25.0913 6028  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
10:16:25.0913 6028  C:\Windows\System32\version.dll - ok
10:16:25.0928 6028  [ 943F527DF79E6B400104341AA7023C75 ] C:\Windows\System32\cdd.dll
10:16:25.0928 6028  C:\Windows\System32\cdd.dll - ok
10:16:25.0928 6028  [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
10:16:25.0928 6028  C:\Windows\System32\KBDUS.DLL - ok
10:16:25.0944 6028  [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
10:16:25.0944 6028  C:\Windows\System32\sxs.dll - ok
10:16:25.0944 6028  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
10:16:25.0944 6028  C:\Windows\System32\WlS0WndH.dll - ok
10:16:25.0960 6028  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
10:16:25.0960 6028  C:\Windows\System32\cryptbase.dll - ok
10:16:25.0960 6028  [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
10:16:25.0960 6028  C:\Windows\System32\apphelp.dll - ok
10:16:25.0960 6028  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
10:16:25.0960 6028  C:\Windows\System32\services.exe - ok
10:16:25.0975 6028  [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
10:16:25.0975 6028  C:\Windows\System32\lsass.exe - ok
10:16:25.0975 6028  [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
10:16:25.0975 6028  C:\Windows\System32\lsm.exe - ok
10:16:25.0991 6028  [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
10:16:25.0991 6028  C:\Windows\System32\winlogon.exe - ok
10:16:25.0991 6028  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
10:16:25.0991 6028  C:\Windows\System32\sysntfy.dll - ok
10:16:26.0006 6028  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
10:16:26.0006 6028  C:\Windows\System32\wmsgapi.dll - ok
10:16:26.0006 6028  [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
10:16:26.0006 6028  C:\Windows\System32\sspicli.dll - ok
10:16:26.0006 6028  [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
10:16:26.0006 6028  C:\Windows\System32\scesrv.dll - ok
10:16:26.0022 6028  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
10:16:26.0022 6028  C:\Windows\System32\scext.dll - ok
10:16:26.0022 6028  [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
10:16:26.0022 6028  C:\Windows\System32\secur32.dll - ok
10:16:26.0038 6028  [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
10:16:26.0038 6028  C:\Windows\System32\srvcli.dll - ok
10:16:26.0038 6028  [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
10:16:26.0038 6028  C:\Windows\System32\sspisrv.dll - ok
10:16:26.0038 6028  [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
10:16:26.0038 6028  C:\Windows\System32\lsasrv.dll - ok
10:16:26.0053 6028  [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
10:16:26.0053 6028  C:\Windows\System32\winsta.dll - ok
10:16:26.0053 6028  [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
10:16:26.0053 6028  C:\Windows\System32\samsrv.dll - ok
10:16:26.0069 6028  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
10:16:26.0069 6028  C:\Windows\System32\cryptdll.dll - ok
10:16:26.0069 6028  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
10:16:26.0069 6028  C:\Windows\System32\wevtapi.dll - ok
10:16:26.0084 6028  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
10:16:26.0084 6028  C:\Windows\System32\authz.dll - ok
10:16:26.0084 6028  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
10:16:26.0084 6028  C:\Windows\System32\cngaudit.dll - ok
10:16:26.0084 6028  [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
10:16:26.0084 6028  C:\Windows\System32\ncrypt.dll - ok
10:16:26.0100 6028  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
10:16:26.0100 6028  C:\Windows\System32\bcrypt.dll - ok
10:16:26.0100 6028  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
10:16:26.0100 6028  C:\Windows\System32\msprivs.dll - ok
10:16:26.0116 6028  [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
10:16:26.0116 6028  C:\Windows\System32\netjoin.dll - ok
10:16:26.0116 6028  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
10:16:26.0116 6028  C:\Windows\System32\negoexts.dll - ok
10:16:26.0131 6028  [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
10:16:26.0131 6028  C:\Windows\System32\atmfd.dll - ok
10:16:26.0131 6028  [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
10:16:26.0131 6028  C:\Windows\System32\kerberos.dll - ok
10:16:26.0131 6028  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
10:16:26.0131 6028  C:\Windows\System32\cryptsp.dll - ok
10:16:26.0147 6028  [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
10:16:26.0147 6028  C:\Windows\System32\mswsock.dll - ok
10:16:26.0147 6028  [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
10:16:26.0147 6028  C:\Windows\System32\msv1_0.dll - ok
10:16:26.0162 6028  [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
10:16:26.0162 6028  C:\Windows\System32\netlogon.dll - ok
10:16:26.0162 6028  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
10:16:26.0162 6028  C:\Windows\System32\wship6.dll - ok
10:16:26.0178 6028  [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
10:16:26.0178 6028  C:\Windows\System32\dnsapi.dll - ok
10:16:26.0178 6028  [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
10:16:26.0178 6028  C:\Windows\System32\logoncli.dll - ok
10:16:26.0178 6028  [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
10:16:26.0178 6028  C:\Windows\System32\schannel.dll - ok
10:16:26.0194 6028  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
10:16:26.0194 6028  C:\Windows\System32\wdigest.dll - ok
10:16:26.0194 6028  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
10:16:26.0194 6028  C:\Windows\System32\rsaenh.dll - ok
10:16:26.0209 6028  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
10:16:26.0209 6028  C:\Windows\System32\pku2u.dll - ok
10:16:26.0209 6028  [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
10:16:26.0209 6028  C:\Windows\System32\TSpkg.dll - ok
10:16:26.0225 6028  [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
10:16:26.0225 6028  C:\Windows\System32\LIVESSP.DLL - ok
10:16:26.0225 6028  [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
10:16:26.0225 6028  C:\Windows\System32\bcryptprimitives.dll - ok
10:16:26.0240 6028  [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
10:16:26.0240 6028  C:\Windows\System32\credssp.dll - ok
10:16:26.0240 6028  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
10:16:26.0240 6028  C:\Windows\System32\efslsaext.dll - ok
10:16:26.0240 6028  [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
10:16:26.0240 6028  C:\Windows\System32\scecli.dll - ok
10:16:26.0256 6028  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
10:16:26.0256 6028  C:\Windows\System32\ubpm.dll - ok
10:16:26.0256 6028  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
10:16:26.0256 6028  C:\Windows\System32\svchost.exe - ok
10:16:26.0272 6028  [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
10:16:26.0272 6028  C:\Windows\System32\umpnpmgr.dll - ok
10:16:26.0272 6028  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
10:16:26.0272 6028  C:\Windows\System32\SPInf.dll - ok
10:16:26.0287 6028  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
10:16:26.0287 6028  C:\Windows\System32\devrtl.dll - ok
10:16:26.0287 6028  [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
10:16:26.0287 6028  C:\Windows\System32\userenv.dll - ok
10:16:26.0287 6028  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
10:16:26.0287 6028  C:\Windows\System32\gpapi.dll - ok
10:16:26.0303 6028  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
10:16:26.0303 6028  C:\Windows\System32\umpo.dll - ok
10:16:26.0303 6028  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
10:16:26.0303 6028  C:\Windows\System32\pcwum.dll - ok
10:16:26.0303 6028  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
10:16:26.0303 6028  C:\Windows\System32\powrprof.dll - ok
10:16:26.0318 6028  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
10:16:26.0318 6028  C:\Windows\System32\drivers\luafv.sys - ok
10:16:26.0318 6028  [ 0BB97D43299910CBFBA59C461B99B910 ] C:\Windows\System32\drivers\mbam.sys
10:16:26.0318 6028  C:\Windows\System32\drivers\mbam.sys - ok
10:16:26.0334 6028  [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
10:16:26.0334 6028  C:\Windows\System32\rpcss.dll - ok
10:16:26.0334 6028  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
10:16:26.0334 6028  C:\Windows\System32\RpcEpMap.dll - ok
10:16:26.0350 6028  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
10:16:26.0350 6028  C:\Windows\System32\WSHTCPIP.DLL - ok
10:16:26.0350 6028  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
10:16:26.0350 6028  C:\Windows\System32\wshqos.dll - ok
10:16:26.0365 6028  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
10:16:26.0365 6028  C:\Windows\System32\FirewallAPI.dll - ok
10:16:26.0365 6028  [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
10:16:26.0365 6028  C:\Windows\System32\LogonUI.exe - ok
10:16:26.0365 6028  [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
10:16:26.0365 6028  C:\Windows\System32\wevtsvc.dll - ok
10:16:26.0381 6028  [ 3EF480BFED1B5947A32585E30A58D4ED ] C:\Windows\System32\authui.dll
10:16:26.0381 6028  C:\Windows\System32\authui.dll - ok
10:16:26.0381 6028  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
10:16:26.0381 6028  C:\Windows\System32\profsvc.dll - ok
10:16:26.0396 6028  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
10:16:26.0396 6028  C:\Windows\System32\adtschema.dll - ok
10:16:26.0396 6028  [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
10:16:26.0396 6028  C:\Program Files\Windows Defender\MpEvMsg.dll - ok
10:16:26.0396 6028  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
10:16:26.0396 6028  C:\Windows\System32\netprofm.dll - ok
10:16:26.0412 6028  [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
10:16:26.0412 6028  C:\Windows\System32\cryptui.dll - ok
10:16:26.0412 6028  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
10:16:26.0412 6028  C:\Windows\System32\wlansvc.dll - ok
10:16:26.0428 6028  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
10:16:26.0428 6028  C:\Windows\System32\MPSSVC.dll - ok
10:16:26.0428 6028  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
10:16:26.0428 6028  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
10:16:26.0443 6028  [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
10:16:26.0443 6028  C:\Windows\System32\drivers\fltMgr.sys - ok
10:16:26.0443 6028  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL



#8 jonknite

jonknite
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 02 July 2013 - 02:07 PM

Part 2 of TDSSKiller plus the Rogue Killer report

 

