maa
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by maa
-
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Maniac, Below is the log file from JRT. The popup no longer appears on startup and I haven't noticed any other issues. Should I uninstall any of the programs I ran through the course of this cleaning? Are there any other steps? Thanks, maa ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows Vista Home Basic x86 Ran by Mario on Wed 01/09/2013 at 21:17:24.92 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-293651391-2175594108-1919989058-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Mario\appdata\locallow\boost_interprocess" ~~~ FireFox Successfully deleted: [File] "C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\3l4hn9aq.default\extensions\isreaditlater@ideashower.com.xpi" Emptied folder: C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\3l4hn9aq.default\minidumps [2 files] Emptied folder: C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\5xwdjfww.New Profile1\minidumps [17 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 01/09/2013 at 21:19:55.83 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
After running this, the popup message on startup no longer appears. Here is the log: All processes killed ========== OTL ========== C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk moved successfully. C:\Users\Mario\AppData\Local\temp\_uninst_91616670.bat moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Mario\Desktop\cmd.bat deleted successfully. C:\Users\Mario\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mario ->Temp folder emptied: 1758243217 bytes ->Temporary Internet Files folder emptied: 256642090 bytes ->Java cache emptied: 51051462 bytes ->FireFox cache emptied: 104176020 bytes ->Google Chrome cache emptied: 23274921 bytes ->Flash cache emptied: 4321070 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1457527563 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8588315 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3,494.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 01082013_210101 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Yes, I still receive this popup when windows starts: "Windows cannot find '215900.exe'. Make sure you typed the name correctly, and then try again" Thanks. -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Extras.txt: OTL Extras logfile created on: 1/2/2013 6:49:10 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.68% Memory free 6.20 Gb Paging File | 4.41 Gb Available in Paging File | 71.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 3.03 Gb Free Space | 2.18% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.50% Space Free | Partition Type: NTFS Drive F: | 465.76 Gb Total Space | 35.95 Gb Free Space | 7.72% Space Free | Partition Type: NTFS Computer Name: NOFACE | User Name: Mario | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1D8C2737-3837-4F4A-953B-E212C91E40DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2A5CE730-4572-4DC1-A5F6-A93F9227FD0A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{2CB19442-94FB-40B1-9D3C-E36BCEDE267B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\rpcsandrasrv.exe | "{5640303A-CA50-4D41-BEE3-417DE40D9C23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5A22518E-F1AA-4958-894F-C7FAF4836282}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DB78D6E-6592-4C82-A554-E3E7EC35BAF1}" = rport=10243 | protocol=6 | dir=out | app=system | "{63E1AC1B-57D3-4395-AE1C-C6591C635FE0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\win32\rpcdatasrv.exe | "{6660BA29-248E-499E-B8D0-88984AEDA131}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8AB256E8-6F83-48CD-9936-21D54C7D659B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{A0573678-D080-4F7C-B90B-D71A8974FE41}" = lport=2869 | protocol=6 | dir=in | app=system | "{C68C873F-9067-44C3-AF2F-EEBA8F55733A}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{C834EFBF-4A23-49D8-A0BF-7666CD056A10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ECC09929-3F8C-4E17-9EF9-3BE2E6B12417}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{EE52F220-D8A1-4FBF-B319-8CA5FC79F708}" = lport=10243 | protocol=6 | dir=in | app=system | "{EEC304D6-AF8F-4C81-A742-562FE1E4CA0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F54E84E1-C9DD-48A5-8967-B7B9F8EB7886}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01EB3169-F627-43AA-99DD-4BFF745E92D0}" = protocol=6 | dir=in | app=f:\program files\itunes\itunes.exe | "{0A42B183-7650-400B-ACAB-4A48A95849B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{184F61FE-4C6E-4D1C-A154-71B6354F8C27}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{18C2B24C-DD78-49AC-A3E4-D808B3AEA1DB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{19C70447-9B3C-43D5-9574-3F0EE26DB609}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{1C0F94DF-6A1D-435A-8259-71A459B52598}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{2237E4A8-53B4-4CDD-8F8D-DC0EFE968C44}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{24EC1A1B-61EF-4BC3-A2F2-CF23FB9667EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2B6EFDD5-5BFD-4C8E-BB7B-A84483C873EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2EE8A05F-637B-4FEB-9510-6E8859356064}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{349B43D0-D9F1-4958-9D83-119FBDF31122}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{35F9C0E1-A070-46B6-B5CF-8345F79C9857}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | "{44F8ADE0-35A7-4624-B5C9-6AB937DA8507}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5241BE76-D6C2-433A-B8C2-7AFBBEB3E277}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{52E04BCD-EC4F-4F65-B51F-B930FF62CE75}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{533E2A8D-BABE-4A03-9A79-7D5F6F682775}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{551DCBCF-CFB3-4722-A251-AB76070B27B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5796C31A-5447-4806-B4C1-DBC0B685A02D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5F5EA076-7E43-419C-BAFE-08DC210AD780}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5F78A92A-33E0-4E29-9B2D-BC46EA0CA170}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{63066B05-76CA-43D4-B010-640624D19DB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6BB0ABE5-19A0-4F32-BCB0-D7E2A538CB99}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{7014662B-0856-48ED-92A3-24A2DC1D674E}" = protocol=6 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe | "{716DB8F8-6BB0-4954-B8ED-C65D747E1B0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{74A98A37-E7BF-41ED-8AFC-E94EBFD7763E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{761CB22C-BE72-4EB3-ACC2-B6DF032C85B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{769F72B2-57E7-401C-88E9-3E6D55EF8A55}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{76A32861-F7B8-484E-B107-CA16A19DF073}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{77AA929B-8E81-47ED-B2F5-E46903BF5A9E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{7C041B2E-01D1-4B2E-ACF5-0CF1BBB00C09}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{85EC71EB-99CA-43F3-8960-11D63FA5F94C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8BB629AC-EFE0-47C8-BAD7-D22E13F2673C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8E3A54D8-7393-4D47-9AC7-21B29B52A7BC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{8EFB1E56-5DAD-418E-A34C-B0DFD0B6C28D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9076E82D-B962-45AC-9255-095DBA9D66B8}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | "{918DBF11-3008-4A27-A2D6-1C6388552CAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9329DF39-092E-4BF4-A09C-099E1ADFBE29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{94D9B2E2-7961-4E65-B703-4A045BADD5DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{98C9CE01-6219-46B6-8170-244BECB526EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9CEA3E03-073D-471A-9557-46D662C68E42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A326D819-1D83-4386-AA9C-FC86E736BC01}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{A8DABBF7-8DB0-4F67-9B90-80B376A2B06E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AEEE594D-D551-4E86-8979-62F9091C84D8}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) | "{B2FAEA6A-FD17-4671-9F16-DB31A5C935E6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{B42F15C8-36DD-41B1-83C1-29E9F4900A83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B84103E0-B9D2-42B2-8D9F-DF7A848ED0AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BF531A01-F287-4902-89C4-A332439B4F45}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BFFF63E0-ABB9-4B3A-99FD-580D85399AA1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C1226EDA-1516-49B6-BF6C-F760D44E6F22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{C3E6AEFB-695C-46AF-B95B-0080E033DCBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CD62D56B-CC27-42B3-B436-0D4B32B858C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D187D326-A604-4D3F-B405-887C9FAE7013}" = protocol=6 | dir=out | app=system | "{DC35B95F-53C0-41EA-8EA9-07BA6B52030E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{DCCA2BA7-0C32-4458-9B78-97DE9A8C5B59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DF353FCB-DE21-4851-8E63-347102507391}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E3D5F0A2-E69D-4288-9EDD-E2CE81A69B99}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{E504FDE3-89BB-468D-8ACE-CA29E0A437FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E54E3AAB-1AD2-472D-BE09-931BC5746792}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{E5F5DB0B-A413-43D9-B381-A18E0454D031}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{E9B83EBA-F297-439D-BF0E-1789E2B279B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EBFFBB72-FA3F-45F2-92B4-D5A0D2D4284E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F01CEE94-0BB0-4040-929E-A346D6B27765}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{F1C53632-37B2-4CCA-9396-9A21A10B445E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | "{FB41452E-5EA0-499A-B86D-44C47CFFC316}" = protocol=17 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe | "{FC590F60-A952-4A71-86FC-E27481CECD72}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | "TCP Query User{186FAE04-743F-47E5-A6A1-63707891B742}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{3067B47A-341E-4877-8464-D9296EE20818}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{385FD31A-83C7-4E3D-AFC2-0CED761A4283}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{3B2E236E-80A1-4C81-9CCE-9C1C902CB572}C:\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\blp\wintrv\wintrv.exe | "TCP Query User{3CFF1882-FE3A-42D6-BF3C-7F0CA83025C9}C:\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\blp\wintrv\wintrv.exe | "TCP Query User{4D138DA9-3296-4243-A75F-AC8BDA7E11A9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{61943F57-2454-487A-B428-258DB6395D1E}F:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=f:\program files\itunes\itunes.exe | "TCP Query User{66529CC3-6D70-44C3-BF2D-2CB19C0FBE60}C:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{66E35D12-7DFB-45ED-9F1B-B51F31A5E036}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{6A959463-B5EE-44DF-A4F7-03D0FD6981EE}C:\program files\stc\qa_07_05\wwwroot\cbt.exe" = protocol=6 | dir=in | app=c:\program files\stc\qa_07_05\wwwroot\cbt.exe | "TCP Query User{A48FAC7C-D986-45D5-8605-49713FF4B600}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{B79367CC-BB30-4BF2-961C-E77F62061993}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{E53EE2CC-FB3B-41CE-BB15-41FF02BFF493}C:\blp\api\bbcomm.exe" = protocol=6 | dir=in | app=c:\blp\api\bbcomm.exe | "UDP Query User{07D67426-EEA1-4078-9A1A-C235078908C6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{08D8E764-6F4D-438C-A5C3-0C3D80CD1B4D}C:\blp\api\bbcomm.exe" = protocol=17 | dir=in | app=c:\blp\api\bbcomm.exe | "UDP Query User{0ACEFEAF-89E6-4639-8C92-400E600F9D7A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{75D156A4-BD5A-475C-98C0-A2FA2E6A50E7}C:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{8F9373FE-9F09-49D3-BE39-B296075002FE}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{91C971D4-F07B-43A5-8F78-4727B9C1F13F}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{B1181B10-79EE-4F59-9336-D482F30E602F}C:\program files\stc\qa_07_05\wwwroot\cbt.exe" = protocol=17 | dir=in | app=c:\program files\stc\qa_07_05\wwwroot\cbt.exe | "UDP Query User{B20AE0CD-771A-4E76-8C0D-70B3F5A1E194}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D49376ED-3AC0-4469-81AA-F62E426B974C}C:\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\blp\wintrv\wintrv.exe | "UDP Query User{E6B80DBA-98E5-4048-848E-F74263B7C8DD}C:\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\blp\wintrv\wintrv.exe | "UDP Query User{F38FC82C-37C3-4055-9B68-0378C2001942}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F8382B6A-A389-4075-B432-07881876B0BA}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01) "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard "{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive "{159C13FA-82AF-4DD9-8BC9-5EA368613A20}" = WebEx Recorder and Player "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{32A5AE69-72DD-4E99-BE79-27E1ED6F4F43}" = Bentley SELECT Server V8 XM Edition "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3 "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002 "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23 "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection "{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090 "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}" = GameTime+ "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core "{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}" = Bentley MicroStation V8 XM Edition 08.09.04.51 "{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net "{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.1 "{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE "{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3 "7-Zip" = 7-Zip 4.57 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection "Any Video Converter_is1" = Any Video Converter 3.1.0 "AutoCAD 2008 - English" = AutoCAD 2008 - English "AutoHotkey" = AutoHotkey 1.0.48.05 "Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary "CCleaner" = CCleaner "CinemaForge" = CinemaForge "Cisco Connect" = Cisco Connect "DivX Setup" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Fences" = Fences "Free iPod Video Converter_is1" = Free iPod Video Converter 1.26 "Google Desktop" = Google Desktop "GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only) "InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video "KLiteCodecPack_is1" = K-Lite Codec Pack 2.27 Full "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MoneyToolbox" = MSN Money Investment Toolbox "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Pdf995" = Pdf995 "Pidgin" = Pidgin "Poker Tracker Version 2.16.03d_is1" = Poker Tracker Version 2.16.03d "PokerAce Hud" = PokerAce Hud (remove only) "Pokerazor" = Pokerazor 1.28 "PokerStars" = PokerStars "PokerTracker3" = PokerTracker 3 (remove only) "PowerISO" = PowerISO "RealPlayer 6.0" = RealPlayer "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0 "VLC media player" = VLC media player 1.0.0 "WinRAR archiver" = WinRAR archiver "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2/11/2011 4:56:42 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2/11/2011 4:56:51 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2/11/2011 7:59:46 PM | Computer Name = NoFace | Source = Application Error | ID = 1000 Description = Faulting application postgres.exe, version 8.3.4.8262, time stamp 0x48d39b63, faulting module kernel32.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000142, fault offset 0x00009f7d, process id 0x15d0, application start time 0x01cbca47c17107f7. Error - 2/11/2011 8:41:44 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2/11/2011 8:41:48 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2/12/2011 12:57:18 AM | Computer Name = NoFace | Source = Application Error | ID = 1000 Description = Faulting application postgres.exe, version 8.3.4.8262, time stamp 0x48d39b63, faulting module kernel32.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000142, fault offset 0x00009f7d, process id 0x124c, application start time 0x01cbca71525016ea. Error - 2/12/2011 5:31:30 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2/12/2011 5:31:31 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2/13/2011 1:54:11 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 2/13/2011 1:54:13 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = [ System Events ] Error - 12/28/2012 2:13:45 AM | Computer Name = NoFace | Source = LSM | ID = 1048 Description = Error - 12/28/2012 10:20:24 AM | Computer Name = NoFace | Source = LSM | ID = 1048 Description = Error - 12/28/2012 11:34:50 AM | Computer Name = NoFace | Source = Service Control Manager | ID = 7011 Description = Error - 12/30/2012 9:03:07 PM | Computer Name = NoFace | Source = LSM | ID = 1048 Description = Error - 12/31/2012 2:37:14 PM | Computer Name = NoFace | Source = LSM | ID = 1048 Description = Error - 12/31/2012 5:55:11 PM | Computer Name = NoFace | Source = LSM | ID = 1048 Description = Error - 12/31/2012 6:01:08 PM | Computer Name = NoFace | Source = Service Control Manager | ID = 7022 Description = Error - 1/2/2013 7:18:10 PM | Computer Name = NoFace | Source = LSM | ID = 1048 Description = Error - 1/2/2013 7:23:01 PM | Computer Name = NoFace | Source = Service Control Manager | ID = 7022 Description = Error - 1/2/2013 8:00:58 PM | Computer Name = NoFace | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report > -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
OTL.txt: OTL logfile created on: 1/2/2013 6:49:10 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.68% Memory free 6.20 Gb Paging File | 4.41 Gb Available in Paging File | 71.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 3.03 Gb Free Space | 2.18% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.50% Space Free | Partition Type: NTFS Drive F: | 465.76 Gb Total Space | 35.95 Gb Free Space | 7.72% Space Free | Partition Type: NTFS Computer Name: NOFACE | User Name: Mario | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/02 18:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/10/02 14:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012/10/02 14:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/02/03 12:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012/02/03 12:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2010/12/16 10:57:20 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe PRC - [2009/08/17 09:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe PRC - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2009/08/17 09:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007/03/26 14:00:04 | 000,102,400 | ---- | M] (Bentley Systems, Incorporated) -- C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe PRC - [2006/11/28 05:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/11/22 16:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006/11/12 01:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2006/09/29 11:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2012/12/14 13:26:59 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll MOD - [2012/12/14 13:25:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll MOD - [2012/12/14 13:25:46 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll MOD - [2012/12/14 13:25:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll MOD - [2012/12/14 13:25:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll MOD - [2012/12/14 13:25:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll MOD - [2012/12/14 13:23:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll MOD - [2012/12/14 13:23:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll MOD - [2012/12/14 13:23:15 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll MOD - [2012/12/14 13:23:06 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll MOD - [2012/12/14 13:22:27 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll MOD - [2012/12/14 13:22:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010/12/16 10:36:18 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll MOD - [2010/12/16 10:36:16 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll MOD - [2010/12/16 10:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libpcre.dll MOD - [2009/08/17 09:26:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2006/10/26 15:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2012/12/12 23:31:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/27 13:06:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/03 12:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010/04/15 08:38:29 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009/11/06 11:00:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/12 17:32:20 | 001,253,568 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe -- (SandraTheSrv) SRV - [2007/12/12 17:31:58 | 000,213,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv) SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007/07/11 16:25:20 | 