10:16:26.0443 6028  C:\Windows\System32\PSHED.DLL - ok
10:16:26.0459 6028  [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
10:16:26.0459 6028  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
10:16:26.0459 6028  [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
10:16:26.0459 6028  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
10:16:26.0459 6028  [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
10:16:26.0459 6028  C:\Windows\System32\audiosrv.dll - ok
10:16:26.0474 6028  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
10:16:26.0474 6028  C:\Windows\System32\samlib.dll - ok
10:16:26.0474 6028  [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
10:16:26.0474 6028  C:\Windows\System32\shacct.dll - ok
10:16:26.0490 6028  [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
10:16:26.0490 6028  C:\Windows\System32\propsys.dll - ok
10:16:26.0490 6028  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
10:16:26.0490 6028  C:\Windows\System32\MMDevAPI.dll - ok
10:16:26.0506 6028  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
10:16:26.0506 6028  C:\Windows\System32\avrt.dll - ok
10:16:26.0506 6028  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
10:16:26.0506 6028  C:\Windows\System32\uxtheme.dll - ok
10:16:26.0506 6028  [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
10:16:26.0506 6028  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
10:16:26.0521 6028  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
10:16:26.0521 6028  C:\Windows\System32\dui70.dll - ok
10:16:26.0521 6028  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
10:16:26.0521 6028  C:\Windows\System32\duser.dll - ok
10:16:26.0537 6028  [ C4C183E6551084039EC862DA1C945E3D ] C:\Windows\System32\FntCache.dll
10:16:26.0537 6028  C:\Windows\System32\FntCache.dll - ok
10:16:26.0537 6028  [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
10:16:26.0537 6028  C:\Windows\System32\SndVolSSO.dll - ok
10:16:26.0552 6028  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
10:16:26.0552 6028  C:\Windows\System32\hid.dll - ok
10:16:26.0552 6028  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
10:16:26.0552 6028  C:\Windows\System32\dwmapi.dll - ok
10:16:26.0552 6028  [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
10:16:26.0552 6028  C:\Windows\System32\xmllite.dll - ok
10:16:26.0568 6028  [ 3D7BB6DD7A87B3E36E44CA94444247A8 ] C:\Windows\System32\WindowsCodecs.dll
10:16:26.0568 6028  C:\Windows\System32\WindowsCodecs.dll - ok
10:16:26.0568 6028  [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
10:16:26.0568 6028  C:\Windows\System32\mmcss.dll - ok
10:16:26.0584 6028  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
10:16:26.0584 6028  C:\Windows\System32\winmm.dll - ok
10:16:26.0584 6028  [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
10:16:26.0584 6028  C:\Windows\System32\dsound.dll - ok
10:16:26.0584 6028  [ F5CEF064C7E6D95DA86B9D064A56A969 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
10:16:26.0584 6028  C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
10:16:26.0599 6028  [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
10:16:26.0599 6028  C:\Windows\System32\winhttp.dll - ok
10:16:26.0599 6028  [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
10:16:26.0599 6028  C:\Windows\System32\audiodg.exe - ok
10:16:26.0615 6028  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
10:16:26.0615 6028  C:\Windows\System32\winbrand.dll - ok
10:16:26.0615 6028  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
10:16:26.0615 6028  C:\Windows\System32\VaultCredProvider.dll - ok
10:16:26.0630 6028  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
10:16:26.0630 6028  C:\Windows\System32\wtsapi32.dll - ok
10:16:26.0630 6028  [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
10:16:26.0630 6028  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
10:16:26.0646 6028  [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
10:16:26.0646 6028  C:\Windows\System32\BioCredProv.dll - ok
10:16:26.0646 6028  [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
10:16:26.0646 6028  C:\Windows\System32\winbio.dll - ok
10:16:26.0662 6028  [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
10:16:26.0662 6028  C:\Windows\System32\credui.dll - ok
10:16:26.0662 6028  [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
10:16:26.0662 6028  C:\Windows\System32\netapi32.dll - ok
10:16:26.0677 6028  [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
10:16:26.0677 6028  C:\Windows\System32\netutils.dll - ok
10:16:26.0677 6028  [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
10:16:26.0677 6028  C:\Windows\System32\vaultcli.dll - ok
10:16:26.0693 6028  [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
10:16:26.0693 6028  C:\Windows\System32\wkscli.dll - ok
10:16:26.0693 6028  [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
10:16:26.0693 6028  C:\Windows\System32\certCredProvider.dll - ok
10:16:26.0708 6028  [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
10:16:26.0708 6028  C:\Windows\System32\samcli.dll - ok
10:16:26.0708 6028  [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
10:16:26.0708 6028  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
10:16:26.0724 6028  [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
10:16:26.0724 6028  C:\Windows\System32\rasplap.dll - ok
10:16:26.0724 6028  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
10:16:26.0724 6028  C:\Windows\System32\rasapi32.dll - ok
10:16:26.0740 6028  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
10:16:26.0740 6028  C:\Windows\System32\rasman.dll - ok
10:16:26.0740 6028  [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
10:16:26.0740 6028  C:\Windows\System32\rtutils.dll - ok
10:16:26.0755 6028  [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
10:16:26.0755 6028  C:\Windows\System32\webio.dll - ok
10:16:26.0755 6028  [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
10:16:26.0755 6028  C:\Windows\System32\IPHLPAPI.DLL - ok
10:16:26.0771 6028  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
10:16:26.0771 6028  C:\Windows\System32\dhcpcsvc.dll - ok
10:16:26.0771 6028  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
10:16:26.0771 6028  C:\Windows\System32\winnsi.dll - ok
10:16:26.0771 6028  [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
10:16:26.0771 6028  C:\Windows\System32\dhcpcsvc6.dll - ok
10:16:26.0786 6028  [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
10:16:26.0786 6028  C:\Windows\System32\nlaapi.dll - ok
10:16:26.0786 6028  [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
10:16:26.0786 6028  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
10:16:26.0802 6028  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
10:16:26.0802 6028  C:\Windows\System32\rasadhlp.dll - ok
10:16:26.0802 6028  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
10:16:26.0802 6028  C:\Windows\System32\ntmarta.dll - ok
10:16:26.0818 6028  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
10:16:26.0818 6028  C:\Windows\System32\gpsvc.dll - ok
10:16:26.0818 6028  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
10:16:26.0818 6028  C:\Windows\System32\atl.dll - ok
10:16:26.0818 6028  [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
10:16:26.0818 6028  C:\Windows\System32\themeservice.dll - ok
10:16:26.0833 6028  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
10:16:26.0833 6028  C:\Windows\System32\dsrole.dll - ok
10:16:26.0833 6028  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
10:16:26.0833 6028  C:\Windows\System32\slc.dll - ok
10:16:26.0849 6028  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
10:16:26.0849 6028  C:\Windows\System32\es.dll - ok
10:16:26.0849 6028  [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
10:16:26.0849 6028  C:\Windows\System32\comres.dll - ok
10:16:26.0864 6028  [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
10:16:26.0864 6028  C:\Windows\System32\Sens.dll - ok
10:16:26.0864 6028  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
10:16:26.0864 6028  C:\Windows\System32\UXInit.dll - ok
10:16:26.0864 6028  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
10:16:26.0864 6028  C:\Windows\System32\uxsms.dll - ok
10:16:26.0880 6028  [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
10:16:26.0880 6028  C:\Windows\System32\drivers\lltdio.sys - ok
10:16:26.0880 6028  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
10:16:26.0880 6028  C:\Windows\System32\drivers\nwifi.sys - ok
10:16:26.0896 6028  [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
10:16:26.0896 6028  C:\Windows\System32\drivers\ndisuio.sys - ok
10:16:26.0896 6028  [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
10:16:26.0896 6028  C:\Windows\System32\drivers\rspndr.sys - ok
10:16:26.0911 6028  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
10:16:26.0911 6028  C:\Windows\System32\lmhsvc.dll - ok
10:16:26.0911 6028  [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
10:16:26.0911 6028  C:\Windows\System32\nrpsrv.dll - ok
10:16:26.0911 6028  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
10:16:26.0911 6028  C:\Windows\System32\dhcpcore.dll - ok
10:16:26.0927 6028  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
10:16:26.0927 6028  C:\Windows\System32\keyiso.dll - ok
10:16:26.0927 6028  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
10:16:26.0927 6028  C:\Windows\System32\nsisvc.dll - ok
10:16:26.0942 6028  [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
10:16:26.0942 6028  C:\Windows\System32\eapphost.dll - ok
10:16:26.0942 6028  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
10:16:26.0942 6028  C:\Windows\System32\eapsvc.dll - ok
10:16:26.0958 6028  [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
10:16:26.0958 6028  C:\Windows\System32\umb.dll - ok
10:16:26.0958 6028  [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
10:16:26.0958 6028  C:\Windows\System32\dhcpcore6.dll - ok
10:16:26.0958 6028  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
10:16:26.0958 6028  C:\Windows\System32\imageres.dll - ok
10:16:26.0974 6028  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
10:16:26.0974 6028  C:\Windows\System32\dnsrslvr.dll - ok
10:16:26.0974 6028  [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
10:16:26.0974 6028  C:\Windows\System32\wlanmsm.dll - ok
10:16:26.0989 6028  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
10:16:26.0989 6028  C:\Windows\System32\FWPUCLNT.DLL - ok
10:16:26.0989 6028  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
10:16:26.0989 6028  C:\Windows\System32\wlansec.dll - ok
10:16:27.0005 6028  [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
10:16:27.0005 6028  C:\Windows\System32\onex.dll - ok
10:16:27.0005 6028  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
10:16:27.0005 6028  C:\Windows\System32\eappcfg.dll - ok
10:16:27.0005 6028  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
10:16:27.0005 6028  C:\Windows\System32\eappprxy.dll - ok
10:16:27.0020 6028  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
10:16:27.0020 6028  C:\Windows\System32\dnsext.dll - ok
10:16:27.0020 6028  [ 11338E0557B07BC32CDB980B6EDB35AA ] C:\Windows\System32\ci.dll
10:16:27.0020 6028  C:\Windows\System32\ci.dll - ok
10:16:27.0036 6028  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
10:16:27.0036 6028  C:\Windows\System32\l2gpstore.dll - ok
10:16:27.0036 6028  [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
10:16:27.0036 6028  C:\Windows\System32\WinSCard.dll - ok
10:16:27.0052 6028  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
10:16:27.0052 6028  C:\Windows\System32\wlanutil.dll - ok
10:16:27.0052 6028  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
10:16:27.0052 6028  C:\Windows\System32\wlgpclnt.dll - ok
10:16:27.0052 6028  [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
10:16:27.0052 6028  C:\Windows\System32\msxml6.dll - ok
10:16:27.0067 6028  [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
10:16:27.0067 6028  C:\Windows\System32\shsvcs.dll - ok
10:16:27.0067 6028  [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
10:16:27.0067 6028  C:\Windows\System32\wlanext.exe - ok
10:16:27.0083 6028  [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
10:16:27.0083 6028  C:\Windows\System32\schedsvc.dll - ok
10:16:27.0083 6028  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
10:16:27.0083 6028  C:\Windows\System32\ktmw32.dll - ok
10:16:27.0083 6028  [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
10:16:27.0083 6028  C:\Windows\System32\conhost.exe - ok
10:16:27.0098 6028  [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
10:16:27.0098 6028  C:\Windows\System32\fveapi.dll - ok
10:16:27.0098 6028  [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
10:16:27.0098 6028  C:\Windows\System32\fvecerts.dll - ok
10:16:27.0114 6028  [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
10:16:27.0114 6028  C:\Windows\System32\tbs.dll - ok
10:16:27.0114 6028  [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
10:16:27.0114 6028  C:\Windows\System32\taskcomp.dll - ok
10:16:27.0114 6028  [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
10:16:27.0114 6028  C:\Windows\System32\wiarpc.dll - ok
10:16:27.0130 6028  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
10:16:27.0130 6028  C:\Windows\System32\drivers\http.sys - ok
10:16:27.0130 6028  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
10:16:27.0130 6028  C:\Windows\System32\spoolsv.exe - ok
10:16:27.0145 6028  [ C33EF36ADBD680D166FD9146B5EAF9E2 ] C:\Windows\System32\athihvs.dll
10:16:27.0145 6028  C:\Windows\System32\athihvs.dll - ok
10:16:27.0145 6028  [ C07D5582F2107ACAB4564E1DAE977C64 ] C:\Windows\ehome\ehprivjob.exe
10:16:27.0145 6028  C:\Windows\ehome\ehprivjob.exe - ok
10:16:27.0161 6028  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
10:16:27.0161 6028  C:\Windows\System32\wlanapi.dll - ok
10:16:27.0161 6028  [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
10:16:27.0161 6028  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
10:16:27.0176 6028  [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
10:16:27.0176 6028  C:\Windows\System32\netcfgx.dll - ok
10:16:27.0176 6028  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
10:16:27.0176 6028  C:\Windows\System32\drivers\vwifimp.sys - ok
10:16:27.0176 6028  [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
10:16:27.0176 6028  C:\Windows\System32\BFE.DLL - ok
10:16:27.0192 6028  [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
10:16:27.0192 6028  C:\Windows\System32\sppc.dll - ok
10:16:27.0192 6028  [ 9E0FF5DDD8B908DA5611445C35D6CD24 ] C:\Windows\System32\slcext.dll
10:16:27.0192 6028  C:\Windows\System32\slcext.dll - ok
10:16:27.0208 6028  [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
10:16:27.0208 6028  C:\Windows\System32\drivers\bowser.sys - ok
10:16:27.0208 6028  [ 6F5BE3F67D7F66FFA861ABBFC6A8C973 ] C:\Windows\System32\sppcext.dll
10:16:27.0208 6028  C:\Windows\System32\sppcext.dll - ok
10:16:27.0208 6028  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
10:16:27.0208 6028  C:\Windows\System32\drivers\mpsdrv.sys - ok
10:16:27.0223 6028  [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
10:16:27.0223 6028  C:\Windows\System32\drivers\mrxsmb.sys - ok
10:16:27.0223 6028  [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
10:16:27.0223 6028  C:\Windows\System32\drivers\mrxsmb10.sys - ok
10:16:27.0239 6028  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
10:16:27.0239 6028  C:\Windows\System32\drivers\mrxsmb20.sys - ok
10:16:27.0239 6028  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
10:16:27.0239 6028  C:\Windows\System32\wfapigp.dll - ok
10:16:27.0254 6028  [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
10:16:27.0254 6028  C:\Windows\System32\wkssvc.dll - ok
10:16:27.0254 6028  [ 3BDCBB29D727C49DC3E3256253467281 ] C:\Windows\System32\wmdrmsdk.dll
10:16:27.0254 6028  C:\Windows\System32\wmdrmsdk.dll - ok
10:16:27.0270 6028  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:16:27.0270 6028  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
10:16:27.0270 6028  [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
10:16:27.0270 6028  C:\Windows\SysWOW64\ntdll.dll - ok
10:16:27.0270 6028  [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
10:16:27.0270 6028  C:\Windows\System32\mscms.dll - ok
10:16:27.0286 6028  [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
10:16:27.0286 6028  C:\Windows\System32\wow64.dll - ok
10:16:27.0286 6028  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
10:16:27.0286 6028  C:\Windows\System32\pcasvc.dll - ok
10:16:27.0301 6028  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
10:16:27.0301 6028  C:\Windows\System32\snmptrap.exe - ok
10:16:27.0301 6028  [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
10:16:27.0301 6028  C:\Windows\System32\wow64win.dll - ok
10:16:27.0317 6028  [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
10:16:27.0317 6028  C:\Windows\System32\wow64cpu.dll - ok
10:16:27.0317 6028  [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
10:16:27.0317 6028  C:\Windows\SysWOW64\kernel32.dll - ok
10:16:27.0317 6028  [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
10:16:27.0317 6028  C:\Windows\System32\provsvc.dll - ok
10:16:27.0332 6028  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
10:16:27.0332 6028  C:\Windows\System32\sstpsvc.dll - ok
10:16:27.0332 6028  [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
10:16:27.0332 6028  C:\Windows\System32\mfplat.dll - ok
10:16:27.0348 6028  [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
10:16:27.0348 6028  C:\Windows\SysWOW64\KernelBase.dll - ok
10:16:27.0348 6028  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
10:16:27.0348 6028  C:\Windows\SysWOW64\user32.dll - ok
10:16:27.0364 6028  [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
10:16:27.0364 6028  C:\Windows\SysWOW64\gdi32.dll - ok
10:16:27.0364 6028  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
10:16:27.0364 6028  C:\Windows\SysWOW64\lpk.dll - ok
10:16:27.0379 6028  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
10:16:27.0379 6028  C:\Windows\SysWOW64\usp10.dll - ok
10:16:27.0379 6028  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
10:16:27.0379 6028  C:\Windows\SysWOW64\msvcrt.dll - ok
10:16:27.0379 6028  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
10:16:27.0379 6028  C:\Windows\SysWOW64\advapi32.dll - ok
10:16:27.0395 6028  [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
10:16:27.0395 6028  C:\Windows\SysWOW64\rpcrt4.dll - ok
10:16:27.0395 6028  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
10:16:27.0395 6028  C:\Windows\SysWOW64\sechost.dll - ok
10:16:27.0410 6028  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
10:16:27.0410 6028  C:\Windows\SysWOW64\cryptbase.dll - ok
10:16:27.0410 6028  [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\SysWOW64\shell32.dll
10:16:27.0410 6028  C:\Windows\SysWOW64\shell32.dll - ok
10:16:27.0426 6028  [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
10:16:27.0426 6028  C:\Windows\SysWOW64\sspicli.dll - ok
10:16:27.0426 6028  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
10:16:27.0426 6028  C:\Windows\SysWOW64\shlwapi.dll - ok
10:16:27.0426 6028  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
10:16:27.0426 6028  C:\Windows\SysWOW64\ole32.dll - ok
10:16:27.0442 6028  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
10:16:27.0442 6028  C:\Windows\SysWOW64\oleaut32.dll - ok
10:16:27.0442 6028  [ 92245C959E5BC378809D2CC5E9F6E9C7 ] C:\Windows\SysWOW64\crypt32.dll
10:16:27.0442 6028  C:\Windows\SysWOW64\crypt32.dll - ok
10:16:27.0457 6028  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
10:16:27.0457 6028  C:\Windows\SysWOW64\msasn1.dll - ok
10:16:27.0457 6028  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
10:16:27.0457 6028  C:\Windows\SysWOW64\wintrust.dll - ok
10:16:27.0473 6028  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
10:16:27.0473 6028  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
10:16:27.0473 6028  [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
10:16:27.0473 6028  C:\Windows\SysWOW64\imm32.dll - ok
10:16:27.0473 6028  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
10:16:27.0473 6028  C:\Windows\SysWOW64\msctf.dll - ok
10:16:27.0488 6028  [ B3DC4D1658093C1E486CA9F22180BECF ] C:\Windows\SysWOW64\urlmon.dll
10:16:27.0488 6028  C:\Windows\SysWOW64\urlmon.dll - ok
10:16:27.0488 6028  [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
10:16:27.0488 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
10:16:27.0504 6028  [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
10:16:27.0504 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
10:16:27.0504 6028  [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
10:16:27.0504 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
10:16:27.0520 6028  [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
10:16:27.0520 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
10:16:27.0520 6028  [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
10:16:27.0520 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - ok
10:16:27.0535 6028  [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
10:16:27.0535 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - ok
10:16:27.0535 6028  [ F383B1AD5D7FDC1ACB0D900B50572F8D ] C:\Windows\SysWOW64\iertutil.dll
10:16:27.0535 6028  C:\Windows\SysWOW64\iertutil.dll - ok
10:16:27.0535 6028  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
10:16:27.0535 6028  C:\Windows\SysWOW64\version.dll - ok
10:16:27.0551 6028  [ 2473CA6595A2659D7039A4A89FECA269 ] C:\Windows\SysWOW64\wininet.dll
10:16:27.0551 6028  C:\Windows\SysWOW64\wininet.dll - ok
10:16:27.0551 6028  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] C:\Windows\System32\cryptsvc.dll
10:16:27.0551 6028  C:\Windows\System32\cryptsvc.dll - ok
10:16:27.0566 6028  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
10:16:27.0566 6028  C:\Windows\System32\dps.dll - ok
10:16:27.0566 6028  [ 2C4C22EA1735F21F355EB1A39832F7DF ] C:\Windows\System32\cryptnet.dll
10:16:27.0566 6028  C:\Windows\System32\cryptnet.dll - ok
10:16:27.0582 6028  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
10:16:27.0582 6028  C:\Windows\System32\vssapi.dll - ok
10:16:27.0582 6028  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
10:16:27.0582 6028  C:\Windows\System32\taskschd.dll - ok
10:16:27.0598 6028  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
10:16:27.0598 6028  C:\Windows\System32\vsstrace.dll - ok
10:16:27.0598 6028  [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
10:16:27.0598 6028  C:\Windows\System32\FDResPub.dll - ok
10:16:27.0598 6028  [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
10:16:27.0598 6028  C:\Windows\System32\WSDApi.dll - ok
10:16:27.0613 6028  [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
10:16:27.0613 6028  C:\Windows\System32\webservices.dll - ok
10:16:27.0613 6028  [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll
10:16:27.0613 6028  C:\Windows\ehome\ehtrace.dll - ok
10:16:27.0613 6028  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
10:16:27.0613 6028  C:\Windows\System32\fundisc.dll - ok
10:16:27.0629 6028  [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
10:16:27.0629 6028  C:\Windows\System32\IKEEXT.DLL - ok
10:16:27.0629 6028  [ 447256D1C026654C5CD3CC17E7B20631 ] C:\Windows\SysWOW64\XAudio64.dll
10:16:27.0629 6028  C:\Windows\SysWOW64\XAudio64.dll - ok
10:16:27.0644 6028  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:16:27.0644 6028  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - ok
10:16:27.0644 6028  [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
10:16:27.0644 6028  C:\Windows\System32\httpapi.dll - ok
10:16:27.0660 6028  [ 6C57BA95C820865BCFB96C53CE7C2C68 ] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
10:16:27.0660 6028  C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll - ok
10:16:27.0660 6028  [ 8B7997B0C843AE353C7AD4FC520DBE47 ] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
10:16:27.0660 6028  C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll - ok
10:16:27.0660 6028  [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
10:16:27.0660 6028  C:\Windows\System32\vpnikeapi.dll - ok
10:16:27.0676 6028  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
10:16:27.0676 6028  C:\Windows\SysWOW64\psapi.dll - ok
10:16:27.0676 6028  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
10:16:27.0676 6028  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
10:16:27.0691 6028  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
10:16:27.0691 6028  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
10:16:27.0691 6028  [ 65085456FD9A74D7F1A999520C299ECB ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:16:27.0691 6028  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
10:16:27.0707 6028  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
10:16:27.0707 6028  C:\Windows\SysWOW64\profapi.dll - ok
10:16:27.0707 6028  [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
10:16:27.0707 6028  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
10:16:27.0722 6028  [ 9275F02BEA644F43A459E316A932658F ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
10:16:27.0722 6028  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
10:16:27.0722 6028  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
10:16:27.0722 6028  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
10:16:27.0722 6028  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
10:16:27.0722 6028  C:\Windows\SysWOW64\nsi.dll - ok
10:16:27.0738 6028  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
10:16:27.0738 6028  C:\Windows\SysWOW64\winnsi.dll - ok
10:16:27.0738 6028  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
10:16:27.0738 6028  C:\Windows\SysWOW64\ws2_32.dll - ok
10:16:27.0754 6028  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
10:16:27.0754 6028  C:\Windows\SysWOW64\userenv.dll - ok
10:16:27.0754 6028  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
10:16:27.0754 6028  C:\Windows\SysWOW64\wtsapi32.dll - ok
10:16:27.0769 6028  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:16:27.0769 6028  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
10:16:27.0769 6028  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
10:16:27.0769 6028  C:\Windows\SysWOW64\cryptsp.dll - ok
10:16:27.0785 6028  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
10:16:27.0785 6028  C:\Windows\SysWOW64\rsaenh.dll - ok
10:16:27.0785 6028  [ 80D8679BF84A9383BFF33E07D5D9FC35 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
10:16:27.0785 6028  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
10:16:27.0785 6028  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
10:16:27.0785 6028  C:\Windows\SysWOW64\mpr.dll - ok
10:16:27.0800 6028  [ E4F44EC214B3E381E1FC844A02926666 ] C:\Windows\System32\drivers\mdmxsdk.sys
10:16:27.0800 6028  C:\Windows\System32\drivers\mdmxsdk.sys - ok
10:16:27.0800 6028  [ FDF0D78147DA8B2A93FE42D9A14C1B0B ] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
10:16:27.0800 6028  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe - ok
10:16:27.0816 6028  [ 74FD5CAEECD78EE880AE015FDE96A147 ] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
10:16:27.0816 6028  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll - ok
10:16:27.0816 6028  [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
10:16:27.0816 6028  C:\Windows\SysWOW64\cfgmgr32.dll - ok
10:16:27.0832 6028  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
10:16:27.0832 6028  C:\Windows\SysWOW64\setupapi.dll - ok
10:16:27.0832 6028  [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
10:16:27.0832 6028  C:\Windows\SysWOW64\devobj.dll - ok
10:16:27.0832 6028  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
10:16:27.0832 6028  C:\Windows\SysWOW64\winmm.dll - ok
10:16:27.0847 6028  [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
10:16:27.0847 6028  C:\Windows\SysWOW64\mfc42.dll - ok
10:16:27.0847 6028  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
10:16:27.0847 6028  C:\Windows\SysWOW64\wsock32.dll - ok
10:16:27.0863 6028  [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
10:16:27.0863 6028  C:\Windows\SysWOW64\odbc32.dll - ok
10:16:27.0863 6028  [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
10:16:27.0863 6028  C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
10:16:27.0878 6028  [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
10:16:27.0878 6028  C:\Windows\SysWOW64\odbcint.dll - ok
10:16:27.0878 6028  [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
10:16:27.0878 6028  C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
10:16:27.0878 6028  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
10:16:27.0878 6028  C:\Windows\System32\netman.dll - ok
10:16:27.0894 6028  [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
10:16:27.0894 6028  C:\Windows\System32\nlasvc.dll - ok
10:16:27.0894 6028  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
10:16:27.0894 6028  C:\Windows\SysWOW64\mswsock.dll - ok
10:16:27.0910 6028  [ 64C89DB40949FD0E7C8FF303676A91F1 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
10:16:27.0910 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe - ok
10:16:27.0910 6028  [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
10:16:27.0910 6028  C:\Windows\System32\ncsi.dll - ok
10:16:27.0925 6028  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
10:16:27.0925 6028  C:\Windows\System32\ssdpapi.dll - ok
10:16:27.0925 6028  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
10:16:27.0925 6028  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
10:16:27.0925 6028  [ 9E95363FFD92C19BFD5DFAD317BF2589 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccL80U.dll
10:16:27.0925 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccL80U.dll - ok
10:16:27.0941 6028  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
10:16:27.0941 6028  C:\Windows\SysWOW64\dbghelp.dll - ok
10:16:27.0941 6028  [ 8664C9A3B0CBF8E45ABFA48BB7DFE0E3 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccVrTrst.dll
10:16:27.0941 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccVrTrst.dll - ok
10:16:27.0956 6028  [ D3FA6D7F2A1AD28AF9B2D2F02D8AF67A ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\EFACli.dll
10:16:27.0956 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\EFACli.dll - ok
10:16:27.0956 6028  [ B667E7643D459234C8A5D87DC80462C1 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymNeti.dll
10:16:27.0956 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymNeti.dll - ok
10:16:27.0972 6028  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
10:16:27.0972 6028  C:\Windows\SysWOW64\winsta.dll - ok
10:16:27.0972 6028  [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
10:16:27.0972 6028  C:\Windows\System32\aepic.dll - ok
10:16:27.0988 6028  [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
10:16:27.0988 6028  C:\Windows\System32\drivers\PEAuth.sys - ok
10:16:27.0988 6028  [ FA7CCBBC0D643818DCBE8D2C10D64A33 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvc.dll
10:16:27.0988 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvc.dll - ok
10:16:27.0988 6028  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
10:16:27.0988 6028  C:\Windows\System32\sfc.dll - ok
10:16:28.0003 6028  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
10:16:28.0003 6028  C:\Windows\System32\sfc_os.dll - ok
10:16:28.0003 6028  [ 10EE7B8092FCAD11BEBDB10D602BA05B ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\Srtsp32.dll
10:16:28.0003 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\Srtsp32.dll - ok
10:16:28.0019 6028  [ EA735BF6DF13A857A83C99BF27A422AD ] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
10:16:28.0019 6028  C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe - ok
10:16:28.0019 6028  [ 9B15623C57D07D3C3024BEB7C1447527 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccIPC.dll
10:16:28.0019 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccIPC.dll - ok
10:16:28.0034 6028  [ 66E99FFB64340CAC2FBA80C641FFDA42 ] C:\Windows\System32\ptumlcmsvc64.exe
10:16:28.0034 6028  C:\Windows\System32\ptumlcmsvc64.exe - ok
10:16:28.0034 6028  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
10:16:28.0034 6028  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
10:16:28.0050 6028  [ B6B56EEA6FFE7D5DDD8756E68F2DF8F4 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll
10:16:28.0050 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll - ok
10:16:28.0050 6028  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
10:16:28.0050 6028  C:\Windows\SysWOW64\winhttp.dll - ok
10:16:28.0050 6028  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
10:16:28.0050 6028  C:\Windows\SysWOW64\webio.dll - ok
10:16:28.0066 6028  [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
10:16:28.0066 6028  C:\Windows\SysWOW64\secur32.dll - ok
10:16:28.0066 6028  [ 8182208C50D7256DF8A03CFB6A488DBB ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSet.dll
10:16:28.0066 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSet.dll - ok
10:16:28.0081 6028  [ E8C28635AC4E946DD5653D77132BD7D1 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSPlug.dll
10:16:28.0081 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSPlug.dll - ok
10:16:28.0081 6028  [ 498EB62A160674E793FA40FD65390625 ] C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:16:28.0081 6028  C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe - ok
10:16:28.0097 6028  [ 422D691C7795AB22ECAD8600B724F2A3 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\uiPerfsv.dll
10:16:28.0097 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\uiPerfsv.dll - ok
10:16:28.0097 6028  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
10:16:28.0097 6028  C:\Windows\SysWOW64\ntmarta.dll - ok
10:16:28.0097 6028  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
10:16:28.0097 6028  C:\Windows\SysWOW64\Wldap32.dll - ok
10:16:28.0112 6028  [ FA4B19EF00299ABA267658ABBBA9EA7E ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccJobMgr.dll
10:16:28.0112 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccJobMgr.dll - ok
10:16:28.0112 6028  [ 4322B31072F2481292ACEE06A23A9AA0 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSFFPl.dll
10:16:28.0112 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSFFPl.dll - ok
10:16:28.0128 6028  [ D3F9C2CD46A4D5E49AD3E22F6923869C ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWCore.dll
10:16:28.0128 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWCore.dll - ok
10:16:28.0128 6028  [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
10:16:28.0128 6028  C:\Windows\System32\drivers\secdrv.sys - ok
10:16:28.0144 6028  [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
10:16:28.0144 6028  C:\Windows\System32\seclogon.dll - ok
10:16:28.0144 6028  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
10:16:28.0144 6028  C:\Windows\SysWOW64\clbcatq.dll - ok
10:16:28.0144 6028  [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
10:16:28.0144 6028  C:\Windows\System32\drivers\srvnet.sys - ok
10:16:28.0159 6028  [ 0211AB46B73A2623B86C1CFCB30579AB ] C:\Windows\System32\drivers\SSPORT.sys
10:16:28.0159 6028  C:\Windows\System32\drivers\SSPORT.sys - ok
10:16:28.0159 6028  [ 93659F3B85CFED41825F609161CBF7FB ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\htec.dll
10:16:28.0159 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\htec.dll - ok
10:16:28.0175 6028  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
10:16:28.0175 6028  C:\Windows\SysWOW64\netapi32.dll - ok
10:16:28.0175 6028  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
10:16:28.0175 6028  C:\Windows\SysWOW64\netutils.dll - ok
10:16:28.0190 6028  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
10:16:28.0190 6028  C:\Windows\SysWOW64\srvcli.dll - ok
10:16:28.0190 6028  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
10:16:28.0190 6028  C:\Windows\SysWOW64\wkscli.dll - ok
10:16:28.0190 6028  [ 5CC40498D6EA2D2E82D7617D06FE77EB ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ncwTrust.dll
10:16:28.0190 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ncwTrust.dll - ok
10:16:28.0206 6028  [ C371BD0997CE47CA32301D82BDCBF8DB ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVPSVC32.dll
10:16:28.0206 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVPSVC32.dll - ok
10:16:28.0206 6028  [ 14D289F63D9538306CB560C4CD12172F ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130301.002\IDSxpx86.dll
10:16:28.0206 6028  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130301.002\IDSxpx86.dll - ok
10:16:28.0222 6028  [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
10:16:28.0222 6028  C:\Windows\System32\aeevts.dll - ok
10:16:28.0222 6028  [ 70DE615623555A16EE8FA63F96C6B9E6 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccGEvt.dll
10:16:28.0222 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccGEvt.dll - ok
10:16:28.0237 6028  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
10:16:28.0237 6028  C:\Windows\SysWOW64\dhcpcsvc.dll - ok
10:16:28.0237 6028  [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
10:16:28.0237 6028  C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
10:16:28.0253 6028  [ 50F76323253CE77DE6664AAAFAB02985 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\BHSvcPlg.dll
10:16:28.0253 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\BHSvcPlg.dll - ok
10:16:28.0253 6028  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
10:16:28.0253 6028  C:\Windows\System32\drivers\tcpipreg.sys - ok
10:16:28.0268 6028  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
10:16:28.0268 6028  C:\Windows\System32\sysmain.dll - ok
10:16:28.0268 6028  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
10:16:28.0268 6028  C:\Windows\System32\tapisrv.dll - ok
10:16:28.0268 6028  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
10:16:28.0268 6028  C:\Windows\System32\wiaservc.dll - ok
10:16:28.0284 6028  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
10:16:28.0284 6028  C:\Windows\SysWOW64\msi.dll - ok
10:16:28.0284 6028  [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
10:16:28.0284 6028  C:\Windows\System32\wiatrace.dll - ok
10:16:28.0300 6028  [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
10:16:28.0300 6028  C:\Windows\System32\trkwks.dll - ok
10:16:28.0300 6028  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
10:16:28.0300 6028  C:\Windows\SysWOW64\sfc.dll - ok
10:16:28.0315 6028  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
10:16:28.0315 6028  C:\Windows\SysWOW64\sfc_os.dll - ok
10:16:28.0315 6028  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
10:16:28.0315 6028  C:\Windows\SysWOW64\winspool.drv - ok
10:16:28.0315 6028  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
10:16:28.0315 6028  C:\Windows\SysWOW64\powrprof.dll - ok
10:16:28.0331 6028  [ 7FE3DE9DBE14205627B2D6D79ECFF770 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IDSAux.dll
10:16:28.0331 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IDSAux.dll - ok
10:16:28.0331 6028  [ 016E71D45E5421483CB262419E71DFD3 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccGLog.dll
10:16:28.0331 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccGLog.dll - ok
10:16:28.0346 6028  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
10:16:28.0346 6028  C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
10:16:28.0346 6028  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
10:16:28.0346 6028  C:\Windows\SysWOW64\wbemcomn.dll - ok
10:16:28.0362 6028  [ EEDDEF1A7623619FBED118E6A3A27DED ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSubEng.dll
10:16:28.0362 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSubEng.dll - ok
10:16:28.0362 6028  [ 3BC6F51501B1F96AB4B03AA2B5D032E5 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SNDSvc.dll
10:16:28.0362 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SNDSvc.dll - ok
10:16:28.0362 6028  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
10:16:28.0362 6028  C:\Windows\System32\wbem\WMIsvc.dll - ok
10:16:28.0378 6028  [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:16:28.0378 6028  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
10:16:28.0378 6028  [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
10:16:28.0378 6028  C:\Program Files\Windows Defender\MpSvc.dll - ok
10:16:28.0393 6028  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
10:16:28.0393 6028  C:\Windows\System32\wbemcomn.dll - ok
10:16:28.0393 6028  [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
10:16:28.0393 6028  C:\Program Files\Windows Defender\MpClient.dll - ok
10:16:28.0409 6028  [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
10:16:28.0409 6028  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
10:16:28.0409 6028  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
10:16:28.0409 6028  C:\Windows\System32\wbem\fastprox.dll - ok
10:16:28.0409 6028  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
10:16:28.0409 6028  C:\Windows\System32\wbem\WinMgmtR.dll - ok
10:16:28.0424 6028  [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
10:16:28.0424 6028  C:\Windows\System32\wbem\wbemcore.dll - ok
10:16:28.0424 6028  [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
10:16:28.0424 6028  C:\Windows\System32\esent.dll - ok
10:16:28.0440 6028  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
10:16:28.0440 6028  C:\Windows\System32\ntdsapi.dll - ok
10:16:28.0440 6028  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
10:16:28.0440 6028  C:\Windows\System32\wbem\wbemprox.dll - ok
10:16:28.0456 6028  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
10:16:28.0456 6028  C:\Windows\System32\wbem\esscli.dll - ok
10:16:28.0456 6028  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
10:16:28.0456 6028  C:\Windows\System32\wbem\wbemsvc.dll - ok
10:16:28.0456 6028  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
10:16:28.0456 6028  C:\Windows\System32\wbem\wmiutils.dll - ok
10:16:28.0471 6028  [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
10:16:28.0471 6028  C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
10:16:28.0471 6028  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
10:16:28.0471 6028  C:\Windows\System32\SensApi.dll - ok
10:16:28.0487 6028  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
10:16:28.0487 6028  C:\Windows\System32\wbem\repdrvfs.dll - ok
10:16:28.0487 6028  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
10:16:28.0487 6028  C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
10:16:28.0502 6028  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
10:16:28.0502 6028  C:\Windows\SysWOW64\rasapi32.dll - ok
10:16:28.0502 6028  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
10:16:28.0502 6028  C:\Windows\System32\wer.dll - ok
10:16:28.0502 6028  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
10:16:28.0502 6028  C:\Windows\SysWOW64\rasman.dll - ok
10:16:28.0518 6028  [ BBF9D987A16A9CDA18DAF8CAA070A1D0 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coSvcPlg.dll
10:16:28.0518 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coSvcPlg.dll - ok
10:16:28.0518 6028  [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
10:16:28.0518 6028  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
10:16:28.0534 6028  [ E8F3FA126A06F8E7088F63757112A186 ] C:\Windows\System32\drivers\XAudio64.sys
10:16:28.0534 6028  C:\Windows\System32\drivers\XAudio64.sys - ok
10:16:28.0534 6028  [ DC1BBA01FFB5745B8862931E7DE7304A ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
10:16:28.0534 6028  C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
10:16:28.0549 6028  [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
10:16:28.0549 6028  C:\Windows\System32\msxml3.dll - ok
10:16:28.0549 6028  [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
10:16:28.0549 6028  C:\Program Files\Windows Defender\MpRTP.dll - ok
10:16:28.0549 6028  [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
10:16:28.0549 6028  C:\Windows\System32\tdh.dll - ok
10:16:28.0565 6028  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
10:16:28.0565 6028  C:\Windows\System32\ncobjapi.dll - ok
10:16:28.0565 6028  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
10:16:28.0565 6028  C:\Windows\System32\drivers\srv2.sys - ok
10:16:28.0580 6028  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
10:16:28.0580 6028  C:\Windows\System32\drivers\srv.sys - ok
10:16:28.0580 6028  [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\SysWOW64\cabinet.dll
10:16:28.0580 6028  C:\Windows\SysWOW64\cabinet.dll - ok
10:16:28.0596 6028  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
10:16:28.0596 6028  C:\Windows\SysWOW64\wbem\fastprox.dll - ok
10:16:28.0596 6028  [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
10:16:28.0596 6028  C:\Windows\System32\rasmans.dll - ok
10:16:28.0612 6028  [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
10:16:28.0612 6028  C:\Windows\System32\iphlpsvc.dll - ok
10:16:28.0612 6028  [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
10:16:28.0612 6028  C:\Windows\System32\sqmapi.dll - ok
10:16:28.0612 6028  [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
10:16:28.0612 6028  C:\Windows\System32\wdscore.dll - ok
10:16:28.0627 6028  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
10:16:28.0627 6028  C:\Windows\SysWOW64\ntdsapi.dll - ok
10:16:28.0627 6028  [ 91AD0140701CF93DE6FF520F32AF8078 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\isDataPr.dll
10:16:28.0627 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\isDataPr.dll - ok
10:16:28.0643 6028  [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
10:16:28.0643 6028  C:\Windows\System32\rastapi.dll - ok
10:16:28.0643 6028  [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
10:16:28.0643 6028  C:\Windows\System32\tapi32.dll - ok
10:16:28.0658 6028  [ BAD37CD02764EC1654DF3AA8C45DB1FA ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coFFPlgn.dll
10:16:28.0658 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coFFPlgn.dll - ok
10:16:28.0658 6028  [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
10:16:28.0658 6028  C:\Windows\System32\srvsvc.dll - ok
10:16:28.0674 6028  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
10:16:28.0674 6028  C:\Windows\System32\browser.dll - ok
10:16:28.0674 6028  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
10:16:28.0674 6028  C:\Windows\System32\wbem\wbemess.dll - ok
10:16:28.0690 6028  [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
10:16:28.0690 6028  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
10:16:28.0690 6028  [ BA9976AF1946D955E46E44AFF26D856F ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\mpengine.dll
10:16:28.0690 6028  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\mpengine.dll - ok
10:16:28.0705 6028  [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
10:16:28.0705 6028  C:\Windows\System32\netmsg.dll - ok
10:16:28.0705 6028  [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
10:16:28.0705 6028  C:\Windows\System32\clusapi.dll - ok
10:16:28.0705 6028  [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
10:16:28.0705 6028  C:\Windows\System32\sscore.dll - ok
10:16:28.0721 6028  [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
10:16:28.0721 6028  C:\Windows\System32\unimdm.tsp - ok
10:16:28.0721 6028  [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