000,025,640 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService) SRV - [2007/03/26 14:00:04 | 000,102,400 | ---- | M] (Bentley Systems, Incorporated) [Auto | Running] -- C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe -- (Bentley SELECT Server Gateway) SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2006/11/28 05:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006/11/07 12:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/10/31 09:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mario\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012/09/17 03:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121212.006\NAVEX15.SYS -- (NAVEX15) DRV - [2012/09/17 03:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121212.006\NAVENG.SYS -- (NAVENG) DRV - [2012/07/31 19:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/07/31 19:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007/10/26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007/06/09 19:27:59 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/22 15:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2006/11/22 15:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2006/11/22 15:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006/10/26 11:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2006/10/26 11:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2006/10/06 13:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/08/17 14:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell.com/support/in [binary data over 200 bytes] IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60341 IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=OmyzwPx2JnLS6GhGmPVW8C6J31E?q={searchTerms} IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.epcompanion.org" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..keyword.enabled: false FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\Windows\system32\npmirage.dll (XMLAuthor Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mario\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Mario\AppData\Roaming\nprhapengine.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/01 23:37:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/04 20:47:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 13:06:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 13:06:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Mario\AppData\Roaming\Move Networks [2012/12/04 20:59:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 13:06:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 13:06:18 | 000,000,000 | ---D | M] [2008/09/11 14:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Extensions [2010/08/13 18:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions [2010/02/10 11:24:27 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010/07/22 07:32:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/10/22 17:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\extensions [2012/07/15 19:13:38 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\extensions\isreaditlater@ideashower.com.xpi [2008/05/03 23:13:59 | 000,001,504 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\imdb.xml [2010/08/07 16:04:21 | 000,001,562 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\tableratings.xml [2008/05/04 16:11:14 | 000,000,705 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\webster.xml [2008/05/04 09:24:48 | 000,001,032 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\wikipedia-eng.xml [2012/10/27 13:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2012/12/04 20:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MARIO\APPDATA\ROAMING\MOVE NETWORKS [2012/10/27 13:06:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/08/30 17:19:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/13 15:50:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.epcompanion.org/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.epcompanion.org/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Mario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Mario\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\Windows\system32\npmirage.dll CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Speed Dial = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.2_0\ CHR - Extension: Springpad = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\ CHR - Extension: Quick Note = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012/12/16 14:30:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found. O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RMAlert] C:\Program Files\PC Tools Registry Mechanic\Alert.exe (PC Tools) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk = C:\Users\Mario\AppData\Local\temp\_uninst_91616670.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Domains: msn.com ([moneycentral] https in Trusted sites) O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock) O24 - Desktop WallPaper: C:\Users\Mario\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Mario\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/05 15:57:05 | 000,000,073 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/02 18:44:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe [2012/12/31 14:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/12/31 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\JavaRa [2012/12/25 23:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/12/17 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/12/16 14:34:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/12/16 14:34:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/12/16 14:34:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\temp [2012/12/16 14:08:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/16 14:08:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/16 14:08:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/16 14:07:47 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/16 14:07:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/16 13:54:32 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe [2012/12/15 12:23:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe [2012/12/14 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\DDS logs - 1st run [2012/12/14 14:07:31 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\mbar-1.01.0.1011 [2012/12/13 02:04:19 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012/12/13 02:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012/12/12 23:33:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\dds.com [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/02 18:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe [2013/01/02 18:30:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/02 18:27:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000UA.job [2013/01/02 18:19:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/02 18:17:56 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/02 18:17:56 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/02 18:17:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/02 00:08:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/01 20:49:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000Core.job [2012/12/31 13:47:22 | 000,135,237 | ---- | M] () -- C:\Users\Mario\Desktop\JavaRa-2.0.zip [2012/12/28 01:58:35 | 000,086,528 | ---- | M] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/28 01:08:43 | 000,001,356 | ---- | M] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat [2012/12/25 23:06:36 | 000,000,847 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk [2012/12/25 21:58:22 | 149,564,568 | ---- | M] () -- C:\Users\Mario\Desktop\setup_11.0.0.1245.x01_2012_12_26_05_15.exe [2012/12/21 18:13:41 | 001,845,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/19 01:12:45 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012/12/17 20:28:23 | 000,002,048 | ---- | M] () -- C:\Users\Mario\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/12/16 14:30:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/12/16 13:55:04 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe [2012/12/15 12:23:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe [2012/12/14 14:52:53 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/14 14:52:53 | 000,108,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/14 14:14:56 | 000,029,882 | ---- | M] () -- C:\Users\Mario\Desktop\mbar message.jpg [2012/12/14 13:16:26 | 013,485,902 | ---- | M] () -- C:\Users\Mario\Desktop\mbar-1.01.0.1011.zip [2012/12/12 23:49:53 | 000,415,948 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/12/12 23:49:52 | 000,415,948 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/12/12 23:35:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\dds.com [2012/12/12 22:52:36 | 000,022,494 | ---- | M] () -- C:\Users\Mario\Desktop\startup error.jpg [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/31 13:47:18 | 000,135,237 | ---- | C] () -- C:\Users\Mario\Desktop\JavaRa-2.0.zip [2012/12/25 23:06:36 | 000,000,847 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk [2012/12/25 21:56:16 | 149,564,568 | ---- | C] () -- C:\Users\Mario\Desktop\setup_11.0.0.1245.x01_2012_12_26_05_15.exe [2012/12/17 23:37:48 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012/12/16 14:08:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/16 14:08:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/16 14:08:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/16 14:08:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/16 14:08:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/14 14:14:56 | 000,029,882 | ---- | C] () -- C:\Users\Mario\Desktop\mbar message.jpg [2012/12/14 13:15:53 | 013,485,902 | ---- | C] () -- C:\Users\Mario\Desktop\mbar-1.01.0.1011.zip [2012/12/13 01:58:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/13 01:58:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/12/12 22:52:35 | 000,022,494 | ---- | C] () -- C:\Users\Mario\Desktop\startup error.jpg [2012/10/27 22:37:36 | 005,664,546 | ---- | C] () -- C:\Users\Mario\firefox bookmarks1.html [2012/04/05 23:20:43 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2011/03/16 19:09:20 | 000,012,020 | -HS- | C] () -- C:\Users\Mario\AppData\Local\3130882944 [2010/04/13 16:04:40 | 000,005,083 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2010/02/16 11:04:52 | 000,386,560 | ---- | C] () -- C:\Users\Mario\RCH_Stock_Market_Functions.xla [2009/12/11 22:17:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/10/09 14:48:30 | 000,415,948 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/10/09 14:48:30 | 000,415,948 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/09/22 21:25:14 | 000,001,356 | ---- | C] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat [2009/07/10 12:15:34 | 000,004,924 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda [2009/03/24 10:30:57 | 000,004,096 | -H-- | C] () -- C:\Users\Mario\AppData\Local\keyfile3.drm [2007/11/05 15:16:13 | 000,000,093 | ---- | C] () -- C:\Users\Mario\AppData\Local\fusioncache.dat [2007/09/25 19:13:05 | 000,003,737 | ---- | C] () -- C:\Users\Mario\Desktop(2) [2007/04/22 21:59:07 | 000,000,000 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\wklnhst.dat [2007/04/22 20:57:20 | 000,086,528 | ---- | C] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009/05/05 16:50:08 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\.purple [2012/11/14 08:09:01 | 000,000,000 | -HSD | M] -- C:\Users\Mario\AppData\Roaming\8A1713 [2010/11/08 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\AnvSoft [2010/04/18 21:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Autodesk [2007/11/05 16:30:59 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Bentley [2009/05/15 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DMCache [2008/09/02 13:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DNA [2012/10/22 18:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Dropbox [2012/11/14 20:07:23 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Fuoda [2009/11/22 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Leadertech [2012/11/13 19:27:35 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Luagod [2012/11/13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Papa [2008/01/08 04:27:20 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\pdf995 [2009/02/11 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Pokerazor [2011/12/28 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Stardock [2009/04/30 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\TeamViewer [2007/04/22 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Template [2012/12/14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\uTorrent [2009/11/19 19:25:34 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Western Digital ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B0A96209 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8CEFE51A @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Maniac, I've run JavaRe to uninstall and then reinstall Java. I rebooted and still encounter the same popup message. Any thoughts on how to proceed? Thanks! -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Upon a restart of my computer, a black box window popped up with the application name of "_uninst_91616670", and an error prompt for this application appeared with the following text: "Windows cannot find '215900.exe'. Make sure you typed the name correctly, and then try again" What does this mean? Thanks! -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Here is the Kapersky log: Status: Deleted (events: 191) 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN High 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ High 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/Glorussstmz.class High 12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN High 12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN//CryptZ High 12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN//CryptZ/bpac/a.class High 12/25/2012 11:35:39 PM Deleted Trojan program Exploit.Java.Agent.v C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN High 12/25/2012 11:35:39 PM Deleted Trojan program Trojan-Downloader.Java.Agent.es C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN//CryptZ High 12/25/2012 11:35:39 PM Deleted Trojan program Trojan-Downloader.Java.Agent.es C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN//CryptZ/AppletPanel.class High 12/25/2012 11:35:39 PM Deleted Trojan program Exploit.Java.Agent.v C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN//CryptZ/Main.class High 12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN High 12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN//CryptZ High 12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.bu C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN//CryptZ/bpac/a.class High 12/25/2012 11:35:43 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500002.VBN//CryptZ/bpac/KAVS.class High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.k C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/Glorussstmz.class High 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.j C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/CusBen.class High 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.m C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/padle.class High 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.l C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/hubert.class High 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.i C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/ClassPol.class High 12/25/2012 11:35:47 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500003.VBN//CryptZ/BlogRoner.class High 12/25/2012 11:35:49 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500005.VBN//CryptZ/bpac/KAVS.class High 12/25/2012 11:35:57 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500008.VBN High 12/25/2012 11:35:57 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500008.VBN//CryptZ High 12/25/2012 11:35:57 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500008.VBN//CryptZ/quote/Mailvue.class High 12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN High 12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN//CryptZ High 12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN//CryptZ/Email.class High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.j C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/CusBen.class High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.m C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/padle.class High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.l C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/hubert.class High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.i C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/ClassPol.class High 12/25/2012 11:35:53 PM Deleted Trojan program Exploit.Java.CVE-2010-0094.h C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500006.VBN//CryptZ/BlogRoner.class High 12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN High 12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN//CryptZ High 12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN//CryptZ/JavaUpdateApplication.class High 12/25/2012 11:35:58 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000A.VBN//CryptZ/ExecService.class High 12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN High 12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ High 12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fx C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ/gogol/Emailer.class High 12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN High 12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN//CryptZ High 12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN//CryptZ/Email.class High 12/25/2012 11:35:59 PM Deleted Trojan program Exploit.Java.Agent.dy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000C.VBN//CryptZ/JavaUpdateManager.class High 12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN High 12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ab C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ High 12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ab C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ/Is.class High 12/25/2012 11:36:02 PM Deleted Trojan program Exploit.Java.Agent.f C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ/gogol/Familie.class High 12/25/2012 11:36:02 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000D.VBN//CryptZ/gogol/PhonBook.class High 12/25/2012 11:36:07 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0750000F.VBN//CryptZ/ExecService.class High 12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.aa C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ/MyName.class High 12/25/2012 11:36:07 PM Deleted Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500013.VBN//CryptZ/Phone.class High 12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN High 12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN//CryptZ High 12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.ar C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN//CryptZ/Email.class High 12/25/2012 11:36:14 PM Deleted Trojan program Exploit.Java.CVE-2010-0842.d C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN High 12/25/2012 11:36:14 PM Deleted Trojan program Exploit.Java.CVE-2010-0842.d C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN//CryptZ High 12/25/2012 11:36:14 PM Deleted Trojan program Exploit.Java.CVE-2010-0842.d C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300000.VBN//CryptZ/SiteAudioHelper.class High 12/25/2012 11:36:18 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN High 12/25/2012 11:36:18 PM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN//CryptZ High 12/25/2012 11:36:18 PM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN//CryptZ/encode/Unicode.class High 12/25/2012 11:36:12 PM Deleted Trojan program Exploit.Java.Agent.as C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500017.VBN//CryptZ/ExecService.class High 12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN High 12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN//CryptZ High 12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN//CryptZ/Main$1.class High 12/25/2012 11:36:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300006.VBN High 12/25/2012 11:36:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300006.VBN//CryptZ High 12/25/2012 11:36:22 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ja C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300006.VBN//CryptZ/RequiredJavaComponent.class High 12/25/2012 11:36:18 PM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300002.VBN//CryptZ/setup/lang.class High 12/25/2012 11:36:20 PM Deleted Trojan program Trojan-Downloader.Java.Agent.jj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08300004.VBN//CryptZ/Main.class High 12/25/2012 11:36:26 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN High 12/25/2012 11:36:26 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN//CryptZ High 12/25/2012 11:36:26 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN//CryptZ//UPX High 12/25/2012 11:36:29 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN High 12/25/2012 11:36:29 