10:16:28.0721 6028  C:\Windows\System32\uniplat.dll - ok
10:16:28.0736 6028  [ C1446A66BB89FC3AA2485C67562247DA ] C:\Windows\System32\modemui.dll
10:16:28.0736 6028  C:\Windows\System32\modemui.dll - ok
10:16:28.0736 6028  [ 2472BDF30C62F3E81AE27A968C25608C ] C:\Windows\System32\unimdmat.dll
10:16:28.0736 6028  C:\Windows\System32\unimdmat.dll - ok
10:16:28.0752 6028  [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
10:16:28.0752 6028  C:\Windows\SysWOW64\netprofm.dll - ok
10:16:28.0752 6028  [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
10:16:28.0752 6028  C:\Windows\System32\hidphone.tsp - ok
10:16:28.0768 6028  [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
10:16:28.0768 6028  C:\Windows\System32\kmddsp.tsp - ok
10:16:28.0768 6028  [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
10:16:28.0768 6028  C:\Windows\System32\ndptsp.tsp - ok
10:16:28.0783 6028  [ 9EB748E241AF1759C98F85FEAF15FBB7 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWGenPlg.dll
10:16:28.0783 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWGenPlg.dll - ok
10:16:28.0783 6028  [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
10:16:28.0783 6028  C:\Windows\System32\resutils.dll - ok
10:16:28.0783 6028  [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
10:16:28.0783 6028  C:\Windows\SysWOW64\nlaapi.dll - ok
10:16:28.0799 6028  [ BAD37CD02764EC1654DF3AA8C45DB1FA ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
10:16:28.0799 6028  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll - ok
10:16:28.0799 6028  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
10:16:28.0799 6028  C:\Windows\System32\hnetcfg.dll - ok
10:16:28.0814 6028  [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
10:16:28.0814 6028  C:\Windows\System32\nci.dll - ok
10:16:28.0814 6028  [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
10:16:28.0814 6028  C:\Windows\System32\rasppp.dll - ok
10:16:28.0830 6028  [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
10:16:28.0830 6028  C:\Windows\System32\vpnike.dll - ok
10:16:28.0830 6028  [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
10:16:28.0830 6028  C:\Windows\System32\raschap.dll - ok
10:16:28.0830 6028  [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
10:16:28.0830 6028  C:\Windows\System32\winspool.drv - ok
10:16:28.0846 6028  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
10:16:28.0846 6028  C:\Windows\SysWOW64\rtutils.dll - ok
10:16:28.0846 6028  [ 23DC7C3D5C991720CC0F0CA4FD77F77F ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVifc.dll
10:16:28.0846 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVifc.dll - ok
10:16:28.0861 6028  [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
10:16:28.0861 6028  C:\Windows\System32\ipnathlp.dll - ok
10:16:28.0861 6028  [ 8B59FBBCE13B9A0BCFDCFAFAC962F621 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AppMgr32.dll
10:16:28.0861 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AppMgr32.dll - ok
10:16:28.0877 6028  [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
10:16:28.0877 6028  C:\Windows\System32\localspl.dll - ok
10:16:28.0877 6028  [ 5A72F87F75A5EA7B46DC3AD87302FE00 ] C:\Windows\SysWOW64\msjetoledb40.dll
10:16:28.0877 6028  C:\Windows\SysWOW64\msjetoledb40.dll - ok
10:16:28.0892 6028  [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
10:16:28.0892 6028  C:\Windows\System32\mprapi.dll - ok
10:16:28.0892 6028  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
10:16:28.0892 6028  C:\Windows\System32\netshell.dll - ok
10:16:28.0892 6028  [ C9380B96A0D51B8109D19D13467ADA0B ] C:\Windows\SysWOW64\msjet40.dll
10:16:28.0892 6028  C:\Windows\SysWOW64\msjet40.dll - ok
10:16:28.0908 6028  [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
10:16:28.0908 6028  C:\Windows\System32\spoolss.dll - ok
10:16:28.0908 6028  [ 43F966BCD94DC323A8FEF49376A2932D ] C:\Windows\System32\DELR1L6.DLL
10:16:28.0908 6028  C:\Windows\System32\DELR1L6.DLL - ok
10:16:28.0924 6028  [ 059B16DB7FD14D38B7F4E312D793B972 ] C:\Windows\System32\E_ILMFRA.DLL
10:16:28.0924 6028  C:\Windows\System32\E_ILMFRA.DLL - ok
10:16:28.0924 6028  [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
10:16:28.0924 6028  C:\Windows\System32\PrintIsolationProxy.dll - ok
10:16:28.0939 6028  [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
10:16:28.0939 6028  C:\Windows\System32\FXSMON.dll - ok
10:16:28.0939 6028  [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
10:16:28.0939 6028  C:\Windows\System32\tcpmon.dll - ok
10:16:28.0939 6028  [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
10:16:28.0939 6028  C:\Windows\System32\snmpapi.dll - ok
10:16:28.0955 6028  [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
10:16:28.0955 6028  C:\Windows\System32\wsnmp32.dll - ok
10:16:28.0955 6028  [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
10:16:28.0955 6028  C:\Windows\System32\usbmon.dll - ok
10:16:28.0970 6028  [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
10:16:28.0970 6028  C:\Windows\System32\WSDMon.dll - ok
10:16:28.0970 6028  [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
10:16:28.0970 6028  C:\Windows\System32\fdPnp.dll - ok
10:16:28.0986 6028  [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
10:16:28.0986 6028  C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
10:16:28.0986 6028  [ 1F55C7C1E338047DC5E329011A781FB3 ] C:\Windows\SysWOW64\mswstr10.dll
10:16:28.0986 6028  C:\Windows\SysWOW64\mswstr10.dll - ok
10:16:28.0986 6028  [ FDC385A0F7D7DD880C4622D1DF08ABE9 ] C:\Windows\System32\ntprint.dll
10:16:29.0002 6028  C:\Windows\System32\ntprint.dll - ok
10:16:29.0002 6028  [ 0219B6F2329F4C1BC24580C83D0F3645 ] C:\Windows\SysWOW64\msjint40.dll
10:16:29.0002 6028  C:\Windows\SysWOW64\msjint40.dll - ok
10:16:29.0002 6028  [ 870285A6C2429CFC47FF95DA49313664 ] C:\Windows\SysWOW64\msjter40.dll
10:16:29.0002 6028  C:\Windows\SysWOW64\msjter40.dll - ok
10:16:29.0017 6028  [ 8564D9B4794E0E28312601091237ED18 ] C:\Windows\System32\spool\prtprocs\x64\DELR1pc.dll
10:16:29.0017 6028  C:\Windows\System32\spool\prtprocs\x64\DELR1pc.dll - ok
10:16:29.0017 6028  [ 67CF11E00D026A5C0C88EA5F84D501E5 ] C:\Windows\System32\win32spl.dll
10:16:29.0017 6028  C:\Windows\System32\win32spl.dll - ok
10:16:29.0033 6028  [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
10:16:29.0033 6028  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
10:16:29.0033 6028  [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
10:16:29.0033 6028  C:\Windows\System32\inetpp.dll - ok
10:16:29.0048 6028  [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
10:16:29.0048 6028  C:\Windows\System32\wdi.dll - ok
10:16:29.0048 6028  [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
10:16:29.0048 6028  C:\Windows\System32\diagperf.dll - ok
10:16:29.0048 6028  [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
10:16:29.0048 6028  C:\Windows\System32\perftrack.dll - ok
10:16:29.0064 6028  [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
10:16:29.0064 6028  C:\Windows\System32\wpdbusenum.dll - ok
10:16:29.0064 6028  [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
10:16:29.0064 6028  C:\Windows\System32\PortableDeviceApi.dll - ok
10:16:29.0080 6028  [ E2095C5CBE19CB17F8C6B07A5805B784 ] C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
10:16:29.0080 6028  C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll - ok
10:16:29.0080 6028  [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
10:16:29.0080 6028  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
10:16:29.0095 6028  [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
10:16:29.0095 6028  C:\Windows\System32\NapiNSP.dll - ok
10:16:29.0095 6028  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
10:16:29.0095 6028  C:\Windows\System32\npmproxy.dll - ok
10:16:29.0095 6028  [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
10:16:29.0095 6028  C:\Windows\System32\pnrpnsp.dll - ok
10:16:29.0111 6028  [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
10:16:29.0111 6028  C:\Windows\System32\winrnr.dll - ok
10:16:29.0111 6028  [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
10:16:29.0111 6028  C:\Windows\System32\mprmsg.dll - ok
10:16:29.0126 6028  [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
10:16:29.0126 6028  C:\Windows\System32\ndiscapCfg.dll - ok
10:16:29.0126 6028  [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
10:16:29.0126 6028  C:\Windows\System32\rascfg.dll - ok
10:16:29.0142 6028  [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
10:16:29.0142 6028  C:\Windows\System32\tcpipcfg.dll - ok
10:16:29.0142 6028  [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
10:16:29.0142 6028  C:\Windows\System32\Apphlpdm.dll - ok
10:16:29.0158 6028  [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
10:16:29.0158 6028  C:\Windows\System32\pnpts.dll - ok
10:16:29.0158 6028  [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
10:16:29.0158 6028  C:\Windows\System32\wdiasqmmodule.dll - ok
10:16:29.0173 6028  [ 26535C8F7105D7C2767C93FDFC49CF57 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\mpasbase.vdm
10:16:29.0173 6028  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\mpasbase.vdm - ok
10:16:29.0173 6028  [ A99C4D1B5E7E794EC5779CF14F431932 ] C:\Windows\SysWOW64\msdart.dll
10:16:29.0173 6028  C:\Windows\SysWOW64\msdart.dll - ok
10:16:29.0173 6028  [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
10:16:29.0173 6028  C:\Windows\System32\taskhost.exe - ok
10:16:29.0189 6028  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
10:16:29.0189 6028  C:\Windows\SysWOW64\bcrypt.dll - ok
10:16:29.0189 6028  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
10:16:29.0189 6028  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
10:16:29.0204 6028  [ 8859C0357D3C1499BEF65C7D5BBF7A40 ] C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll
10:16:29.0204 6028  C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll - ok
10:16:29.0204 6028  [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
10:16:29.0204 6028  C:\Windows\System32\wbem\cimwin32.dll - ok
10:16:29.0204 6028  [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
10:16:29.0220 6028  C:\Windows\System32\framedynos.dll - ok
10:16:29.0220 6028  [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
10:16:29.0220 6028  C:\Windows\System32\dimsjob.dll - ok
10:16:29.0220 6028  [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
10:16:29.0220 6028  C:\Windows\System32\certcli.dll - ok
10:16:29.0236 6028  [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
10:16:29.0236 6028  C:\Windows\System32\pautoenr.dll - ok
10:16:29.0236 6028  [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
10:16:29.0236 6028  C:\Windows\System32\CertEnroll.dll - ok
10:16:29.0251 6028  [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
10:16:29.0251 6028  C:\Windows\System32\cscapi.dll - ok
10:16:29.0251 6028  [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
10:16:29.0251 6028  C:\Windows\System32\wlaninst.dll - ok
10:16:29.0267 6028  [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
10:16:29.0267 6028  C:\Windows\System32\wwaninst.dll - ok
10:16:29.0267 6028  [ F774DB03213C2014363DE8D22DD6BBEF ] C:\Windows\SysWOW64\msjtes40.dll
10:16:29.0267 6028  C:\Windows\SysWOW64\msjtes40.dll - ok
10:16:29.0267 6028  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
10:16:29.0267 6028  C:\Windows\SysWOW64\npmproxy.dll - ok
10:16:29.0282 6028  [ EFF10B20A6F094BC75385791C526546D ] C:\Windows\SysWOW64\expsrv.dll
10:16:29.0282 6028  C:\Windows\SysWOW64\expsrv.dll - ok
10:16:29.0282 6028  [ 73D1680C94C1B57F6D8E49B2AE8122ED ] C:\Windows\SysWOW64\vbajet32.dll
10:16:29.0282 6028  C:\Windows\SysWOW64\vbajet32.dll - ok
10:16:29.0298 6028  [ 8C7D907F45B9799DB815600EDE58E7C7 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWHelper.dll
10:16:29.0298 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWHelper.dll - ok
10:16:29.0298 6028  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
10:16:29.0298 6028  C:\Windows\System32\IPSECSVC.DLL - ok
10:16:29.0298 6028  [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
10:16:29.0298 6028  C:\Windows\System32\FwRemoteSvr.dll - ok
10:16:29.0314 6028  [ 731F30A150DCDFA3C43DDDC3A639EC0F ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ISDataSv.dll
10:16:29.0314 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ISDataSv.dll - ok
10:16:29.0314 6028  [ 262C6C64BE5BC4B1E97A9675A562DBC4 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltLMC.dll
10:16:29.0314 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltLMC.dll - ok
10:16:29.0329 6028  [ 73C2FB42BD4040A90B683569AB633044 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CLTLMS.DLL
10:16:29.0329 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CLTLMS.DLL - ok
10:16:29.0329 6028  [ A10657EAD5503C91D8D364BA2ADB7B69 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\mpasdlta.vdm
10:16:29.0329 6028  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{819125E9-E536-4448-8818-C80E9CD123ED}\mpasdlta.vdm - ok
10:16:29.0345 6028  [ 03685E9EED7DC017F4986930ECE84BBB ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymRdrSv.dll
10:16:29.0345 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymRdrSv.dll - ok
10:16:29.0345 6028  [ 2C2BE6006C058AD0D5031B0D1867959F ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\BHClient.dll
10:16:29.0345 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\BHClient.dll - ok
10:16:29.0360 6028  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
10:16:29.0360 6028  C:\Windows\SysWOW64\cscapi.dll - ok
10:16:29.0360 6028  [ F2834898F1470D392A74A6771DF9A74E ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
10:16:29.0360 6028  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll - ok
10:16:29.0376 6028  [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
10:16:29.0376 6028  C:\Windows\System32\spfileq.dll - ok
10:16:29.0376 6028  [ 1897BD995EFE2AA93C87B7BAD50F0791 ] C:\Windows\System32\spool\drivers\x64\3\mxdwdrv.dll
10:16:29.0376 6028  C:\Windows\System32\spool\drivers\x64\3\mxdwdrv.dll - ok
10:16:29.0376 6028  [ A1E45589FAC353D48CF8C342BFCBDDA3 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\hncore.dll
10:16:29.0376 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\hncore.dll - ok
10:16:29.0392 6028  [ EA1EA603902B1F5E30C2EEBCC974E799 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVModule.dll
10:16:29.0392 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVModule.dll - ok
10:16:29.0392 6028  [ A65FE5CD64D3ED79CE699ACC566A38DF ] C:\Windows\System32\spool\drivers\x64\3\FXSDRV.DLL
10:16:29.0392 6028  C:\Windows\System32\spool\drivers\x64\3\FXSDRV.DLL - ok
10:16:29.0407 6028  [ 6F413C1D9581FFBC27DFBAF8D1E358B5 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltLMJ.dll
10:16:29.0407 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltLMJ.dll - ok
10:16:29.0407 6028  [ AA5607632A1A84ABD82EAA5929800F62 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\DefUtDCD.dll
10:16:29.0407 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\DefUtDCD.dll - ok
10:16:29.0423 6028  [ 8EE84D6B8CCB808834D7E41713520A9D ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ducclib.dll
10:16:29.0423 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ducclib.dll - ok
10:16:29.0423 6028  [ 5287F9DE559E5D9ED7FFEDAC91270068 ] C:\Windows\System32\spool\drivers\x64\3\DELR1.DLL
10:16:29.0423 6028  C:\Windows\System32\spool\drivers\x64\3\DELR1.DLL - ok
10:16:29.0438 6028  [ 876AFFC7ED37A39109E85E32947ABBF7 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130302.016\NAVENG32.DLL
10:16:29.0438 6028  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130302.016\NAVENG32.DLL - ok
10:16:29.0438 6028  [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\SysWOW64\pdh.dll
10:16:29.0438 6028  C:\Windows\SysWOW64\pdh.dll - ok
10:16:29.0454 6028  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
10:16:29.0454 6028  C:\Windows\SysWOW64\credssp.dll - ok
10:16:29.0454 6028  [ E6A9C015DCB58D66E4E71FD74A008FF6 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWSetup.dll
10:16:29.0454 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWSetup.dll - ok
10:16:29.0454 6028  [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\SysWOW64\perfos.dll
10:16:29.0454 6028  C:\Windows\SysWOW64\perfos.dll - ok
10:16:29.0470 6028  [ B92E9318F7E4AEF633B8EC3A873565AF ] C:\Windows\SysWOW64\perfdisk.dll
10:16:29.0470 6028  C:\Windows\SysWOW64\perfdisk.dll - ok
10:16:29.0470 6028  [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
10:16:29.0470 6028  C:\Program Files\Windows Defender\MsMpLics.dll - ok
10:16:29.0485 6028  [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
10:16:29.0485 6028  C:\Windows\System32\wscapi.dll - ok
10:16:29.0485 6028  [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
10:16:29.0485 6028  C:\Windows\System32\wscisvif.dll - ok
10:16:29.0485 6028  [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
10:16:29.0485 6028  C:\Windows\System32\wscproxystub.dll - ok
10:16:29.0501 6028  [ AB2F2F56064E8AA8634C790956860A3D ] C:\Windows\System32\ieframe.dll
10:16:29.0501 6028  C:\Windows\System32\ieframe.dll - ok
10:16:29.0501 6028  [ 9108540E866F75C7AF2B91DD921A8091 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
10:16:29.0501 6028  C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
10:16:29.0516 6028  [ FB4045578F5180BDB1963AB352B78548 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10:16:29.0516 6028  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
10:16:29.0516 6028  [ 5C41AF3F4B83340D2783CE8FDE30566A ] C:\Windows\System32\mshtml.dll
10:16:29.0516 6028  C:\Windows\System32\mshtml.dll - ok
10:16:29.0532 6028  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
10:16:29.0532 6028  C:\Windows\System32\mlang.dll - ok
10:16:29.0532 6028  [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
10:16:29.0532 6028  C:\Windows\System32\msimtf.dll - ok
10:16:29.0548 6028  [ 396D851E3B6ECB9990718C25567ABBB9 ] C:\Windows\System32\jscript9.dll
10:16:29.0548 6028  C:\Windows\System32\jscript9.dll - ok
10:16:29.0548 6028  [ 7E8A672B7B06A6EB11960C22E0360C59 ] C:\Windows\System32\d2d1.dll
10:16:29.0548 6028  C:\Windows\System32\d2d1.dll - ok
10:16:29.0548 6028  [ 63BB89DED1E9104E68D33E54DE4D340D ] C:\Windows\System32\DWrite.dll
10:16:29.0548 6028  C:\Windows\System32\DWrite.dll - ok
10:16:29.0563 6028  [ 8DFB5752FCE145A6B295093C0A8BE131 ] C:\Windows\System32\dxgi.dll
10:16:29.0563 6028  C:\Windows\System32\dxgi.dll - ok
10:16:29.0563 6028  [ 4C92EB7535CAA1681A77D928FBF9771F ] C:\Windows\System32\d3d11.dll
10:16:29.0563 6028  C:\Windows\System32\d3d11.dll - ok
10:16:29.0579 6028  [ C498EF41B93986BCBD483597573EB96D ] C:\Windows\System32\d3d10warp.dll
10:16:29.0579 6028  C:\Windows\System32\d3d10warp.dll - ok
10:16:29.0579 6028  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
10:16:29.0579 6028  C:\Windows\System32\wbem\NCProv.dll - ok
10:16:29.0594 6028  [ F775C71952D199D4FCE688702B73343C ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\QBackup.dll
10:16:29.0594 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\QBackup.dll - ok
10:16:29.0594 6028  [ 3CE476F72FD3A730BD98D3D26678E615 ] C:\Program Files (x86)\Norton Internet Security\MUI\16.8.0.41\09\01\AV.loc
10:16:29.0594 6028  C:\Program Files (x86)\Norton Internet Security\MUI\16.8.0.41\09\01\AV.loc - ok
10:16:29.0594 6028  [ 752F8E96BAB993517838315508FB82CB ] C:\Windows\SysWOW64\perfproc.dll
10:16:29.0594 6028  C:\Windows\SysWOW64\perfproc.dll - ok
10:16:29.0610 6028  [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
10:16:29.0610 6028  C:\Windows\System32\qmgr.dll - ok
10:16:29.0610 6028  [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
10:16:29.0610 6028  C:\Windows\System32\bitsperf.dll - ok
10:16:29.0626 6028  [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
10:16:29.0626 6028  C:\Windows\System32\bitsigd.dll - ok
10:16:29.0626 6028  [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
10:16:29.0626 6028  C:\Windows\System32\upnp.dll - ok
10:16:29.0641 6028  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:16:29.0641 6028  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
10:16:29.0641 6028  [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
10:16:29.0641 6028  C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
10:16:29.0657 6028  [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
10:16:29.0657 6028  C:\Windows\SysWOW64\mscoree.dll - ok
10:16:29.0657 6028  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
10:16:29.0657 6028  C:\Windows\System32\ssdpsrv.dll - ok
10:16:29.0657 6028  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:16:29.0657 6028  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
10:16:29.0672 6028  [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
10:16:29.0672 6028  C:\Windows\System32\msvcr100_clr0400.dll - ok
10:16:29.0672 6028  [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
10:16:29.0672 6028  C:\Windows\System32\mscoree.dll - ok
10:16:29.0688 6028  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:16:29.0688 6028  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
10:16:29.0688 6028  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll
10:16:29.0688 6028  C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll - ok
10:16:29.0704 6028  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
10:16:29.0704 6028  C:\Windows\SysWOW64\imagehlp.dll - ok
10:16:29.0704 6028  [ 11AFB3767663997E0CE911CD015599C9 ] C:\Program Files (x86)\Google\Update\1.3.21.145\goopdateres_en.dll
10:16:29.0704 6028  C:\Program Files (x86)\Google\Update\1.3.21.145\goopdateres_en.dll - ok
10:16:29.0704 6028  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
10:16:29.0704 6028  C:\Windows\SysWOW64\uxtheme.dll - ok
10:16:29.0719 6028  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
10:16:29.0719 6028  C:\Windows\SysWOW64\propsys.dll - ok
10:16:29.0719 6028  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
10:16:29.0719 6028  C:\Windows\SysWOW64\apphelp.dll - ok
10:16:29.0735 6028  [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
10:16:29.0735 6028  C:\Windows\System32\sppsvc.exe - ok
10:16:29.0735 6028  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
10:16:29.0735 6028  C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
10:16:29.0750 6028  [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
10:16:29.0750 6028  C:\Windows\System32\drivers\spsys.sys - ok
10:16:29.0750 6028  [ 4E252E85E5DC31BD645E809222AFAF27 ] C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
10:16:29.0750 6028  C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe - ok
10:16:29.0766 6028  [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
10:16:29.0766 6028  C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
10:16:29.0766 6028  [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
10:16:29.0766 6028  C:\Windows\SysWOW64\mstask.dll - ok
10:16:29.0766 6028  [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
10:16:29.0766 6028  C:\Windows\System32\sppwinob.dll - ok
10:16:29.0782 6028  [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
10:16:29.0782 6028  C:\Windows\System32\dbghelp.dll - ok
10:16:29.0782 6028  [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
10:16:29.0782 6028  C:\Windows\System32\wsock32.dll - ok
10:16:29.0797 6028  [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
10:16:29.0797 6028  C:\Windows\System32\wmdrmdev.dll - ok
10:16:29.0797 6028  [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
10:16:29.0797 6028  C:\Windows\System32\drmv2clt.dll - ok
10:16:29.0813 6028  [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
10:16:29.0813 6028  C:\Windows\System32\wscsvc.dll - ok
10:16:29.0813 6028  [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