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN//CryptZ High 12/25/2012 11:36:29 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN//CryptZ//UPX High 12/25/2012 11:36:33 PM Deleted Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN High 12/25/2012 11:36:33 PM Deleted Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN//CryptZ High 12/25/2012 11:36:33 PM Deleted Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN//CryptZ/glass/boing.class High 12/25/2012 11:36:34 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN High 12/25/2012 11:36:34 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN//CryptZ High 12/25/2012 11:36:34 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN//CryptZ/setup/lang.class High 12/25/2012 11:36:58 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN High 12/25/2012 11:36:58 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN//CryptZ High 12/25/2012 11:36:58 PM Deleted Trojan program Exploit.Java.CVE-2010-0840.b C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN//CryptZ/setup/lang.class High 12/25/2012 11:39:14 PM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN High 12/25/2012 11:39:14 PM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN//CryptZ High 12/25/2012 11:39:14 PM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN//CryptZ/bpac/b.class High 12/25/2012 11:39:27 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN High 12/25/2012 11:39:27 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN//CryptZ High 12/25/2012 11:39:27 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN//CryptZ//UPX High 12/25/2012 11:39:37 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000.VBN High 12/25/2012 11:39:37 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000.VBN//CryptZ High 12/25/2012 11:39:37 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000.VBN//CryptZ//UPX High 12/25/2012 11:39:44 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN High 12/25/2012 11:39:44 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN//CryptZ High 12/25/2012 11:39:44 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN//CryptZ//UPX High 12/25/2012 11:39:53 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN High 12/25/2012 11:39:53 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN//CryptZ High 12/25/2012 11:39:53 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000.VBN//CryptZ//UPX High 12/25/2012 11:40:06 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN High 12/25/2012 11:40:06 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN//CryptZ High 12/25/2012 11:40:06 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN//CryptZ//UPX High 12/25/2012 11:56:23 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN High 12/25/2012 11:56:23 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN//CryptZ High 12/25/2012 11:56:23 PM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN//CryptZ//UPX High 12/25/2012 11:58:58 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140002.VBN Medium 12/25/2012 11:58:58 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140002.VBN//CryptZ Medium 12/25/2012 11:59:10 PM Deleted Trojan program Trojan.Win32.Buzus.agcj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B100000.VBN High 12/25/2012 11:59:10 PM Deleted Trojan program Trojan.Win32.Buzus.agcj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B100000.VBN//CryptZ High 12/25/2012 11:59:10 PM Deleted Trojan program Trojan.Win32.Buzus.agcj C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B100000.VBN//CryptZ//Bangbros.com password geneator by Sev7n.exe High 12/25/2012 11:58:59 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140003.VBN Medium 12/25/2012 11:58:59 PM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140003.VBN//CryptZ Medium 12/26/2012 12:01:00 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA00000.VBN High 12/26/2012 12:01:00 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA00000.VBN//CryptZ High 12/26/2012 12:01:00 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA00000.VBN//CryptZ//UPX High 12/26/2012 12:01:03 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140004.VBN Medium 12/26/2012 12:01:03 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140004.VBN//CryptZ Medium 12/26/2012 12:01:06 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000.VBN High 12/26/2012 12:01:06 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000.VBN//CryptZ High 12/26/2012 12:01:06 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000.VBN//CryptZ//UPX High 12/26/2012 12:01:08 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00002.VBN High 12/26/2012 12:01:08 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00002.VBN//CryptZ High 12/26/2012 12:01:08 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00002.VBN//CryptZ/bpac/KAVS.class High 12/26/2012 12:01:10 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00003.VBN High 12/26/2012 12:01:10 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00003.VBN//CryptZ High 12/26/2012 12:01:10 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00003.VBN//CryptZ/bpac/KAVS.class High 12/26/2012 12:01:13 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00004.VBN High 12/26/2012 12:01:13 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00004.VBN//CryptZ High 12/26/2012 12:01:13 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00004.VBN//CryptZ/prev/monoid.class High 12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN High 12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ High 12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ/bpac/a.class High 12/26/2012 12:01:17 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\117C0000.VBN High 12/26/2012 12:01:17 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\117C0000.VBN//CryptZ High 12/26/2012 12:01:17 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\117C0000.VBN//CryptZ//UPX High 12/26/2012 12:01:20 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11880000.VBN High 12/26/2012 12:01:20 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11880000.VBN//CryptZ High 12/26/2012 12:01:20 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11880000.VBN//CryptZ//UPX High 12/26/2012 12:01:15 AM Deleted Trojan program Trojan.Java.Agent.am C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ/bpac/b.class High 12/26/2012 12:01:15 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.cg C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F00005.VBN//CryptZ/bpac/KAVS.class High 12/26/2012 12:01:22 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B80000.VBN High 12/26/2012 12:01:22 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B80000.VBN//CryptZ High 12/26/2012 12:01:22 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11B80000.VBN//CryptZ//UPX High 12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN High 12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ High 12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ/javax/AServers.class High 12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN High 12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ High 12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ/javax/AServers.class High 12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN High 12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ High 12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ/javax/AServers.class High 12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ/javax/Server1.class High 12/26/2012 12:01:24 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN//CryptZ/javax/Server2.class High 12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ/javax/Server1.class High 12/26/2012 12:01:36 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0001.VBN//CryptZ/javax/Server2.class High 12/26/2012 12:01:43 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13800000.VBN High 12/26/2012 12:01:43 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13800000.VBN//CryptZ High 12/26/2012 12:01:43 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13800000.VBN//CryptZ//UPX High 12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ/javax/Server1.class High 12/26/2012 12:01:39 AM Deleted Trojan program Trojan-Downloader.Java.Agent.fe C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12CC0002.VBN//CryptZ/javax/Server2.class High 12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.fs C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN High 12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.eq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN//CryptZ High 12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.eq C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN//CryptZ/json/Parser.class High 12/26/2012 12:01:57 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000\4BF4846E.VBN High 12/26/2012 12:01:57 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000\4BF4846E.VBN//CryptZ High 12/26/2012 12:01:57 AM Deleted Trojan program Trojan.Win32.BHO.eow C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000\4BF4846E.VBN//CryptZ//UPX High 12/26/2012 12:01:55 AM Deleted Trojan program Exploit.Java.CVE-2010-0840.fs C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16B4000D.VBN//CryptZ/json/XML.class High 12/26/2012 12:02:31 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140001\4DFE4545.VBN Medium 12/26/2012 12:02:31 AM Deleted malware Hoax.HTML.FakeAntivirus.a C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140001\4DFE4545.VBN//CryptZ Medium 12/26/2012 12:03:26 AM Deleted virus Worm.Win32.AutoRun.gmf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C580000\4CFA7E15.VBN High 12/26/2012 12:03:26 AM Deleted virus Worm.Win32.AutoRun.gmf C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C580000\4CFA7E15.VBN//CryptZ High 12/26/2012 12:03:23 AM Deleted Trojan program Trojan.Win32.FraudPack.awms C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D3C0001\4D3F3322.VBN High 12/26/2012 12:03:23 AM Deleted Trojan program Trojan.Win32.FraudPack.awms C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D3C0001\4D3F3322.VBN//CryptZ High 12/26/2012 12:03:25 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00000\4DB53FE8.VBN High 12/26/2012 12:03:25 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00000\4DB53FE8.VBN//CryptZ High 12/26/2012 12:03:30 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00001\4DB54000.VBN High 12/26/2012 12:03:30 AM Deleted virus P2P-Worm.Win32.Palevo.fuc C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB00001\4DB54000.VBN//CryptZ High 12/26/2012 12:03:35 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\5DCDEFB1.VBN High 12/26/2012 12:03:35 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\5DCDEFB1.VBN//CryptZ High 12/26/2012 12:03:35 AM Deleted Trojan program Exploit.Java.CVE-2012-0507.mr C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\5DCDEFB1.VBN//CryptZ/sIda/sIdb.class High 12/26/2012 12:03:40 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000\5E7D0904.VBN High 12/26/2012 12:03:40 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000\5E7D0904.VBN//CryptZ High 12/26/2012 12:03:40 AM Deleted Trojan program Exploit.Java.CVE-2012-0507.mr C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000\5E7D0904.VBN//CryptZ/sIda/sIdb.class High 12/26/2012 12:03:44 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN High 12/26/2012 12:03:44 AM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN//CryptZ High 12/26/2012 12:03:44 AM Deleted Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN//CryptZ/chrome/Unicode.class High 12/26/2012 12:03:44 AM Deleted Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\14880000\5FB80C9C.VBN//CryptZ/direct/bear.class High 12/26/2012 12:14:24 AM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\2b8f6efc-10bd4d82 High Thanks -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