10:16:29.0813 6028  C:\Windows\System32\browcli.dll - ok
10:16:29.0813 6028  [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
10:16:29.0813 6028  C:\Windows\System32\SearchIndexer.exe - ok
10:16:29.0828 6028  [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
10:16:29.0828 6028  C:\Windows\System32\p2pcollab.dll - ok
10:16:29.0828 6028  [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
10:16:29.0828 6028  C:\Windows\System32\QAGENTRT.DLL - ok
10:16:29.0844 6028  [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
10:16:29.0844 6028  C:\Windows\System32\fveui.dll - ok
10:16:29.0844 6028  [ 6166C112C65DBABB04B2E70E92B3275F ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\WSCStub.exe
10:16:29.0844 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\WSCStub.exe - ok
10:16:29.0860 6028  [ 524ADD01078A14505C560565CAED1085 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
10:16:29.0860 6028  C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok
10:16:29.0860 6028  [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
10:16:29.0860 6028  C:\Windows\System32\wuapi.dll - ok
10:16:29.0860 6028  [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
10:16:29.0860 6028  C:\Windows\System32\tquery.dll - ok
10:16:29.0875 6028  [ DF15026ACD29ABDD30181755596A7723 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IMCfg.dll
10:16:29.0875 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IMCfg.dll - ok
10:16:29.0875 6028  [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
10:16:29.0875 6028  C:\Windows\System32\cabinet.dll - ok
10:16:29.0891 6028  [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
10:16:29.0891 6028  C:\Windows\System32\wups.dll - ok
10:16:29.0891 6028  [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
10:16:29.0891 6028  C:\Windows\System32\wmp.dll - ok
10:16:29.0906 6028  [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
10:16:29.0906 6028  C:\Windows\System32\mssrch.dll - ok
10:16:29.0906 6028  [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
10:16:29.0906 6028  C:\Windows\System32\msidle.dll - ok
10:16:29.0906 6028  [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll
10:16:29.0906 6028  C:\Windows\SysWOW64\wscapi.dll - ok
10:16:29.0922 6028  [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
10:16:29.0922 6028  C:\Windows\SysWOW64\wscisvif.dll - ok
10:16:29.0922 6028  [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\SysWOW64\wscproxystub.dll
10:16:29.0922 6028  C:\Windows\SysWOW64\wscproxystub.dll - ok
10:16:29.0938 6028  [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
10:16:29.0938 6028  C:\Windows\System32\sppobjs.dll - ok
10:16:29.0938 6028  [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
10:16:29.0938 6028  C:\Windows\System32\wmploc.DLL - ok
10:16:29.0953 6028  [ A5BE518E515EF80EFD10B6727F31E366 ] C:\Program Files\Internet Explorer\ieproxy.dll
10:16:29.0953 6028  C:\Program Files\Internet Explorer\ieproxy.dll - ok
10:16:29.0953 6028  [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
10:16:29.0953 6028  C:\Windows\System32\wmpps.dll - ok
10:16:29.0969 6028  [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
10:16:29.0969 6028  C:\Windows\System32\wmpmde.dll - ok
10:16:29.0969 6028  [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
10:16:29.0969 6028  C:\Windows\System32\WinSATAPI.dll - ok
10:16:29.0969 6028  [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
10:16:29.0969 6028  C:\Windows\System32\MSMPEG2ENC.DLL - ok
10:16:29.0984 6028  [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
10:16:29.0984 6028  C:\Windows\System32\devenum.dll - ok
10:16:29.0984 6028  [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
10:16:29.0984 6028  C:\Windows\System32\msdmo.dll - ok
10:16:30.0000 6028  [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
10:16:30.0000 6028  C:\Windows\System32\upnphost.dll - ok
10:16:30.0000 6028  [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
10:16:30.0000 6028  C:\Windows\System32\wbem\wmiprov.dll - ok
10:16:30.0016 6028  [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
10:16:30.0016 6028  C:\Windows\System32\en-US\tquery.dll.mui - ok
10:16:30.0016 6028  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
10:16:30.0016 6028  C:\Windows\System32\wuaueng.dll - ok
10:16:30.0016 6028  [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
10:16:30.0016 6028  C:\Windows\System32\udhisapi.dll - ok
10:16:30.0031 6028  [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
10:16:30.0031 6028  C:\Windows\System32\SearchProtocolHost.exe - ok
10:16:30.0031 6028  [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
10:16:30.0031 6028  C:\Windows\System32\mspatcha.dll - ok
10:16:30.0047 6028  [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
10:16:30.0047 6028  C:\Windows\System32\msshooks.dll - ok
10:16:30.0047 6028  [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
10:16:30.0047 6028  C:\Windows\System32\SearchFilterHost.exe - ok
10:16:30.0062 6028  [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
10:16:30.0062 6028  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
10:16:30.0062 6028  [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
10:16:30.0062 6028  C:\Windows\System32\mssprxy.dll - ok
10:16:30.0062 6028  [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
10:16:30.0062 6028  C:\Windows\System32\mssph.dll - ok
10:16:30.0078 6028  [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
10:16:30.0078 6028  C:\Windows\System32\mapi32.dll - ok
10:16:30.0078 6028  [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
10:16:30.0078 6028  C:\Windows\System32\ntshrui.dll - ok
10:16:30.0094 6028  [ 01E2855FB06C422E721D890AF201C2D7 ] C:\Windows\System32\NaturalLanguage6.dll
10:16:30.0094 6028  C:\Windows\System32\NaturalLanguage6.dll - ok
10:16:30.0094 6028  [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
10:16:30.0094 6028  C:\Windows\System32\NlsData0009.dll - ok
10:16:30.0109 6028  [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
10:16:30.0109 6028  C:\Windows\System32\NlsLexicons0009.dll - ok
10:16:30.0109 6028  [ 76D86E65FF7D10292886A1F2DB93A911 ] C:\Windows\System32\ELSCore.dll
10:16:30.0109 6028  C:\Windows\System32\ELSCore.dll - ok
10:16:30.0109 6028  [ 12929BDE96189F4E968AD035573424F0 ] C:\Windows\System32\elsTrans.dll
10:16:30.0109 6028  C:\Windows\System32\elsTrans.dll - ok
10:16:30.0125 6028  [ AEE087CF7423BA44CC2DE03CC565E399 ] C:\Windows\System32\elslad.dll
10:16:30.0125 6028  C:\Windows\System32\elslad.dll - ok
10:16:30.0125 6028  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
10:16:30.0125 6028  C:\Windows\System32\linkinfo.dll - ok
10:16:30.0140 6028  [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
10:16:30.0140 6028  C:\Windows\System32\networkexplorer.dll - ok
10:16:30.0140 6028  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
10:16:30.0140 6028  C:\Windows\System32\mpr.dll - ok
10:16:30.0156 6028  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
10:16:30.0156 6028  C:\Windows\System32\drprov.dll - ok
10:16:30.0156 6028  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
10:16:30.0156 6028  C:\Windows\System32\ntlanman.dll - ok
10:16:30.0156 6028  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
10:16:30.0156 6028  C:\Windows\System32\davclnt.dll - ok
10:16:30.0172 6028  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
10:16:30.0172 6028  C:\Windows\System32\davhlpr.dll - ok
10:16:30.0172 6028  [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
10:16:30.0172 6028  C:\Windows\System32\wups2.dll - ok
10:16:30.0187 6028  [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
10:16:30.0187 6028  C:\Windows\System32\dssenh.dll - ok
10:16:30.0187 6028  [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
10:16:30.0187 6028  C:\Windows\System32\security.dll - ok
10:16:30.0203 6028  [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
10:16:30.0203 6028  C:\Windows\System32\schedcli.dll - ok
10:16:30.0203 6028  [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
10:16:30.0203 6028  C:\Windows\System32\wbem\wmipcima.dll - ok
10:16:30.0218 6028  [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
10:16:30.0218 6028  C:\Windows\System32\wmi.dll - ok
10:16:30.0218 6028  [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
10:16:30.0218 6028  C:\Windows\System32\wbem\WMIADAP.exe - ok
10:16:30.0234 6028  [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
10:16:30.0234 6028  C:\Windows\System32\loadperf.dll - ok
10:16:30.0234 6028  [ AE1155509F30677D98D98F4835079D69 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CLTLMH.EXE
10:16:30.0234 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CLTLMH.EXE - ok
10:16:30.0250 6028  [ 5B15164486C66B76699E1CD2CD2F3A2A ] C:\Windows\System32\imgutil.dll
10:16:30.0250 6028  C:\Windows\System32\imgutil.dll - ok
10:16:30.0250 6028  [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
10:16:30.0250 6028  C:\Windows\System32\radardt.dll - ok
10:16:30.0250 6028  [ 558ABA0151299CC99B6F032E707567A6 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NUMEng.dll
10:16:30.0250 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NUMEng.dll - ok
10:16:30.0265 6028  [ CD4642C53FDBC0C294E1C85465F0B611 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\Lue.dll
10:16:30.0265 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\Lue.dll - ok
10:16:30.0265 6028  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
10:16:30.0265 6028  C:\Windows\SysWOW64\dnsapi.dll - ok
10:16:30.0281 6028  [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
10:16:30.0281 6028  C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
10:16:30.0281 6028  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
10:16:30.0281 6028  C:\Windows\SysWOW64\NapiNSP.dll - ok
10:16:30.0281 6028  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
10:16:30.0281 6028  C:\Windows\SysWOW64\pnrpnsp.dll - ok
10:16:30.0296 6028  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
10:16:30.0296 6028  C:\Windows\SysWOW64\winrnr.dll - ok
10:16:30.0296 6028  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
10:16:30.0296 6028  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
10:16:30.0312 6028  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
10:16:30.0312 6028  C:\Windows\SysWOW64\rasadhlp.dll - ok
10:16:30.0312 6028  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
10:16:30.0312 6028  C:\Windows\SysWOW64\wship6.dll - ok
10:16:30.0328 6028  [ 4939A9DACE2D5D9E2DF9CD87438E5626 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\DuLuCbk.dll
10:16:30.0328 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\DuLuCbk.dll - ok
10:16:30.0328 6028  [ 5A5C53D87F9976276D8586222C5A657F ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NCOLUE.dll
10:16:30.0328 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NCOLUE.dll - ok
10:16:30.0343 6028  [ 23CF6620A9C815052B74B199BA27FD17 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
10:16:30.0343 6028  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll - ok
10:16:30.0343 6028  [ 311C30EA567C6E573AAE4B5B48596ABA ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diLueCbk.dll
10:16:30.0343 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\diLueCbk.dll - ok
10:16:30.0343 6028  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
10:16:30.0343 6028  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
10:16:30.0359 6028  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
10:16:30.0359 6028  C:\Windows\SysWOW64\ncrypt.dll - ok
10:16:30.0359 6028  [ 43C0E2737F150150DAE0B35C8F21AA3C ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.8.3.6\Engine.dll
10:16:30.0359 6028  C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.8.3.6\Engine.dll - ok
10:16:30.0374 6028  [ 0679C26805B509A1FDEDF935C325450D ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSEBind.dll
10:16:30.0374 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSEBind.dll - ok
10:16:30.0374 6028  [ CD136EE7B2055A1517706CF819F0A975 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\HTECSub.dll
10:16:30.0374 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\HTECSub.dll - ok
10:16:30.0390 6028  [ 3FBCF53FB4E70C2BAB7E22CF252A6019 ] C:\Program Files (x86)\Norton Internet Security\MUI\16.8.0.41\09\01\cltRes.loc
10:16:30.0390 6028  C:\Program Files (x86)\Norton Internet Security\MUI\16.8.0.41\09\01\cltRes.loc - ok
10:16:30.0390 6028  [ D51300EB80ECA1172C69DE19BC65F25A ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltElPrv.dll
10:16:30.0390 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltElPrv.dll - ok
10:16:30.0406 6028  [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
10:16:30.0406 6028  C:\Windows\System32\taskeng.exe - ok
10:16:30.0406 6028  [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
10:16:30.0406 6028  C:\Windows\System32\TSChannel.dll - ok
10:16:30.0406 6028  [ DFCFD79107AAF8676C93B828D1767067 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coDataPr.dll
10:16:30.0406 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coDataPr.dll - ok
10:16:30.0421 6028  [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
10:16:30.0421 6028  C:\Windows\System32\rundll32.exe - ok
10:16:30.0421 6028  [ E3F30C809B0E3C34588BD336D8090CD2 ] C:\Windows\System32\lpremove.exe
10:16:30.0421 6028  C:\Windows\System32\lpremove.exe - ok
10:16:30.0437 6028  [ AEAFE966FB0BEF2F9153B7076BC79127 ] C:\Windows\System32\acproxy.dll
10:16:30.0437 6028  C:\Windows\System32\acproxy.dll - ok
10:16:30.0437 6028  [ EE11A3F03D8B801B721BC6D0089BDD9C ] C:\Windows\System32\ulib.dll
10:16:30.0437 6028  C:\Windows\System32\ulib.dll - ok
10:16:30.0452 6028  [ A3D4197E5DC267D488C467133E8407DF ] C:\Windows\System32\srrstr.dll
10:16:30.0452 6028  C:\Windows\System32\srrstr.dll - ok
10:16:30.0452 6028  [ B7AC66C1CCD87D7C49256B5451DED4FA ] C:\Windows\System32\spp.dll
10:16:30.0452 6028  C:\Windows\System32\spp.dll - ok
10:16:30.0468 6028  [ FC6C5D860CDB82411DA626821201BDF0 ] C:\Windows\System32\srclient.dll
10:16:30.0468 6028  C:\Windows\System32\srclient.dll - ok
10:16:30.0468 6028  [ B60BA0BC31B0CB414593E169F6F21CC2 ] C:\Windows\System32\VSSVC.exe
10:16:30.0468 6028  C:\Windows\System32\VSSVC.exe - ok
10:16:30.0468 6028  [ 14768274399730DC93EB2BA4E51C507D ] C:\Windows\System32\xolehlp.dll
10:16:30.0468 6028  C:\Windows\System32\xolehlp.dll - ok
10:16:30.0484 6028  [ BBB44E9207E7F5A8D931AA6C74962C77 ] C:\Windows\System32\virtdisk.dll
10:16:30.0484 6028  C:\Windows\System32\virtdisk.dll - ok
10:16:30.0484 6028  [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
10:16:30.0484 6028  C:\Windows\System32\fltLib.dll - ok
10:16:30.0499 6028  [ 4D85B1B44DC19C0C46E6DDE35895FD0F ] C:\Windows\System32\vss_ps.dll
10:16:30.0499 6028  C:\Windows\System32\vss_ps.dll - ok
10:16:30.0499 6028  [ C2F327F7881DCD88F2EF926381B35E65 ] C:\Windows\System32\catsrvut.dll
10:16:30.0499 6028  C:\Windows\System32\catsrvut.dll - ok
10:16:30.0515 6028  [ AA066E1BE74A2C9DA50092E7245BC33C ] C:\Windows\System32\mfcsubs.dll
10:16:30.0515 6028  C:\Windows\System32\mfcsubs.dll - ok
10:16:30.0515 6028  [ E08E46FDD841B7184194011CA1955A0B ] C:\Windows\System32\swprv.dll
10:16:30.0515 6028  C:\Windows\System32\swprv.dll - ok
10:16:30.0515 6028  [ 50D28F3F8B7C17056520C80A29EFE17C ] C:\Windows\System32\lpksetup.exe
10:16:30.0515 6028  C:\Windows\System32\lpksetup.exe - ok
10:16:30.0530 6028  [ 814423DBEDE2CACB32C566C9A5C54A97 ] C:\Windows\System32\srhelper.dll
10:16:30.0530 6028  C:\Windows\System32\srhelper.dll - ok
10:16:30.0530 6028  [ E7FBBF3193E248EE05CBC9562810C44A ] C:\Windows\System32\sxshared.dll
10:16:30.0530 6028  C:\Windows\System32\sxshared.dll - ok
10:16:30.0546 6028  [ 356E96B2FE133373116D1AEBBCA896A3 ] C:\Windows\System32\drvstore.dll
10:16:30.0546 6028  C:\Windows\System32\drvstore.dll - ok
10:16:30.0546 6028  [ 112183DF91C9BAECB498E4A86ECDE598 ] C:\Windows\System32\msls31.dll
10:16:30.0546 6028  C:\Windows\System32\msls31.dll - ok
10:16:30.0562 6028  [ 9915504F602D277EE47FD843A677FD15 ] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:16:30.0562 6028  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - ok
10:16:30.0562 6028  [ B24450E38722F69F338533A36ECFFC29 ] C:\Windows\System32\RacEngn.dll
10:16:30.0562 6028  C:\Windows\System32\RacEngn.dll - ok
10:16:30.0562 6028  [ AA61A7047E854A9E914FDD17C2F35675 ] C:\Windows\System32\sqlceoledb30.dll
10:16:30.0562 6028  C:\Windows\System32\sqlceoledb30.dll - ok
10:16:30.0577 6028  [ 9C75CB8B98610F0CD85D99BB5876308B ] C:\Windows\System32\sqlcese30.dll
10:16:30.0577 6028  C:\Windows\System32\sqlcese30.dll - ok
10:16:30.0577 6028  [ E5744D18C88737C6356D0A8D6D49D512 ] C:\Windows\System32\sqlceqp30.dll
10:16:30.0577 6028  C:\Windows\System32\sqlceqp30.dll - ok
10:16:30.0593 6028  [ FCE23E27F62989AD0BB88E256E847A41 ] C:\Windows\System32\CertPolEng.dll
10:16:30.0593 6028  C:\Windows\System32\CertPolEng.dll - ok
10:16:30.0593 6028  [ 040B198DA82AC2C4DB22E088BBAFD10B ] C:\Windows\System32\t2embed.dll
10:16:30.0593 6028  C:\Windows\System32\t2embed.dll - ok
10:16:30.0593 6028  [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
10:16:30.0593 6028  C:\Windows\System32\UIAutomationCore.dll - ok
10:16:30.0608 6028  [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
10:16:30.0608 6028  C:\Windows\System32\oleacc.dll - ok
10:16:30.0608 6028  [ 78DF0192939C425CE2AA0920CADAAE6F ] C:\Windows\System32\Macromed\Flash\Flash64_11_7_700_224.ocx
10:16:30.0608 6028  C:\Windows\System32\Macromed\Flash\Flash64_11_7_700_224.ocx - ok
10:16:30.0624 6028  [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
10:16:30.0624 6028  C:\Windows\System32\msimg32.dll - ok
10:16:30.0624 6028  [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
10:16:30.0624 6028  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
10:16:30.0640 6028  [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
10:16:30.0640 6028  C:\Windows\System32\UIAnimation.dll - ok
10:16:30.0640 6028  [ F1C19F0AA151B90A7416FA1D50DDB582 ] C:\Windows\System32\WindowsCodecsExt.dll
10:16:30.0640 6028  C:\Windows\System32\WindowsCodecsExt.dll - ok
10:16:30.0655 6028  [ 9C0127F0BD761327FA2CFCECE21E22A9 ] C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
10:16:30.0655 6028  C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll - ok
10:16:30.0655 6028  [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
10:16:30.0655 6028  C:\Windows\System32\AudioSes.dll - ok
10:16:30.0655 6028  [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
10:16:30.0655 6028  C:\Windows\System32\WMALFXGFXDSP.dll - ok
10:16:30.0671 6028  [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
10:16:30.0671 6028  C:\Windows\System32\AudioEng.dll - ok
10:16:30.0671 6028  [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
10:16:30.0671 6028  C:\Windows\System32\AUDIOKSE.dll - ok
10:16:30.0686 6028  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
10:16:30.0686 6028  C:\Windows\System32\ksuser.dll - ok
10:16:30.0686 6028  [ DCE4C04469AE79ED613C250A7F129286 ] C:\Windows\System32\CX64PP19.dll
10:16:30.0686 6028  C:\Windows\System32\CX64PP19.dll - ok
10:16:30.0702 6028  [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
10:16:30.0702 6028  C:\Windows\System32\d3d9.dll - ok
10:16:30.0702 6028  [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
10:16:30.0702 6028  C:\Windows\System32\d3d8thk.dll - ok
10:16:30.0702 6028  [ 22A0AE97360C1B146FDD9AA55AC0E989 ] C:\Windows\System32\shdocvw.dll
10:16:30.0702 6028  C:\Windows\System32\shdocvw.dll - ok
10:16:30.0718 6028  [ 7C9C7DF71E0325CF351757A9EDAB0A0F ] C:\Windows\System32\hlink.dll
10:16:30.0718 6028  C:\Windows\System32\hlink.dll - ok
10:16:30.0718 6028  [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
10:16:30.0718 6028  C:\Windows\System32\icm32.dll - ok
10:16:30.0733 6028  [ CDEBD55FFBDA3889AA2A8CE52B9DC097 ] C:\Windows\System32\sdclt.exe
10:16:30.0733 6028  C:\Windows\System32\sdclt.exe - ok
10:16:30.0733 6028  [ 8CE1C165396F2453012B3E23ADD9DF76 ] C:\Windows\System32\ReAgent.dll
10:16:30.0733 6028  C:\Windows\System32\ReAgent.dll - ok
10:16:30.0749 6028  [ 11C405A2DCF38E098316FD904A4FB662 ] C:\Windows\System32\sdengin2.dll
10:16:30.0749 6028  C:\Windows\System32\sdengin2.dll - ok
10:16:30.0749 6028  [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
10:16:30.0749 6028  C:\Windows\System32\msi.dll - ok
10:16:30.0749 6028  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
10:16:30.0749 6028  C:\Windows\System32\dllhost.exe - ok
10:16:30.0764 6028  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
10:16:30.0764 6028  C:\Windows\System32\IDStore.dll - ok
10:16:30.0764 6028  [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
10:16:30.0764 6028  C:\Windows\System32\PlaySndSrv.dll - ok
10:16:30.0780 6028  [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
10:16:30.0780 6028  C:\Windows\System32\HotStartUserAgent.dll - ok
10:16:30.0780 6028  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
10:16:30.0780 6028  C:\Windows\System32\MsCtfMonitor.dll - ok
10:16:30.0796 6028  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
10:16:30.0796 6028  C:\Windows\System32\msutb.dll - ok
10:16:30.0796 6028  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
10:16:30.0796 6028  C:\Windows\SysWOW64\dwmapi.dll - ok
10:16:30.0796 6028  [ D102AD7C62914BAB318C57D4080A0F8B ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\uiHost.dll
10:16:30.0796 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\uiHost.dll - ok
10:16:30.0811 6028  [ 9B36E3D7EC78BA7512C54D9FE725B11B ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NPCTray.dll
10:16:30.0811 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NPCTray.dll - ok
10:16:30.0811 6028  [ 81D072F09D6243824F7DE6C4A430CFDE ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVPAPP32.dll
10:16:30.0811 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVPAPP32.dll - ok
10:16:30.0827 6028  [ D91F16AA4A6ED9FE00D1BF99D224932C ] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
10:16:30.0827 6028  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe - ok
10:16:30.0827 6028  [ DE515A126F211B054413C0BDD034B55D ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\asOEHook.dll
10:16:30.0827 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\asOEHook.dll - ok
10:16:30.0842 6028  [ FE06336D43CEB0267D6A4C602736DE73 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccEmlPxy.dll
10:16:30.0842 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccEmlPxy.dll - ok
10:16:30.0842 6028  [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
10:16:30.0842 6028  C:\Windows\SysWOW64\linkinfo.dll - ok
10:16:30.0858 6028  [ 00C143D93BDD790EFF4677BD6D7C0927 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltAlDis.dll
10:16:30.0858 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltAlDis.dll - ok
10:16:30.0858 6028  [ 594FE8289EA3D62A27DE73D3F4FE23B1 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWSesAl.dll
10:16:30.0858 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\FWSesAl.dll - ok
10:16:30.0874 6028  [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
10:16:30.0874 6028  C:\Windows\SysWOW64\msxml3.dll - ok
10:16:30.0874 6028  [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
10:16:30.0874 6028  C:\Windows\SysWOW64\samcli.dll - ok
10:16:30.0874 6028  [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
10:16:30.0874 6028  C:\Windows\SysWOW64\samlib.dll - ok
10:16:30.0889 6028  [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10:16:30.0889 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
10:16:30.0889 6028  [ D959AAFC3AB1291534FF564403C49CF4 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NPCStatus.dll
10:16:30.0889 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\NPCStatus.dll - ok
10:16:30.0905 6028  [ 643A8A3F3A94E7E6D0B41E9932D1013A ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymRedir.dll
10:16:30.0905 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymRedir.dll - ok
10:16:30.0905 6028  [ B31A568075685F11B0883890DC541A2B ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AcctMgr.dll
10:16:30.0905 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AcctMgr.dll - ok
10:16:30.0920 6028  [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
10:16:30.0920 6028  C:\Windows\SysWOW64\comdlg32.dll - ok
10:16:30.0920 6028  [ D2BBC72E0CDF8639C8274EDB395C9103 ] C:\Windows\SysWOW64\dinput.dll
10:16:30.0920 6028  C:\Windows\SysWOW64\dinput.dll - ok
10:16:30.0936 6028  [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
10:16:30.0936 6028  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
10:16:30.0936 6028  [ 58A2C50790F4D39BCE7843A64E6CAAC2 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\hsui.dll
10:16:30.0936 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\hsui.dll - ok
10:16:30.0952 6028  [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\SysWOW64\shdocvw.dll
10:16:30.0952 6028  C:\Windows\SysWOW64\shdocvw.dll - ok
10:16:30.0952 6028  [ 23B5E7F5C4C71D7143A50DDF67071D7A ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SDKCmn.dll
10:16:30.0952 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SDKCmn.dll - ok
10:16:30.0952 6028  [ 6D16B419539602E71DC3078B6B906633 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\uiAlert.dll
10:16:30.0952 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\uiAlert.dll - ok
10:16:30.0967 6028  [ 1AFBDE72E62E51B30C0B0F47946CE0DB ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\asFilter.dll
10:16:30.0967 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\asFilter.dll - ok
10:16:30.0967 6028  [ 7C7DAC44271CC9BC18A35922DEED4559 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltui.dll
10:16:30.0967 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\cltui.dll - ok
10:16:30.0983 6028  [ 471D9B5EA8F341A9D0ADD802C2D6B026 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\asUniPlg.dll
10:16:30.0983 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\asUniPlg.dll - ok
10:16:30.0983 6028  [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
10:16:30.0983 6028  C:\Windows\SysWOW64\shfolder.dll - ok
10:16:30.0998 6028  [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
10:16:30.0998 6028  C:\Windows\System32\aelupsvc.dll - ok
10:16:30.0998 6028  [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\SysWOW64\prnfldr.dll
10:16:30.0998 6028  C:\Windows\SysWOW64\prnfldr.dll - ok
10:16:31.0014 6028  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
10:16:31.0014 6028  C:\Windows\SysWOW64\slc.dll - ok
10:16:31.0014 6028  [ 6B184BDCECB71A4EB7081CF3C9196587 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\isPwd.dll
10:16:31.0014 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\isPwd.dll - ok
10:16:31.0030 6028  [ 710F40CF88AA7A1FE5A15BA09EDB8DD7 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymHTML.dll
10:16:31.0030 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\SymHTML.dll - ok
10:16:31.0030 6028  [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
10:16:31.0030 6028  C:\Windows\System32\userinit.exe - ok
10:16:31.0030 6028  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
10:16:31.0030 6028  C:\Windows\SysWOW64\oleacc.dll - ok
10:16:31.0045 6028  [ EAC42C5C98AC7E90313065C195655161 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVMail.dll
10:16:31.0045 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\AVMail.dll - ok
10:16:31.0045 6028  [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
10:16:31.0045 6028  C:\Windows\System32\dwm.exe - ok
10:16:31.0061 6028  [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
10:16:31.0061 6028  C:\Windows\System32\dwmredir.dll - ok
10:16:31.0061 6028  [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
10:16:31.0061 6028  C:\Windows\System32\dwmcore.dll - ok
10:16:31.0076 6028  [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
10:16:31.0076 6028  C:\Windows\explorer.exe - ok
10:16:31.0076 6028  [ 9AE80F6A66B30E3ED8CDF858CF28B11B ] C:\Windows\System32\d3d10_1.dll
10:16:31.0076 6028  C:\Windows\System32\d3d10_1.dll - ok
10:16:31.0076 6028  [ 63F72417CA38D8FC8F53709649B589E3 ] C:\Windows\System32\d3d10_1core.dll
10:16:31.0076 6028  C:\Windows\System32\d3d10_1core.dll - ok
10:16:31.0092 6028  [ D8F0E941B1E35DEEE3EDF6DF45517607 ] C:\Windows\System32\igd10umd64.dll
10:16:31.0092 6028  C:\Windows\System32\igd10umd64.dll - ok
10:16:31.0092 6028  [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
10:16:31.0092 6028  C:\Windows\System32\ExplorerFrame.dll - ok
10:16:31.0108 6028  [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
10:16:31.0108 6028  C:\Windows\System32\uDWM.dll - ok
10:16:31.0108 6028  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
10:16:31.0108 6028  C:\Windows\System32\EhStorShell.dll - ok
10:16:31.0123 6028  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
10:16:31.0123 6028  C:\Windows\System32\IconCodecService.dll - ok
10:16:31.0123 6028  [ 9D2A2369AB4B08A4905FE72DB104498F ] C:\Windows\System32\appinfo.dll
10:16:31.0123 6028  C:\Windows\System32\appinfo.dll - ok
10:16:31.0139 6028  [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
10:16:31.0139 6028  C:\Windows\System32\runonce.exe - ok
10:16:31.0139 6028  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
10:16:31.0139 6028  C:\Windows\SysWOW64\runonce.exe - ok
10:16:31.0139 6028  [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
10:16:31.0139 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
10:16:31.0154 6028  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
10:16:31.0154 6028  C:\Windows\SysWOW64\cmd.exe - ok
10:16:31.0154 6028  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
10:16:31.0154 6028  C:\Windows\SysWOW64\winbrand.dll - ok
10:16:31.0170 6028  [ FCA0837B2739C044EEC00AF0DDD73FFC ] C:\Windows\SysWOW64\ieframe.dll
10:16:31.0170 6028  C:\Windows\SysWOW64\ieframe.dll - ok
10:16:31.0170 6028  [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10:16:31.0170 6028  C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
10:16:31.0186 6028  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Phyllis\AppData\Local\Temp\FF7EADBF-1533-46BB-A502-7A24DB8FBBB5.exe
10:16:31.0186 6028  C:\Users\Phyllis\AppData\Local\Temp\FF7EADBF-1533-46BB-A502-7A24DB8FBBB5.exe - ok
10:16:31.0186 6028  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
10:16:31.0186 6028  C:\Windows\SysWOW64\gpapi.dll - ok
10:16:31.0186 6028  [ 8A8B277067C22F4BF6AA9A31692FC4D3 ] C:\Windows\SysWOW64\cryptnet.dll
10:16:31.0186 6028  C:\Windows\SysWOW64\cryptnet.dll - ok
10:16:31.0201 6028  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
10:16:31.0201 6028  C:\Windows\SysWOW64\SensApi.dll - ok
10:16:31.0201 6028  [ 0EBC66039AE6D33E2542D0F8C8B6E305 ] C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
10:16:31.0201 6028  C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll - ok
10:16:31.0217 6028  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
10:16:31.0217 6028  C:\Windows\SysWOW64\riched20.dll - ok
10:16:31.0217 6028  [ 5B2E4E90C04FB9AE9F2C5E99FF59B283 ] C:\Windows\SysWOW64\WindowsCodecs.dll
10:16:31.0217 6028  C:\Windows\SysWOW64\WindowsCodecs.dll - ok
10:16:31.0232 6028  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
10:16:31.0232 6028  C:\Windows\SysWOW64\EhStorShell.dll - ok
10:16:31.0232 6028  [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
10:16:31.0232 6028  C:\Windows\SysWOW64\ntshrui.dll - ok
10:16:31.0248 6028  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
10:16:31.0248 6028  C:\Windows\SysWOW64\imageres.dll - ok
10:16:31.0248 6028  [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
10:16:31.0248 6028  C:\Windows\SysWOW64\devrtl.dll - ok
10:16:31.0264 6028  [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
10:16:31.0264 6028  C:\Windows\System32\timedate.cpl - ok
10:16:31.0264 6028  [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
10:16:31.0264 6028  C:\Windows\System32\actxprxy.dll - ok
10:16:31.0264 6028  [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\Program Files (x86)\Windows Live\Messenger\msgslang.dll
10:16:31.0264 6028  C:\Program Files (x86)\Windows Live\Messenger\msgslang.dll - ok
10:16:31.0279 6028  [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
10:16:31.0279 6028  C:\Windows\System32\gameux.dll - ok
10:16:31.0279 6028  [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
10:16:31.0279 6028  C:\Windows\System32\msiltcfg.dll - ok
10:16:31.0295 6028  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
10:16:31.0295 6028  C:\Windows\System32\msftedit.dll - ok
10:16:31.0295 6028  [ 2C9A0045260091CC35A96F6D26C95E82 ] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
10:16:31.0295 6028  C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe - ok
10:16:31.0310 6028  [ FD217F6DDBB90D84A46B36E17E99CA0C ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
10:16:31.0310 6028  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
10:16:31.0310 6028  [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
10:16:31.0310 6028  C:\Windows\System32\thumbcache.dll - ok
10:16:31.0310 6028  [ 0BBFE08ECCE8A209D07C3B68D63FC293 ] C:\Windows\System32\igfxtray.exe
10:16:31.0310 6028  C:\Windows\System32\igfxtray.exe - ok
10:16:31.0326 6028  [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
10:16:31.0326 6028  C:\Windows\System32\DeviceCenter.dll - ok
10:16:31.0326 6028  [ 2F16207A65B62001FC73E6798D0B8F2A ] C:\Windows\System32\hkcmd.exe
10:16:31.0326 6028  C:\Windows\System32\hkcmd.exe - ok
10:16:31.0342 6028  [ B69A01794D44C769C2575AE75E2EB31F ] C:\Windows\System32\igfxpers.exe
10:16:31.0342 6028  C:\Windows\System32\igfxpers.exe - ok
10:16:31.0342 6028  [ CCF2234A35077CA217A61C9CACC48198 ] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
10:16:31.0342 6028  C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe - ok
10:16:31.0342 6028  [ 13C9D233A3E379B13DF5D3939ADEC263 ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
10:16:31.0342 6028  C:\Program Files\CONEXANT\SAII\SAIICpl.exe - ok
10:16:31.0357 6028  [ F7DCE54077EE9D8A351C4B1FFA866EE7 ] C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
10:16:31.0357 6028  C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ok
10:16:31.0357 6028  [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
10:16:31.0357 6028  C:\Windows\System32\wdmaud.drv - ok
10:16:31.0373 6028  [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
10:16:31.0373 6028  C:\Windows\System32\msacm32.drv - ok
10:16:31.0373 6028  [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
10:16:31.0373 6028  C:\Windows\System32\msacm32.dll - ok
10:16:31.0388 6028  [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
10:16:31.0388 6028  C:\Windows\System32\midimap.dll - ok
10:16:31.0388 6028  [ 05EA520BFB1D3085CB12A4355598081D ] C:\Windows\System32\hccutils.dll
10:16:31.0388 6028  C:\Windows\System32\hccutils.dll - ok
10:16:31.0388 6028  [ D890EDDD0528E04049C9D524FBA1C506 ] C:\Windows\System32\igfxsrvc.exe
10:16:31.0388 6028  C:\Windows\System32\igfxsrvc.exe - ok
10:16:31.0404 6028  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\63572052.sys
10:16:31.0404 6028  C:\Windows\System32\drivers\63572052.sys - ok
10:16:31.0404 6028  [ 442AC4C12E0FA2575402A9C1E3D8B3C8 ] C:\Windows\System32\SynCOM.dll
10:16:31.0404 6028  C:\Windows\System32\SynCOM.dll - ok
10:16:31.0420 6028  [ C984A23C68995C5C9B6BADC8E60662FE ] C:\Windows\System32\SynTPAPI.dll
10:16:31.0420 6028  C:\Windows\System32\SynTPAPI.dll - ok
10:16:31.0420 6028  [ C6BE59AE498497F78EC46DADB5335766 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
10:16:31.0420 6028  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
10:16:31.0435 6028  [ 9AB3620C0A97366E1565967BD78BF64C ] C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
10:16:31.0435 6028  C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll - ok
10:16:31.0435 6028  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
10:16:31.0435 6028  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
10:16:31.0435 6028  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
10:16:31.0435 6028  C:\Windows\SysWOW64\duser.dll - ok
10:16:31.0451 6028  [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
10:16:31.0451 6028  C:\Windows\System32\l3codeca.acm - ok
10:16:31.0451 6028  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
10:16:31.0451 6028  C:\Windows\SysWOW64\dui70.dll - ok
10:16:31.0466 6028  [ 31A6D4B8803CCBA44271F05E08C4955A ] C:\Windows\System32\igfxsrvc.dll
10:16:31.0466 6028  C:\Windows\System32\igfxsrvc.dll - ok
10:16:31.0466 6028  [ E948D1D42DC68923ABD75EEB5BCCD1D3 ] C:\Windows\System32\consent.exe
10:16:31.0466 6028  C:\Windows\System32\consent.exe - ok
10:16:31.0482 6028  [ A2814FED5A47B00BBC99AC58F93B9337 ] C:\Program Files (x86)\HP\QuickPlay\QPService.exe
10:16:31.0482 6028  C:\Program Files (x86)\HP\QuickPlay\QPService.exe - ok
10:16:31.0482 6028  [ F51059EE3C543CB364A069CAFB252031 ] C:\Windows\System32\igfxdev.dll
10:16:31.0482 6028  C:\Windows\System32\igfxdev.dll - ok
10:16:31.0498 6028  [ 5C5D40DDDE89190B2B3A19EDAC1CCF55 ] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
10:16:31.0498 6028  C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe - ok
10:16:31.0498 6028  [ 352C7C2470C03AFD41889236D849D75C ] C:\Windows\System32\igfxrenu.lrc
10:16:31.0498 6028  C:\Windows\System32\igfxrenu.lrc - ok
10:16:31.0498 6028  [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
10:16:31.0498 6028  C:\Windows\System32\stobject.dll - ok
10:16:31.0513 6028  [ 7DA4F72284D2C927927DFC0E12AFAB85 ] C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
10:16:31.0513 6028  C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll - ok
10:16:31.0513 6028  [ 8F89E6CB82E6DB45BC993D423CD0FDBD ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
10:16:31.0513 6028  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe - ok
10:16:31.0529 6028  [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
10:16:31.0529 6028  C:\Windows\System32\batmeter.dll - ok
10:16:31.0529 6028  [ 75838AB28CC1318345DA62B6C339068C ] C:\Windows\System32\GfxUI.exe
10:16:31.0529 6028  C:\Windows\System32\GfxUI.exe - ok
10:16:31.0544 6028  [ 4EFCDF3DB1BBA69C09622991280C4ACB ] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
10:16:31.0544 6028  C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe - ok
10:16:31.0544 6028  [ 5516C26A6AF8EB4E2CAB48EC98A74398 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
10:16:31.0544 6028  C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
10:16:31.0544 6028  [ A171B56DA31CEA530BFC03734841BD79 ] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
10:16:31.0560 6028  C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - ok
10:16:31.0560 6028  [ C7F22545C0C424265E57AA1D220090C6 ] C:\Windows\System32\igfxress.dll
10:16:31.0560 6028  C:\Windows\System32\igfxress.dll - ok
10:16:31.0560 6028  [ D2DAD71C96C113ED07F7BB79AD831C28 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
10:16:31.0560 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
10:16:31.0576 6028  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
10:16:31.0576 6028  C:\Windows\System32\prnfldr.dll - ok
10:16:31.0576 6028  [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:16:31.0576 6028  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
10:16:31.0591 6028  [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
10:16:31.0591 6028  C:\Windows\System32\DXP.dll - ok
10:16:31.0591 6028  [ 8DDA2B606279753601F9415DA503CA63 ] C:\Program Files (x86)\QuickTime\QTTask.exe
10:16:31.0591 6028  C:\Program Files (x86)\QuickTime\QTTask.exe - ok
10:16:31.0591 6028  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
10:16:31.0591 6028  C:\Windows\System32\AltTab.dll - ok
10:16:31.0607 6028  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
10:16:31.0607 6028  C:\Windows\System32\Syncreg.dll - ok
10:16:31.0607 6028  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
10:16:31.0607 6028  C:\Windows\ehome\ehSSO.dll - ok
10:16:31.0622 6028  [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
10:16:31.0622 6028  C:\Windows\System32\WPDShServiceObj.dll - ok
10:16:31.0622 6028  [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
10:16:31.0622 6028  C:\Windows\System32\pnidui.dll - ok
10:16:31.0638 6028  [ 11E8D8272FDBE213ADE3DAD91427CE35 ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
10:16:31.0638 6028  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe - ok
10:16:31.0638 6028  [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
10:16:31.0638 6028  C:\Windows\System32\QUTIL.DLL - ok
10:16:31.0638 6028  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
10:16:31.0638 6028  C:\Windows\System32\PortableDeviceTypes.dll - ok
10:16:31.0654 6028  [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
10:16:31.0654 6028  C:\Windows\System32\ActionCenter.dll - ok
10:16:31.0654 6028  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
10:16:31.0654 6028  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
10:16:31.0669 6028  [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
10:16:31.0669 6028  C:\Windows\System32\srchadmin.dll - ok
10:16:31.0669 6028  [ D02F845EF350910B3424AD15BBB68E83 ] C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
10:16:31.0669 6028  C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll - ok
10:16:31.0685 6028  [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
10:16:31.0685 6028  C:\Windows\System32\bthprops.cpl - ok
10:16:31.0685 6028  [ E8F37BF269BA96C6D7F566A949ADB5E0 ] C:\Program Files (x86)\Common Files\LightScribe\LSCAPI.dll
10:16:31.0685 6028  C:\Program Files (x86)\Common Files\LightScribe\LSCAPI.dll - ok
10:16:31.0700 6028  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
10:16:31.0700 6028  C:\Windows\System32\FXSST.dll - ok
10:16:31.0700 6028  [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
10:16:31.0700 6028  C:\Windows\System32\FXSAPI.dll - ok
10:16:31.0700 6028  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
10:16:31.0700 6028  C:\Windows\System32\FXSRESM.dll - ok
10:16:31.0716 6028  [ BC0D4AFBE94D8E1F81C8926D805C3366 ] C:\Windows\System32\webcheck.dll
10:16:31.0716 6028  C:\Windows\System32\webcheck.dll - ok
10:16:31.0716 6028  [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
10:16:31.0716 6028  C:\Windows\System32\SyncCenter.dll - ok
10:16:31.0732 6028  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
10:16:31.0732 6028  C:\Windows\System32\FXSSVC.exe - ok
10:16:31.0732 6028  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
10:16:31.0732 6028  C:\Windows\System32\rasdlg.dll - ok
10:16:31.0747 6028  [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
10:16:31.0747 6028  C:\Windows\SysWOW64\hid.dll - ok
10:16:31.0747 6028  [ B787E68D41E3A2EC8A9DBF697AE23D1A ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll
10:16:31.0747 6028  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.dll - ok
10:16:31.0763 6028  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
10:16:31.0763 6028  C:\Windows\System32\dot3api.dll - ok
10:16:31.0763 6028  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
10:16:31.0763 6028  C:\Windows\System32\wlanhlp.dll - ok
10:16:31.0763 6028  [ 181F69BC9C406B7FB5C0ADE8031630AC ] C:\Windows\SysWOW64\wpdshext.dll
10:16:31.0763 6028  C:\Windows\SysWOW64\wpdshext.dll - ok
10:16:31.0778 6028  [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
10:16:31.0778 6028  C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
10:16:31.0778 6028  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
10:16:31.0778 6028  C:\Windows\System32\WWanAPI.dll - ok
10:16:31.0794 6028  [ 848BC9A0BB2361E549FD4C22D7548FB8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
10:16:31.0794 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
10:16:31.0794 6028  [ 7290A6DD34862278DF9E26D96E5A95D8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
10:16:31.0794 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
10:16:31.0810 6028  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
10:16:31.0810 6028  C:\Windows\System32\wwapi.dll - ok
10:16:31.0810 6028  [ 2FDFA845DCE5D6A843E413F18307561A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
10:16:31.0810 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
10:16:31.0825 6028  [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
10:16:31.0825 6028  C:\Windows\System32\QAGENT.DLL - ok
10:16:31.0825 6028  [ 152F8772D5A5CD7883305C3B8D28470E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
10:16:31.0825 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
10:16:31.0825 6028  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
10:16:31.0825 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
10:16:31.0841 6028  [ BA2655001D1F017EDFD9132D5C07E941 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\hiddata.exe
10:16:31.0841 6028  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\hiddata.exe - ok
10:16:31.0841 6028  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
10:16:31.0841 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
10:16:31.0856 6028  [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
10:16:31.0856 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
10:16:31.0856 6028  [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
10:16:31.0856 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
10:16:31.0872 6028  [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
10:16:31.0872 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll - ok
10:16:31.0872 6028  [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
10:16:31.0872 6028  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
10:16:31.0872 6028  [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
10:16:31.0872 6028  C:\Windows\SysWOW64\d3d9.dll - ok
10:16:31.0888 6028  [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
10:16:31.0888 6028  C:\Windows\SysWOW64\dciman32.dll - ok
10:16:31.0888 6028  [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
10:16:31.0888 6028  C:\Windows\SysWOW64\ddraw.dll - ok
10:16:31.0903 6028  [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
10:16:31.0903 6028  C:\Windows\System32\imapi2.dll - ok
10:16:31.0903 6028  [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
10:16:31.0903 6028  C:\Windows\System32\hgcpl.dll - ok
10:16:31.0919 6028  [ 2C1BB3AD51826AA96C9802CBC123814F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll
10:16:31.0919 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll - ok
10:16:31.0919 6028  [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
10:16:31.0919 6028  C:\Windows\System32\fdPHost.dll - ok
10:16:31.0919 6028  [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
10:16:31.0934 6028  C:\Windows\System32\fdWSD.dll - ok
10:16:31.0934 6028  [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
10:16:31.0934 6028  C:\Windows\System32\fdSSDP.dll - ok
10:16:31.0934 6028  [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
10:16:31.0934 6028  C:\Windows\System32\fdProxy.dll - ok
10:16:31.0950 6028  [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files (x86)\HP\QuickPlay\MFC71.dll
10:16:31.0950 6028  C:\Program Files (x86)\HP\QuickPlay\MFC71.dll - ok
10:16:31.0950 6028  [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
10:16:31.0950 6028  C:\Windows\SysWOW64\d3d8thk.dll - ok
10:16:31.0966 6028  [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
10:16:31.0966 6028  C:\Windows\System32\ListSvc.dll - ok
10:16:31.0966 6028  [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
10:16:31.0966 6028  C:\Windows\System32\P2P.dll - ok
10:16:31.0966 6028  [ 649ED39CA880B4CC5602D80931FF8817 ] C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll
10:16:31.0966 6028  C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll - ok
10:16:31.0981 6028  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:16:31.0981 6028  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - ok
10:16:31.0981 6028  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files (x86)\HP\QuickPlay\msvcr71.dll
10:16:31.0981 6028  C:\Program Files (x86)\HP\QuickPlay\msvcr71.dll - ok
10:16:31.0997 6028  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files (x86)\HP\QuickPlay\msvcp71.dll
10:16:31.0997 6028  C:\Program Files (x86)\HP\QuickPlay\msvcp71.dll - ok
10:16:31.0997 6028  [ F63514AB85C02DF42039A0F33372108A ] C:\Program Files (x86)\HP\QuickPlay\Helper.dll
10:16:31.0997 6028  C:\Program Files (x86)\HP\QuickPlay\Helper.dll - ok
10:16:32.0012 6028  [ BA38C50F523DC053488AC3F9EF99AA0B ] C:\Windows\SysWOW64\igdumdx32.dll
10:16:32.0012 6028  C:\Windows\SysWOW64\igdumdx32.dll - ok
10:16:32.0012 6028  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
10:16:32.0012 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
10:16:32.0028 6028  [ 691771D7570A53130E7E885D8266E6C0 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
10:16:32.0028 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
10:16:32.0028 6028  [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
10:16:32.0028 6028  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
10:16:32.0044 6028  [ 10AB9C9ADB89816BEFB077E72659D029 ] C:\Windows\SysWOW64\igdumd32.dll
10:16:32.0044 6028  C:\Windows\SysWOW64\igdumd32.dll - ok
10:16:32.0044 6028  [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
10:16:32.0044 6028  C:\Windows\System32\riched20.dll - ok
10:16:32.0044 6028  [ 2D0157B482115B37F1D84D69A22790D4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
10:16:32.0044 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
10:16:32.0059 6028  [ 1B1431D9520C7578AD5633ED2A70625F ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
10:16:32.0059 6028  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
10:16:32.0059 6028  [ 0017163E0D5985168792BEE5CF70D5DF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
10:16:32.0059 6028  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll - ok
10:16:32.0075 6028  [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
10:16:32.0075 6028  C:\Windows\System32\IdListen.dll - ok
10:16:32.0075 6028  [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
10:16:32.0075 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
10:16:32.0090 6028  [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
10:16:32.0090 6028  C:\Windows\System32\hgprint.dll - ok
10:16:32.0090 6028  [ 4804BF25E3E67F5B1A868A5C731C468E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\8c10f6a37a1d02cb391898b304ecd9bd\WindowsBase.ni.dll
10:16:32.0090 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\8c10f6a37a1d02cb391898b304ecd9bd\WindowsBase.ni.dll - ok
10:16:32.0106 6028  [ 9682D5B9D9309377C1A7E08C3E6B7B3D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll
10:16:32.0106 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll - ok
10:16:32.0106 6028  [ 7040C2BCA7D6EFEEB14A807EAD9449DB ] C:\Program Files (x86)\HP\QuickPlay\powrprof.dll
10:16:32.0106 6028  C:\Program Files (x86)\HP\QuickPlay\powrprof.dll - ok
10:16:32.0106 6028  [ 2F8D799B2BA6E17324FACED101BC1998 ] C:\Program Files (x86)\HP\QuickPlay\Kernel\common\CLRCEngine3.dll
10:16:32.0106 6028  C:\Program Files (x86)\HP\QuickPlay\Kernel\common\CLRCEngine3.dll - ok
10:16:32.0122 6028  [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
10:16:32.0122 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
10:16:32.0122 6028  [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
10:16:32.0122 6028  C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
10:16:32.0137 6028  [ 28638660E651578C354BF43CD646EF6D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\672fc9526d8954656bcb46e42082e09c\System.Drawing.ni.dll
10:16:32.0137 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\672fc9526d8954656bcb46e42082e09c\System.Drawing.ni.dll - ok
10:16:32.0137 6028  [ 2ACF02F2AE84B6FA383328F564A88599 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\e21fe1eb2ab308fa095d6df79ec6f59a\PresentationCore.ni.dll
10:16:32.0137 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\e21fe1eb2ab308fa095d6df79ec6f59a\PresentationCore.ni.dll - ok
10:16:32.0153 6028  [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
10:16:32.0153 6028  C:\Program Files\Windows Media Player\wmpnssci.dll - ok
10:16:32.0153 6028  [ 41D113966CAFEE905864259B7D4ECD65 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\18f31a371a986b6f6b968530d8b89e25\System.Windows.Forms.ni.dll
10:16:32.0153 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\18f31a371a986b6f6b968530d8b89e25\System.Windows.Forms.ni.dll - ok
10:16:32.0168 6028  [ C1648084C395152FBFA1B333D92056BC ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
10:16:32.0168 6028  C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
10:16:32.0168 6028  [ 3C6FA2F4D58611579B21798E0568F548 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
10:16:32.0168 6028  C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
10:16:32.0168 6028  [ 3E130FA0D5289C8812021FF57F3851F5 ] C:\Program Files\Internet Explorer\sqmapi.dll
10:16:32.0168 6028  C:\Program Files\Internet Explorer\sqmapi.dll - ok
10:16:32.0184 6028  [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
10:16:32.0184 6028  C:\Windows\System32\qmgrprxy.dll - ok
10:16:32.0184 6028  [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
10:16:32.0184 6028  C:\Windows\SysWOW64\qmgrprxy.dll - ok
10:16:32.0200 6028  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
10:16:32.0200 6028  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
10:16:32.0200 6028  [ 738B5ABCCF24F9ADAEFE0D28CFF40583 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0203a69e9107295fbdfeb99b267291b6\PresentationFramework.ni.dll
10:16:32.0200 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0203a69e9107295fbdfeb99b267291b6\PresentationFramework.ni.dll - ok
10:16:32.0215 6028  [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
10:16:32.0215 6028  C:\Windows\System32\shfolder.dll - ok
10:16:32.0215 6028  [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
10:16:32.0215 6028  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
10:16:32.0231 6028  [ 0181B4C10F409299E0D8EE130EF87353 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c54fc0cac648a174c5e35bd6589c9390\System.Management.ni.dll
10:16:32.0231 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c54fc0cac648a174c5e35bd6589c9390\System.Management.ni.dll - ok
10:16:32.0231 6028  [ 2337EC951C4AF6E1AF65D10BD9615BEB ] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
10:16:32.0231 6028  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin - ok
10:16:32.0231 6028  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
10:16:32.0231 6028  C:\Windows\SysWOW64\sxs.dll - ok
10:16:32.0246 6028  [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
10:16:32.0246 6028  C:\Windows\SysWOW64\mlang.dll - ok
10:16:32.0246 6028  [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
10:16:32.0246 6028  C:\Windows\System32\pnrpsvc.dll - ok
10:16:32.0262 6028  [ C264145F107437CBD3B30303733AEE4F ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
10:16:32.0262 6028  C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
10:16:32.0262 6028  [ C8541AECCCA9260DE93C85F214110FA8 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
10:16:32.0262 6028  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
10:16:32.0278 6028  [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
10:16:32.0278 6028  C:\Windows\System32\p2psvc.dll - ok
10:16:32.0278 6028  [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
10:16:32.0278 6028  C:\Windows\System32\P2PGraph.dll - ok
10:16:32.0293 6028  [ 20DBD74F9F2AB4B97C6D2005C1BC9254 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\FnKyACTN.dll
10:16:32.0293 6028  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\FnKyACTN.dll - ok
10:16:32.0293 6028  [ A2F64B420FD8BD05A38DA8E616F3CD42 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
10:16:32.0293 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll - ok
10:16:32.0293 6028  [ 0EC4190B22A0E37010CC69371432FC0C ] C:\Windows\System32\gfxSrvc.dll
10:16:32.0293 6028  C:\Windows\System32\gfxSrvc.dll - ok
10:16:32.0309 6028  [ 58957A04853F47B791D68B960258043C ] C:\Windows\System32\IGFXDEVLib.dll
10:16:32.0309 6028  C:\Windows\System32\IGFXDEVLib.dll - ok
10:16:32.0309 6028  [ A1FC23ABF04AC13DC94BF38B46ED49E5 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
10:16:32.0309 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll - ok
10:16:32.0324 6028  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:16:32.0324 6028  C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe - ok
10:16:32.0324 6028  [ 23C5DE7A6D2F4E76F29422A8CC08B664 ] C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
10:16:32.0324 6028  C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll - ok
10:16:32.0340 6028  [ 9C253164E7016B42591F08BEB90FB494 ] C:\Windows\System32\igdumd64.dll
10:16:32.0340 6028  C:\Windows\System32\igdumd64.dll - ok
10:16:32.0340 6028  [ 00DC4D032860F8FE6EBC5415F6E0F881 ] C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll
10:16:32.0340 6028  C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll - ok
10:16:32.0356 6028  [ 6A6BB5501E30BB66D64F8E7EACFE3496 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
10:16:32.0356 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll - ok
10:16:32.0356 6028  [ FDCE2E2C6D1657D2DC9F4C07953F0E13 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
10:16:32.0356 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll - ok
10:16:32.0371 6028  [ 1CE4A68B4BF9E96378EDF3609818C6B9 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
10:16:32.0371 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll - ok
10:16:32.0371 6028  [ C3646674186C15E52ADEE92DEA2E61E6 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
10:16:32.0371 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll - ok
10:16:32.0387 6028  [ 2F53FECCF66407E746047C8D2061ACA7 ] C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
10:16:32.0387 6028  C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll - ok
10:16:32.0387 6028  [ 9095226691E6060BFE2B9CBC66A2C54A ] C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
10:16:32.0387 6028  C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll - ok
10:16:32.0387 6028  [ 693FCBE58BB4609062FDF8FCCD4F536E ] C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll
10:16:32.0387 6028  C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll - ok
10:16:32.0402 6028  [ 6AEA677B9CF79814E4AEDAA51914E930 ] C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll
10:16:32.0402 6028  C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll - ok
10:16:32.0402 6028  [ AB51B4EF65A7625B4314A14F232BC757 ] C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
10:16:32.0402 6028  C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll - ok
10:16:32.0418 6028  [ ABC391D0615FF6F51AE49494C4C97D6D ] C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll
10:16:32.0418 6028  C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll - ok
10:16:32.0418 6028  [ 1290B4D2C1B9915090BEC20E2ED989BC ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
10:16:32.0418 6028  C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll - ok
10:16:32.0434 6028  [ 4B986E4B9C15A6B70D3C5FFBDDF95890 ] C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
10:16:32.0434 6028  C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll - ok
10:16:32.0434 6028  [ 5CCD5B62076D4432D4728BB6CB3DEBFD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll
10:16:32.0434 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll - ok
10:16:32.0449 6028  [ 75CF08EE475213ACC4F4C260813CFAD1 ] C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
10:16:32.0449 6028  C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll - ok
10:16:32.0449 6028  [ F1F0505449DF3AAFBA6E60B22EF0360B ] C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll
10:16:32.0449 6028  C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll - ok
10:16:32.0465 6028  [ 284383EDF848C03B2A20BF7A2A817955 ] C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
10:16:32.0465 6028  C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll - ok
10:16:32.0465 6028  [ 9D554E78482063E15AC046C9C0A50A67 ] C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll
10:16:32.0465 6028  C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll - ok
10:16:32.0465 6028  [ 27EF1CCF4517B106A9D70D22105BBF4B ] C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll
10:16:32.0465 6028  C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll - ok
10:16:32.0480 6028  [ D9709FA638B789C1C961F028135CC696 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\bef0bd98b9d5d323d693a9cda5facdf3\System.Configuration.ni.dll
10:16:32.0480 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\bef0bd98b9d5d323d693a9cda5facdf3\System.Configuration.ni.dll - ok
10:16:32.0480 6028  [ A4B1A375E8C7110A61656E678B146E07 ] C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll
10:16:32.0480 6028  C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll - ok
10:16:32.0496 6028  [ 68E1D09FC5F2214F712FBB0340998A34 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\d965d516c924bc92b801f2b316444ffd\WindowsFormsIntegration.ni.dll
10:16:32.0496 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\d965d516c924bc92b801f2b316444ffd\WindowsFormsIntegration.ni.dll - ok
10:16:32.0496 6028  [ E5840A20CAB43276A2F58CA6F541D5DF ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a50f3d1b7985318568ecec58ba24e409\PresentationFramework.Aero.ni.dll
10:16:32.0496 6028  C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a50f3d1b7985318568ecec58ba24e409\PresentationFramework.Aero.ni.dll - ok
10:16:32.0512 6028  [ 2B365D6281A0D4CA36EA27FC50ACE61D ] C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll
10:16:32.0512 6028  C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll - ok
10:16:32.0512 6028  [ 4157A82260439B7B45F450884F77361B ] C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
10:16:32.0512 6028  C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll - ok
10:16:32.0527 6028  [ A241AD106186DF675066BEC3FD6A3376 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
10:16:32.0527 6028  C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll - ok
10:16:32.0527 6028  [ 176E9D4438C6B88D35B013522CD4FBB1 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
10:16:32.0527 6028  C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll - ok
10:16:32.0543 6028  [ AA781F1192189083C6F73D8AF4709833 ] C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
10:16:32.0543 6028  C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll - ok
10:16:32.0543 6028  [ 46AF9F58B587B013ADE377CD769BCC59 ] C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
10:16:32.0543 6028  C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll - ok
10:16:32.0558 6028  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
10:16:32.0558 6028  C:\Windows\SysWOW64\msimg32.dll - ok
10:16:32.0558 6028  [ EB46745537FC54A166CEF2704F601951 ] C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
10:16:32.0558 6028  C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll - ok
10:16:32.0558 6028  [ DBE705A923A4E619DCF07E9C449FEB8E ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
10:16:32.0558 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll - ok
10:16:32.0574 6028  [ DC73CED6EA1AF4CA0A1F442CADCCB960 ] C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
10:16:32.0574 6028  C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll - ok
10:16:32.0574 6028  [ 8D3A29EB9A9BE9BB7BFFB97A89B6D8C0 ] C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll
10:16:32.0574 6028  C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll - ok
10:16:32.0590 6028  [ 7C27F5AD651035A99AA84CCF0F6E9B43 ] C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll
10:16:32.0590 6028  C:\Program Files (x86)\OpenOffice.org 3\program\saxmi.dll - ok
10:16:32.0590 6028  [ 55C8A762FC06A6DDFC49DD33E35B9194 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
10:16:32.0590 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll - ok
10:16:32.0605 6028  [ 968938E547326D656D7CA09F4BA15410 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
10:16:32.0605 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll - ok
10:16:32.0605 6028  [ 64E04F1DFC3E515AC8FEA4B023C88199 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
10:16:32.0605 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll - ok
10:16:32.0621 6028  [ 0FF45F5F502D2957165DDDF7F40B4DF0 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
10:16:32.0621 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll - ok
10:16:32.0621 6028  [ 882737C0007AEF5EE494DE9EC676CD18 ] C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll
10:16:32.0621 6028  C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll - ok
10:16:32.0621 6028  [ B437E64B7A31F47F2FDC8A2C0FDCE4C0 ] C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
10:16:32.0621 6028  C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll - ok
10:16:32.0636 6028  [ 93D6E9C13D0EFF81811A10935AA1ABD5 ] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
10:16:32.0636 6028  C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll - ok
10:16:32.0636 6028  [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\SysWOW64\Faultrep.dll
10:16:32.0636 6028  C:\Windows\SysWOW64\Faultrep.dll - ok
10:16:32.0652 6028  [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
10:16:32.0652 6028  C:\Windows\SysWOW64\wer.dll - ok
10:16:32.0652 6028  [ 2F57191A207F712F3ED00C9461331E93 ] C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
10:16:32.0652 6028  C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll - ok
10:16:32.0668 6028  [ 0B397A44F00D60F51CF8C8323F77632C ] C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll
10:16:32.0668 6028  C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll - ok
10:16:32.0668 6028  [ 73F1568B01414931738A247C320CB7F9 ] C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll
10:16:32.0668 6028  C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll - ok
10:16:32.0683 6028  [ 042DBCF73D613FA1FE745021C2D62A14 ] C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll
10:16:32.0683 6028  C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll - ok
10:16:32.0683 6028  [ 5743C0CFBD530CD143FF5D3B1156AF5B ] C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll
10:16:32.0683 6028  C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll - ok
10:16:32.0699 6028  [ C99737CD624D3BCCD9ACB66053430213 ] C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll
10:16:32.0699 6028  C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll - ok
10:16:32.0699 6028  [ C6DEA800EDC42F7E06290519E78E793A ] C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovecoremi.dll
10:16:32.0699 6028  C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovecoremi.dll - ok
10:16:32.0699 6028  [ 9433610F210750C05B281C1B6B060E86 ] C:\Program Files (x86)\OpenOffice.org 3\program\svxcoremi.dll
10:16:32.0699 6028  C:\Program Files (x86)\OpenOffice.org 3\program\svxcoremi.dll - ok
10:16:32.0714 6028  [ 9C5EA10CCC69E5D4762510FEB29A3723 ] C:\Program Files (x86)\OpenOffice.org 3\program\editengmi.dll
10:16:32.0714 6028  C:\Program Files (x86)\OpenOffice.org 3\program\editengmi.dll - ok
10:16:32.0714 6028  [ BD47FD68ABB9F593B5DE33150A44C98C ] C:\Program Files (x86)\OpenOffice.org 3\program\xomi.dll
10:16:32.0714 6028  C:\Program Files (x86)\OpenOffice.org 3\program\xomi.dll - ok
10:16:32.0730 6028  [ 905A03420F636A32CEB2D650A00E9182 ] C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll
10:16:32.0730 6028  C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll - ok
10:16:32.0730 6028  [ 0AAEBCD0CFF9EE6EC0D95B502677FC7C ] C:\Program Files (x86)\OpenOffice.org 3\program\avmediami.dll
10:16:32.0730 6028  C:\Program Files (x86)\OpenOffice.org 3\program\avmediami.dll - ok
10:16:32.0746 6028  [ 9ED7EF38B78C8FE4B93E8C76F0CA109C ] C:\Program Files (x86)\OpenOffice.org 3\program\drawinglayermi.dll
10:16:32.0746 6028  C:\Program Files (x86)\OpenOffice.org 3\program\drawinglayermi.dll - ok
10:16:32.0746 6028  [ EC74CC002888439F564E5322570E319B ] C:\Program Files (x86)\OpenOffice.org 3\program\canvastoolsmi.dll
10:16:32.0746 6028  C:\Program Files (x86)\OpenOffice.org 3\program\canvastoolsmi.dll - ok
10:16:32.0761 6028  [ 37682C6B5F7B207B2CA2C722C68A3E96 ] C:\Program Files (x86)\OpenOffice.org 3\program\aggmi.dll
10:16:32.0761 6028  C:\Program Files (x86)\OpenOffice.org 3\program\aggmi.dll - ok
10:16:32.0761 6028  [ E1DFBE0F1FF788D5C1D0FE43132B936F ] C:\Program Files (x86)\OpenOffice.org 3\program\cppcanvasmi.dll
10:16:32.0761 6028  C:\Program Files (x86)\OpenOffice.org 3\program\cppcanvasmi.dll - ok
10:16:32.0777 6028  [ 3972A3B8BDB15D76A358511275E229DA ] C:\Program Files (x86)\OpenOffice.org 3\program\logmi.dll
10:16:32.0777 6028  C:\Program Files (x86)\OpenOffice.org 3\program\logmi.dll - ok
10:16:32.0777 6028  [ FD0A2FE401A7062A5668ECFD8FBBCBD8 ] C:\Program Files (x86)\OpenOffice.org 3\program\stsmi.dll
10:16:32.0777 6028  C:\Program Files (x86)\OpenOffice.org 3\program\stsmi.dll - ok
10:16:32.0792 6028  [ 45375DF47ED4D0535739465105AAABE3 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
10:16:32.0792 6028  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll - ok
10:16:32.0792 6028  [ 1FB92D19A0DF5DE1408E3F126D833B99 ] C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll
10:16:32.0792 6028  C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll - ok
10:16:32.0792 6028  [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
10:16:32.0792 6028  C:\Windows\System32\drttransport.dll - ok
10:16:32.0808 6028  [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
10:16:32.0808 6028  C:\Windows\System32\drt.dll - ok
10:16:32.0808 6028  [ F692548542AFA95EB44D04724384C292 ] C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll
10:16:32.0808 6028  C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll - ok
10:16:32.0824 6028  [ 0DE3C7622EC33126579B1742260F08C2 ] C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
10:16:32.0824 6028  C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe - ok
10:16:32.0824 6028  [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
10:16:32.0824 6028  C:\Windows\SysWOW64\oledlg.dll - ok
10:16:32.0839 6028  [ 40AA3956A3EB1D100A3CAC0F0BBB4BE0 ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
10:16:32.0839 6028  C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe - ok
10:16:32.0839 6028  ============================================================
10:16:32.0839 6028  Scan finished
10:16:32.0839 6028  ============================================================
10:16:32.0855 6020  Detected object count: 4
10:16:32.0855 6020  Actual detected object count: 4
11:05:08.0096 6020  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:08.0097 6020  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:08.0102 6020  PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:08.0102 6020  PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:08.0106 6020  ptumlcmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:08.0106 6020  ptumlcmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:08.0827 6020  \Device\Harddisk0\DR0\# - copied to quarantine
11:05:08.0837 6020  \Device\Harddisk0\DR0 - copied to quarantine
11:05:08.0939 6020  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
11:05:08.0939 6020  \Device\Harddisk0\DR0 - ok
11:05:09.0669 6020  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
11:05:38.0114 4316  Deinitialize success
 

RogueKiller V8.6.1 _x64_ [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Phyllis [Admin rights]
Mode : Remove -- Date : 06/30/2013 11:21:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM250HI ATA Device +++++
--- User ---
[MBR] 3dafa0430c8a9185aab0b385261acd9f
[BSP] ac25015afd6350c94625f06de7a77015 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226120 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463503360 | Size: 12154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06302013_112132.txt >>
RKreport[0]_S_06302013_112051.txt



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 02 July 2013 - 09:20 PM


Hello jonknite

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jonknite

jonknite
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 03 July 2013 - 07:18 AM

Still no unusual behavior, but yes it would be good to get rid of unneeded programs and processes.

 

Here is the combo fix log:

 

ComboFix 13-07-02.03 - Phyllis 07/02/2013  23:07:23.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2247 [GMT -6:00]
Running from: c:\users\Phyllis\Desktop\ComboFix.exe
Command switches used :: c:\users\Phyllis\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-03 to 2013-07-03  )))))))))))))))))))))))))))))))
.
.
2013-07-03 05:17 . 2013-07-03 05:17 -------- d-----w- c:\users\El Rosso\AppData\Local\temp
2013-07-03 05:17 . 2013-07-03 05:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-02 12:40 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73C6661B-2BA6-4525-996E-E9109C7A6B0A}\mpengine.dll
2013-06-30 17:05 . 2013-06-30 17:05 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-29 00:06 . 2013-06-29 00:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-06-29 00:06 . 2013-06-29 00:06 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-29 00:05 . 2013-06-29 00:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-06-29 00:05 . 2013-06-29 00:05 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-28 13:11 . 2013-06-28 13:11 -------- d-----w- c:\windows\ERUNT
2013-06-28 13:10 . 2013-06-28 13:11 -------- d-----w- C:\JRT
2013-06-26 18:39 . 2013-06-26 18:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-06-26 18:39 . 2013-06-26 18:39 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-26 18:39 . 2013-06-26 18:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-26 18:39 . 2013-06-26 18:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\users\Phyllis\AppData\Roaming\Malwarebytes
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\programdata\Malwarebytes
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-25 01:22 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-25 01:22 . 2013-06-25 01:22 -------- d-----w- c:\users\Phyllis\AppData\Local\Programs
2013-06-22 23:13 . 2013-06-22 23:13 -------- d-----w- c:\users\Phyllis\AppData\Local\ElevatedDiagnostics
2013-06-22 22:55 . 2013-06-22 22:55 -------- d-----w- c:\users\El Rosso\AppData\Roaming\Motorola Mobility
2013-06-21 16:16 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-20 00:32 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-20 00:31 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-20 00:31 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 16:18 . 2010-12-26 01:09 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-20 00:52 . 2012-06-25 12:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-20 00:52 . 2011-09-19 03:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-19 00:24 . 2013-05-19 00:24 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-19 00:24 . 2013-05-19 00:24 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-19 00:24 . 2013-05-19 00:24 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-19 00:24 . 2013-05-19 00:24 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-19 00:24 . 2013-05-19 00:24 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-19 00:24 . 2013-05-19 00:24 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-19 00:24 . 2013-05-19 00:24 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-19 00:24 . 2013-05-19 00:24 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-19 00:24 . 2013-05-19 00:24 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-19 00:24 . 2013-05-19 00:24 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-19 00:24 . 2013-05-19 00:24 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-19 00:24 . 2013-05-19 00:24 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-19 00:24 . 2013-05-19 00:24 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-19 00:24 . 2013-05-19 00:24 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-19 00:24 . 2013-05-19 00:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-19 00:24 . 2013-05-19 00:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-19 00:24 . 2013-05-19 00:24 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-19 00:24 . 2013-05-19 00:24 441856 ----a-w- c:\windows\system32\html.iec
2013-05-19 00:24 . 2013-05-19 00:24 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-19 00:24 . 2013-05-19 00:24 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-19 00:24 . 2013-05-19 00:24 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-19 00:24 . 2013-05-19 00:24 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-19 00:24 . 2013-05-19 00:24 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-19 00:24 . 2013-05-19 00:24 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-19 00:24 . 2013-05-19 00:24 235008 ----a-w- c:\windows\system32\url.dll
2013-05-19 00:24 . 2013-05-19 00:24 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-19 00:24 . 2013-05-19 00:24 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-19 00:24 . 2013-05-19 00:24 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-19 00:24 . 2013-05-19 00:24 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-19 00:24 . 2013-05-19 00:24 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-19 00:24 . 2013-05-19 00:24 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-19 00:24 . 2013-05-19 00:24 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-19 00:24 . 2013-05-19 00:24 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-19 00:24 . 2013-05-19 00:24 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-19 00:24 . 2013-05-19 00:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-19 00:24 . 2013-05-19 00:24 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-19 00:24 . 2013-05-19 00:24 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-19 00:24 . 2013-05-19 00:24 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-19 00:24 . 2013-05-19 00:24 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-19 00:24 . 2013-05-19 00:24 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-19 00:24 . 2013-05-19 00:24 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-19 00:24 . 2013-05-19 00:24 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-19 00:24 . 2013-05-19 00:24 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-19 00:24 . 2013-05-19 00:24 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-19 00:24 . 2013-05-19 00:24 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-19 00:24 . 2013-05-19 00:24 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-19 00:24 . 2013-05-19 00:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-19 00:24 . 2013-05-19 00:24 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-19 00:24 . 2013-05-19 00:24 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-18 23:48 . 2011-11-17 03:22 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 10:06 . 2013-05-17 10:06 4167680 ----a-w- c:\program files (x86)\GUT8ACC.tmp
2013-05-02 08:06 . 2010-02-25 15:04 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-19 00:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-19 00:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-19 00:46 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-19 00:46 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-19 00:46 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-19 00:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 04:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-19 00:46 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-19 00:46 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-19 00:46 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-05-11 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLBUS.sys [x]
R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLCVsp.sys [x]
R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLMdm.sys [x]
R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLNET61.sys [x]
R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLNVsp.sys [x]
R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLRMNET.sys [x]
R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLVsp.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130301.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130301.002\IDSvia64.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe;c:\windows\SYSNATIVE\ptumlcmsvc64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 13878808
*NewlyCreated* - 17578815
*Deregistered* - 13878808
*Deregistered* - 17578815
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-25 02:12 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 00:52]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 00:29]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 00:29]
.
2013-06-09 c:\windows\Tasks\HPCeeScheduleForPhyllis.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\j5ht7yn2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-17578815.sys
SafeBoot-85612747.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-02  23:20:25
ComboFix-quarantined-files.txt  2013-07-03 05:20
ComboFix2.txt  2013-06-29 00:42
ComboFix3.txt  2013-06-28 23:37
.
Pre-Run: 168,203,276,288 bytes free
Post-Run: 167,821,115,392 bytes free
.
- - End Of File - - 90DFD343F3A66B43D6F0871A64078150
8065AB345E5F3212518E1E127758D69E


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 03 July 2013 - 12:55 PM




Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader X (10.1.4)
Ask Toolbar
Ask Toolbar Updater
Java™ 6 Update 38
Yontoo 1.10.02

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

In your next post I need the following

Log From MBAMreport from Hijackthislet me know of any problems you may have hadHow is the computer doing now?
Gringo

Edited by gringo_pr, 03 July 2013 - 12:56 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jonknite

jonknite
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 03 July 2013 - 10:54 PM

The two Ask programs and the yontoo were not listed on Revo or the Control Panel, so I didn't have to remove them.

 

MBAM:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Phyllis :: PHYLLIS-PC [administrator]

Protection: Disabled

7/3/2013 9:37:53 PM
mbam-log-2013-07-03 (21-37-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238537
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

HiJack This:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:26 PM, on 7/3/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Phyllis\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=1007
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: PTUML290 Connection Manager Service (ptumlcmsvc) - Unknown owner - C:\Windows\system32\ptumlcmsvc64.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11941 bytes



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 03 July 2013 - 11:20 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jonknite

jonknite
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 04 July 2013 - 09:51 AM

OK, I was able to remove the selected startup items, but when I tried to run Internet Explorer to run ESET it has a problem. When I click on the program it loads okay and goes to my home page, but if I click on a bookmark or a link on my homepage it just sits there and does nothing. Not even a spinning cursor. I then tried running ESET from Google Chrome, but it said it doesn't support it. Thanks for your continued support!

 

John



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 PM

Posted 04 July 2013 - 12:52 PM


Hello John

Make sure you are running IE as admin - http://www.ehow.com/how_5101965_run-internet-explorer-administrator.html

Try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings

If that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Run Now
  • it will download the scanner
  • then will open a new window
  • click on "start"
  • click on "accept"
  • the scan will start - when finished let me know if it found anything

Gringo

Edited by gringo_pr, 04 July 2013 - 12:52 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users