I reran Malwarebytes, and this time no items were found. So it looks like the malware I originally posted about is gone. Is there any other diagnostic tool I should run to confirm this? Thanks for all your help! -maa -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
I have run JavaRa and installed a fresh version of Java. Thanks for your help so far. What is the next step? -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
I reran ESET Online Scanner because the log file did not populate with data other than the two lines posted in my last reply. This time, again the log shows the same thing, but prior to exiting the ESET Online Scanner, I exported the items found to a text file, which I am posting below. This time it found more items; perhaps this is because I selected for the program to scan archives this time as well. Please let me know what you find in these logs and what the next step is. Thank you! C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5510090f-6f0d5a83 multiple threats deleted - quarantined C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\12a29e1f-6659172f multiple threats deleted - quarantined C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5185f621-7e5391c9 probably a variant of Java/Exploit.CVE-2012-1723.DH trojan deleted - quarantined C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\12b52ba2-27f5dd03 a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\43362130-78e1c13e a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3ecea2f2-574b8882 multiple threats deleted - quarantined C:\Users\Mario\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\45815038-505ee3a6 multiple threats deleted - quarantined -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Here is the log file after I ran the ESET Online Scanner. It doesn't look right to me. The process did find 2 items that it quarantined, but the log is only two lines long total: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Maniac, here is the ComboFix log: ComboFix 12-12-14.01 - Mario 12/16/2012 14:12:03.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1451 [GMT -5:00] Running from: c:\users\Mario\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\3130882944 c:\programdata\xml1120.tmp c:\programdata\xml12A7.tmp c:\programdata\xmlE04.tmp c:\windows\Downloaded Program Files\Temp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 ))))))))))))))))))))))))))))))) . . 2012-12-13 07:06 . 2012-12-13 07:06 -------- d-----w- c:\users\UpdatusUser 2012-12-13 07:05 . 2012-10-02 19:29 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-13 07:04 . 2012-10-11 02:14 52584 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-13 07:03 . 2012-12-13 07:03 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-12-13 06:57 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-13 06:57 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-13 06:57 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-13 06:57 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-13 06:57 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-13 06:57 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-13 06:57 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-13 06:57 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-13 06:57 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-13 06:57 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-13 06:57 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-13 05:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpengine.dll 2012-12-13 05:28 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-13 05:28 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-13 05:28 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 05:28 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 05:28 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 05:28 . 2012-11-08 03:46 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-13 05:28 . 2012-11-08 01:36 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-13 05:28 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-13 04:31 . 2012-04-06 04:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-13 04:31 . 2011-05-28 16:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-11 02:15 . 2012-10-11 02:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-11 02:15 . 2012-10-11 02:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-11 02:14 . 2012-10-11 02:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-10-11 02:14 . 2012-10-11 02:14 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-10-11 02:14 . 2012-10-11 02:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-11 02:14 . 2012-10-11 02:14 2428776 ----a-w- c:\windows\system32\nvapi.dll 2012-10-11 02:14 . 2012-10-11 02:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-11 02:14 . 2012-10-11 02:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-11 02:14 . 2012-10-11 02:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll 2012-10-11 02:14 . 2012-10-11 02:14 1009512 ----a-w- c:\windows\system32\nvdispco32.dll 2012-10-11 02:14 . 2012-10-11 02:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-11 02:14 . 2012-10-11 02:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll 2012-10-02 19:29 . 2009-09-27 21:47 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:29 . 2009-09-27 21:47 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:29 . 2009-09-27 21:47 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:29 . 2009-09-27 21:47 2853224 ----a-w- c:\windows\system32\nvsvc.dll 2012-10-02 19:28 . 2009-09-27 21:46 3965288 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe 2012-09-29 23:54 . 2008-07-02 19:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-27 18:06 . 2012-10-27 18:06 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-07-08 13:42 . 2012-10-27 18:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896] "RMAlert"="c:\program files\PC Tools Registry Mechanic\Alert.exe" [2012-02-03 1018328] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-5-1 293950] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2010-12-26 6144] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2007-05-11 03:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-10-09 22:06 421736 ----a-w- f:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-09-29 23:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 04:31] . 2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 04:03] . 2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 04:03] . 2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000Core.job - c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-24 13:49] . 2012-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000UA.job - c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-24 13:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: msn.com\moneycentral TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\ FF - prefs.js: browser.startup.homepage - google.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - . HKCU-Run-UltimateHistory - c:\users\Mario\AppData\Roaming\8A1713\8A1713.exe HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe SafeBoot-26095635.sys SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-16 14:30 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-12-16 14:33:58 ComboFix-quarantined-files.txt 2012-12-16 19:33 . Pre-Run: 505,360,384 bytes free Post-Run: 3,435,683,840 bytes free . - - End Of File - - 31966A1CA52539FB3FE3BC932B10BDF6 -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
12:39:44.0559 5844 [ EC9759527C5CF7737CEE852F02E7B44F ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll 12:39:44.0559 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll - ok 12:39:44.0574 5844 [ D044057F830E44F2761EB6EAD555D6F3 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll 12:39:44.0574 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll - ok 12:39:44.0574 5844 [ 175A9C7F4695C289A719EBE73DACE28D ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll 12:39:44.0574 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll - ok 12:39:44.0590 5844 [ 6CF6E9A539CBB5D855FFA7C5B057B4A2 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll 12:39:44.0590 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll - ok 12:39:44.0590 5844 [ C39654B3BFFABC6B60D1BE622C2DF891 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll 12:39:44.0590 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll - ok 12:39:44.0606 5844 [ B2FFF046E2FCBF005235840A056A3560 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll 12:39:44.0606 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll - ok 12:39:44.0606 5844 [ 22439D1A72ED0293CD4ED6C4D8B0D7FD ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll 12:39:44.0606 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll - ok 12:39:44.0621 5844 [ 0ACC49E7FE0EBF8D0886B6E435F51E45 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll 12:39:44.0621 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll - ok 12:39:44.0621 5844 [ 9B00BCEAC0FC22E1ED9EADF14EF070F9 ] C:\Program Files\Common Files\Symantec Shared\ccScan.dll 12:39:44.0621 5844 C:\Program Files\Common Files\Symantec Shared\ccScan.dll - ok 12:39:44.0637 5844 [ 25D7A040A493AB91052F9170D4DB80D4 ] C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL 12:39:44.0637 5844 C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL - ok 12:39:44.0637 5844 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe 12:39:44.0637 5844 C:\Windows\System32\ie4uinit.exe - ok 12:39:44.0652 5844 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll 12:39:44.0652 5844 C:\Windows\System32\iedkcs32.dll - ok 12:39:44.0652 5844 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl 12:39:44.0652 5844 C:\Windows\System32\timedate.cpl - ok 12:39:44.0668 5844 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll 12:39:44.0668 5844 C:\Windows\System32\actxprxy.dll - ok 12:39:44.0668 5844 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll 12:39:44.0668 5844 C:\Windows\System32\msshsq.dll - ok 12:39:44.0668 5844 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\99924713.sys 12:39:44.0668 5844 C:\Windows\System32\drivers\99924713.sys - ok 12:39:44.0684 5844 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll 12:39:44.0699 5844 C:\Windows\System32\NaturalLanguage6.dll - ok 12:39:44.0699 5844 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll 12:39:44.0699 5844 C:\Windows\System32\NlsData0009.dll - ok 12:39:44.0715 5844 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll 12:39:44.0715 5844 C:\Windows\System32\NlsLexicons0009.dll - ok 12:39:44.0715 5844 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll 12:39:44.0715 5844 C:\Windows\System32\linkinfo.dll - ok 12:39:44.0730 5844 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll 12:39:44.0730 5844 C:\Windows\System32\riched20.dll - ok 12:39:44.0730 5844 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll 12:39:44.0730 5844 C:\Windows\System32\networkexplorer.dll - ok 12:39:44.0746 5844 [ 8B407DA061D8E81974F8D071BE02D78A ] F:\Program Files\iTunes\iTunes.exe 12:39:44.0746 5844 F:\Program Files\iTunes\iTunes.exe - ok 12:39:44.0746 5844 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 12:39:44.0746 5844 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll - ok 12:39:44.0762 5844 [ 533AECD1B5356870AE2D905B4D3B42B7 ] C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll 12:39:44.0762 5844 C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll - ok 12:39:44.0762 5844 [ 0D392EDE3B97E0B3131B2F63EF1DB94E ] C:\Program Files\Windows Defender\MSASCui.exe 12:39:44.0762 5844 C:\Program Files\Windows Defender\MSASCui.exe - ok 12:39:44.0777 5844 [ D2CA35A3F711E613D9399845CE9302FA ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 12:39:44.0777 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok 12:39:44.0777 5844 [ 59A7A606B158D4B9A2F966FA179ED0C4 ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\CCERASER.DLL 12:39:44.0777 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\CCERASER.DLL - ok 12:39:44.0824 5844 [ 85B8B4032A895A746D46A288A9B30DED ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\EECTRL.SYS 12:39:44.0824 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\EECTRL.SYS - ok 12:39:44.0840 5844 [ FF3BF05021BFECC92DB81B8257EEB026 ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 12:39:44.0840 5844 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe - ok 12:39:44.0840 5844 [ 7DF281B808B9EEE4761B2BABEA0D9995 ] C:\Program Files\Symantec AntiVirus\DefUtDCD.dll 12:39:44.0840 5844 C:\Program Files\Symantec AntiVirus\DefUtDCD.dll - ok 12:39:44.0855 5844 [ 9EC8510AB428F079BFCC96A7B2F8709C ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\ECMSVR32.DLL 12:39:44.0855 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\ECMSVR32.DLL - ok 12:39:44.0855 5844 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll 12:39:44.0855 5844 C:\Windows\System32\ExplorerFrame.dll - ok 12:39:44.0871 5844 [ BF67A8F7CC0E83D226FED8B4E27F8C33 ] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe 12:39:44.0871 5844 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe - ok 12:39:44.0871 5844 [ 69F88751C739AE79908B5BFCE8D9915B ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX32A.DLL 12:39:44.0871 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX32A.DLL - ok 12:39:44.0886 5844 [ C84A5C60883395B875F01140F48BB887 ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG32.DLL 12:39:44.0886 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG32.DLL - ok 12:39:44.0886 5844 [ 9ABF687071C649609BF7E177062A9008 ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 12:39:44.0886 5844 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe - ok 12:39:44.0902 5844 [ 7AFDC3C713253451CD1F3C809903018B ] C:\Program Files\Common Files\Symantec Shared\ccApp.exe 12:39:44.0902 5844 C:\Program Files\Common Files\Symantec Shared\ccApp.exe - ok 12:39:44.0902 5844 [ 62F305095A75FB319D1D91DA9D4083E6 ] C:\Program Files\Symantec AntiVirus\VPTray.exe 12:39:44.0902 5844 C:\Program Files\Symantec AntiVirus\VPTray.exe - ok 12:39:44.0902 5844 [ 267B3A856E9F4DB1CABD4E6DB71E07D2 ] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe 12:39:44.0902 5844 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe - ok 12:39:44.0918 5844 [ 00D1FB0073B4A8BD2989EA8FF4CC792B ] C:\Program Files\Dell Support Center\bin\sprtcmd.exe 12:39:44.0918 5844 C:\Program Files\Dell Support Center\bin\sprtcmd.exe - ok 12:39:44.0918 5844 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe 12:39:44.0918 5844 C:\Windows\System32\control.exe - ok 12:39:44.0933 5844 [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll 12:39:44.0933 5844 C:\Windows\System32\thumbcache.dll - ok 12:39:44.0933 5844 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll 12:39:44.0933 5844 C:\Windows\System32\stobject.dll - ok 12:39:44.0949 5844 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll 12:39:44.0949 5844 C:\Windows\System32\batmeter.dll - ok 12:39:44.0949 5844 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll 12:39:44.0949 5844 C:\Windows\System32\SndVolSSO.dll - ok 12:39:44.0949 5844 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll 12:39:44.0949 5844 C:\Windows\System32\netshell.dll - ok 12:39:44.0964 5844 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll 12:39:44.0964 5844 C:\Windows\System32\pnidui.dll - ok 12:39:44.0964 5844 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll 12:39:44.0964 5844 C:\Windows\System32\wlanutil.dll - ok 12:39:44.0980 5844 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll 12:39:44.0980 5844 C:\Windows\System32\rasdlg.dll - ok 12:39:44.0980 5844 [ 398A8EC90F058C61F6DDC0E5440A8F27 ] C:\Program Files\Stardock\Fences\FencesMenu.dll 12:39:44.0980 5844 C:\Program Files\Stardock\Fences\FencesMenu.dll - ok 12:39:44.0996 5844 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll 12:39:44.0996 5844 C:\Windows\System32\wlanapi.dll - ok 12:39:44.0996 5844 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll 12:39:44.0996 5844 C:\Windows\System32\onex.dll - ok 12:39:44.0996 5844 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll 12:39:44.0996 5844 C:\Windows\System32\eappprxy.dll - ok 12:39:45.0011 5844 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll 12:39:45.0011 5844 C:\Windows\System32\eappcfg.dll - ok 12:39:45.0011 5844 [ 0BE08F4B69EF75C6EEE4330C4F389614 ] C:\Program Files\Stardock\Fences\DesktopDock.dll 12:39:45.0011 5844 C:\Program Files\Stardock\Fences\DesktopDock.dll - ok 12:39:45.0011 5844 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll 12:39:45.0011 5844 C:\Windows\System32\AltTab.dll - ok 12:39:45.0027 5844 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll 12:39:45.0027 5844 C:\Windows\System32\WPDShServiceObj.dll - ok 12:39:45.0042 5844 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll 12:39:45.0042 5844 C:\Windows\System32\PortableDeviceTypes.dll - ok 12:39:45.0058 5844 [ 9E6DC845DED46CCBE085DD24503750C0 ] C:\Program Files\Stardock\Fences\Fences.exe 12:39:45.0058 5844 C:\Program Files\Stardock\Fences\Fences.exe - ok 12:39:45.0058 5844 [ 7855EA6ACBAD155EFFE6F0BA94790F50 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll 12:39:45.0058 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok 12:39:45.0074 5844 [ 733DA847D5C3E32C40BA831BEAA8DC93 ] C:\Windows\sttray.exe 12:39:45.0074 5844 C:\Windows\sttray.exe - ok 12:39:45.0074 5844 [ 21221CD7C7C844F6F0E0B7BC69CBA36B ] C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE 12:39:45.0074 5844 C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE - ok 12:39:45.0089 5844 [ 76FF9F849B0B56A73082DA8294821460 ] C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll 12:39:45.0089 5844 C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll - ok 12:39:45.0089 5844 [ C1873D880786B6B03AF781E23835D925 ] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe 12:39:45.0089 5844 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe - ok 12:39:45.0105 5844 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 12:39:45.0105 5844 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - ok 12:39:45.0105 5844 [ 26DE50A7F668F541B8130A0E26EFF3D8 ] C:\Program Files\Microsoft Works\MSWorks.exe 12:39:45.0105 5844 C:\Program Files\Microsoft Works\MSWorks.exe - ok 12:39:45.0120 5844 [ C37571F7C79C3972D641804F1DF7C0F5 ] C:\Program Files\Microsoft Works\wksdb.exe 12:39:45.0120 5844 C:\Program Files\Microsoft Works\wksdb.exe - ok 12:39:45.0120 5844 [ 42CDFB2273EEC623B903C311B19FB484 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe 12:39:45.0120 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe - ok 12:39:45.0136 5844 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe 12:39:45.0136 5844 C:\Program Files\Windows Calendar\WinCal.exe - ok 12:39:45.0136 5844 [ F7DD2D785280DB73DC9060F80361BEFB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 12:39:45.0136 5844 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok 12:39:45.0152 5844 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe 12:39:45.0152 5844 C:\Program Files\Windows Mail\wab.exe - ok 12:39:45.0152 5844 [ 73430E79D6DF4DE9055E2A7742B881D3 ] C:\Program Files\QuickTime\QTTask.exe 12:39:45.0152 5844 C:\Program Files\QuickTime\QTTask.exe - ok 12:39:45.0152 5844 [ 1DA3649A396560D207489150F4FA25DF ] C:\Program Files\Common Files\Symantec Shared\ccProd.dll 12:39:45.0152 5844 C:\Program Files\Common Files\Symantec Shared\ccProd.dll - ok 12:39:45.0167 5844 [ D743372A621ED03A274539A88EEB3450 ] F:\Program Files\iTunes\iTunesHelper.exe 12:39:45.0167 5844 F:\Program Files\iTunes\iTunesHelper.exe - ok 12:39:45.0167 5844 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe 12:39:45.0167 5844 C:\Program Files\Windows Collaboration\WinCollab.exe - ok 12:39:45.0183 5844 [ 392845E8D49B5F0E81AAC4D795000A8C ] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe 12:39:45.0183 5844 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - ok 12:39:45.0183 5844 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe 12:39:45.0183 5844 C:\Program Files\Movie Maker\MOVIEMK.exe - ok 12:39:45.0183 5844 [ 4EB0C6C3EF4D8885CF2B5D0062F31E44 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe 12:39:45.0183 5844 C:\Program Files\DivX\DivX Update\DivXUpdate.exe - ok 12:39:45.0198 5844 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe 12:39:45.0198 5844 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok 12:39:45.0198 5844 [ C10997CADE9231395002707B8FB23AF4 ] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe 12:39:45.0198 5844 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe - ok 12:39:45.0214 5844 [ E3A9BCC3BAF5909361963AF8D49E1EC9 ] C:\Program Files\PC Tools Registry Mechanic\Alert.exe 12:39:45.0214 5844 C:\Program Files\PC Tools Registry Mechanic\Alert.exe - ok 12:39:45.0214 5844 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe 12:39:45.0214 5844 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok 12:39:45.0230 5844 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe 12:39:45.0230 5844 C:\Windows\System32\wuapp.exe - ok 12:39:45.0230 5844 [ 9E35FF7F943AE0FB89192BFE058B7FD4 ] C:\Program Files\Windows Sidebar\sidebar.exe 12:39:45.0230 5844 C:\Program Files\Windows Sidebar\sidebar.exe - ok 12:39:45.0245 5844 [ 8F58544719E1C435BC36A8B207096581 ] C:\Windows\System32\verclsid.exe 12:39:45.0245 5844 C:\Windows\System32\verclsid.exe - ok 12:39:45.0245 5844 [ 7001ED498AFE9921DB7231878DE1CE12 ] F:\Program Files\iTunes\iTunesHelper.dll 12:39:45.0245 5844 F:\Program Files\iTunes\iTunesHelper.dll - ok 12:39:45.0261 5844 [ 9C94183A22256C35B025A900AF4B5372 ] F:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll 12:39:45.0261 5844 F:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok 12:39:45.0261 5844 [ 3AF147EDC68CB34CB91B606DB6304F11 ] F:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll 12:39:45.0261 5844 F:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok 12:39:45.0276 5844 [ EF764E33878B3A4A9E5A2FB5D0D031D0 ] C:\Windows\System32\dciman32.dll 12:39:45.0276 5844 C:\Windows\System32\dciman32.dll - ok 12:39:45.0276 5844 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll 12:39:45.0276 5844 C:\Windows\System32\ntshrui.dll - ok 12:39:45.0292 5844 [ D7675F963BE522060140ECD15607BCB8 ] C:\Windows\System32\DLAAPI_W.DLL 12:39:45.0292 5844 C:\Windows\System32\DLAAPI_W.DLL - ok 12:39:45.0292 5844 [ D299BE72FB0554016F69C3CF04274D7C ] C:\Program Files\Roxio\Drag-to-Disc\ShellRes.DLL 12:39:45.0292 5844 C:\Program Files\Roxio\Drag-to-Disc\ShellRes.DLL - ok 12:39:45.0292 5844 [ B1CD1BCD8DB4351FDB026EC750F1F806 ] C:\Program Files\WinZip\WINZIP32.EXE 12:39:45.0292 5844 C:\Program Files\WinZip\WINZIP32.EXE - ok 12:39:45.0308 5844 [ CC4413981C4F1234E6E884DFF8B99C03 ] C:\Program Files\DellSupport\DSAgnt.exe 12:39:45.0308 5844 C:\Program Files\DellSupport\DSAgnt.exe - ok 12:39:45.0323 5844 [ 7F317D4826FDA6682B63942D248AF96E ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll 12:39:45.0323 5844 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok 12:39:45.0339 5844 [ A6FA5D45ACF2E855F890FAC505EFEDB2 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll 12:39:45.0339 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok 12:39:45.0339 5844 [ 5A8EE90789295C5A6A867580FB4D955E ] C:\Program Files\WinZip\WZ32.DLL 12:39:45.0339 5844 C:\Program Files\WinZip\WZ32.DLL - ok 12:39:45.0354 5844 [ F02A533F517EB38333CB12A9E8963773 ] C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe 12:39:45.0354 5844 C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe - ok 12:39:45.0354 5844 [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe 12:39:45.0354 5844 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok 12:39:45.0354 5844 [ EB4CDF2ECA64FBACAFBAD2B04B1B2862 ] C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 12:39:45.0354 5844 C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll - ok 12:39:45.0370 5844 [ FA2A3AFADC4FB47DBC234A4E57F92CDB ] C:\Windows\System32\ddraw.dll 12:39:45.0370 5844 C:\Windows\System32\ddraw.dll - ok 12:39:45.0370 5844 [ 21C0D7CF8FF91A6ED206CD327FA1CE4B ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll 12:39:45.0370 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll - ok 12:39:45.0386 5844 [ ED3F7B4548A13561278BF6018D1364A0 ] C:\Windows\System32\stlang.dll 12:39:45.0386 5844 C:\Windows\System32\stlang.dll - ok 12:39:45.0386 5844 [ 894AC58BD04D4CFEFB92E458EBEB99F7 ] C:\Program Files\Stardock\Fences\VistaBridgeLibrary.dll 12:39:45.0386 5844 C:\Program Files\Stardock\Fences\VistaBridgeLibrary.dll - ok 12:39:45.0401 5844 [ 3EDD138C17FAB3703DE80A8F9B70C00E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Fences\7986e4f0d8fd3a3fe572131f9027566a\Fences.ni.exe 12:39:45.0401 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\Fences\7986e4f0d8fd3a3fe572131f9027566a\Fences.ni.exe - ok 12:39:45.0401 5844 [ 9BF6EFFF98EB48F96AE02F3E1EF4AAD3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll 12:39:45.0401 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll - ok 12:39:45.0417 5844 [ 358025079D90D14C518FD6AF71DF59AF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\69b17f1655da13d2cf4b8ca6e54e47d3\VistaBridgeLibrary.ni.dll 12:39:45.0417 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\69b17f1655da13d2cf4b8ca6e54e47d3\VistaBridgeLibrary.ni.dll - ok 12:39:45.0417 5844 [ C2CA4CB1650AE3DEF41C948FF9D37B86 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll 12:39:45.0417 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll - ok 12:39:45.0417 5844 [ 530ED4B00397C2E65DDFDDFAC60744D2 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll 12:39:45.0417 5844 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok 12:39:45.0432 5844 [ 22BFD03DF51065A9ED8D17F8FB72296B ] C:\Windows\System32\ctfmon.exe 12:39:45.0432 5844 C:\Windows\System32\ctfmon.exe - ok 12:39:45.0432 5844 [ 6912D02CC912B980C8C12F9CDADB8763 ] C:\Program Files\Evernote\Evernote\EvernoteClipper.exe 12:39:45.0432 5844 C:\Program Files\Evernote\Evernote\EvernoteClipper.exe - ok 12:39:45.0448 5844 [ E92143D1B2E32FAF6CC56FD97B908F6A ] C:\Windows\System32\wpdshext.dll 12:39:45.0448 5844 C:\Windows\System32\wpdshext.dll - ok 12:39:45.0448 5844 [ 8AC44F0E443974442B574E1DE77C8877 ] C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe 12:39:45.0448 5844 C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe - ok 12:39:45.0448 5844 [ 8FB193CA7E2E6617913A45E783712F6D ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll 12:39:45.0448 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll - ok 12:39:45.0464 5844 [ F7950E8FBB9B26E1A347F00E11EA42B5 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll 12:39:45.0464 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok 12:39:45.0464 5844 [ 33642C17C232AA272C68E446A2619899 ] C:\Program Files\iPod\bin\iPodService.exe 12:39:45.0464 5844 C:\Program Files\iPod\bin\iPodService.exe - ok 12:39:45.0479 5844 [ C4B5D43704B407C9B0D19AB19BB5303D ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll 12:39:45.0479 5844 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok 12:39:45.0495 5844 [ 2C542B82121066EA97B864F0F02A035C ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll 12:39:45.0495 5844 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok 12:39:45.0495 5844 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll 12:39:45.0495 5844 C:\Program Files\CyberLink\PowerDVD DX\MFC71.dll - ok 12:39:45.0526 5844 [ A944A73CEC5921B871542FE5CC5E03E4 ] C:\Windows\System32\olepro32.dll 12:39:45.0526 5844 C:\Windows\System32\olepro32.dll - ok 12:39:45.0526 5844 [ 9490ABBFEF7A38AADE248D73A83ECD2A ] C:\Program Files\Cisco Systems\VPN Client\vpngui.exe 12:39:45.0526 5844 C:\Program Files\Cisco Systems\VPN Client\vpngui.exe - ok 12:39:45.0526 5844 [ 3CC2A27927FE746D5946599821C5F8B7 ] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe 12:39:45.0526 5844 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - ok 12:39:45.0542 5844 [ 38A06338E10BC8C636FC20E8ADFE6BCA ] C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll 12:39:45.0542 5844 C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll - ok 12:39:45.0542 5844 [ FE56C0DA05F4C3B8BEAB297C486FF737 ] C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll 12:39:45.0542 5844 C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll - ok 12:39:45.0557 5844 [ 7145783529EC02A6B78F851EF97A12FE ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe 12:39:45.0557 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe - ok 12:39:45.0557 5844 [ 9138E5C7FB95A70030324EDB430BF4B3 ] C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe 12:39:45.0557 5844 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe - ok 12:39:45.0573 5844 [ 416ACCE24888703A2ECCB5DE31B51CF7 ] C:\Program Files\Common Files\Symantec Shared\ccAlert.dll 12:39:45.0573 5844 C:\Program Files\Common Files\Symantec Shared\ccAlert.dll - ok 12:39:45.0573 5844 [ 4D7603D34FAD7C1226B7C2302556584A ] C:\Program Files\Symantec AntiVirus\Cliproxy.dll 12:39:45.0573 5844 C:\Program Files\Symantec AntiVirus\Cliproxy.dll - ok 12:39:45.0588 5844 [ 059A79C3ECB5133247F671A6CAB84FBA ] C:\Program Files\Evernote\Evernote\encrashrep.dll 12:39:45.0588 5844 C:\Program Files\Evernote\Evernote\encrashrep.dll - ok 12:39:45.0588 5844 [ 714445FBC09B4D8A791FFCF8EA0E7320 ] C:\Program Files\Evernote\Evernote\libxml2.dll 12:39:45.0588 5844 C:\Program Files\Evernote\Evernote\libxml2.dll - ok 12:39:45.0604 5844 [ 7F3602ED34BE9131D7088EB37B62AA08 ] C:\Program Files\Evernote\Evernote\libpcre.dll 12:39:45.0604 5844 C:\Program Files\Evernote\Evernote\libpcre.dll - ok 12:39:45.0604 5844 [ ADC90EBBE2823C23A0406ACD3D6E9312 ] C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL 12:39:45.0604 5844 C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL - ok 12:39:45.0620 5844 [ BE3F2025B87338524FF4331B9D31D02D ] C:\Program Files\Evernote\Evernote\libtidy.dll 12:39:45.0620 5844 C:\Program Files\Evernote\Evernote\libtidy.dll - ok 12:39:45.0620 5844 [ 76543EEBCC6DC4D0063BE2C75CE86733 ] C:\Windows\System32\icacls.exe 12:39:45.0620 5844 C:\Windows\System32\icacls.exe - ok 12:39:45.0620 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll 12:39:45.0620 5844 C:\Program Files\CyberLink\PowerDVD DX\msvcr71.dll - ok 12:39:45.0635 5844 [ 034D3C1185B789B4B8F13C259BAC2C6E ] C:\Windows\System32\tracerpt.exe 12:39:45.0635 5844 C:\Windows\System32\tracerpt.exe - ok 12:39:45.0635 5844 [ E8A91A9F78F69E17B52C0F732CF87941 ] C:\Program Files\Symantec AntiVirus\DoScan.exe 12:39:45.0635 5844 C:\Program Files\Symantec AntiVirus\DoScan.exe - ok 12:39:45.0651 5844 [ 1B593FBB763150BD225DF266C69A9329 ] C:\Windows\System32\mfc42u.dll 12:39:45.0651 5844 C:\Windows\System32\mfc42u.dll - ok 12:39:45.0651 5844 [ 209079A828549205F9B5A7EC713E7E87 ] C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll 12:39:45.0651 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll - ok 12:39:45.0666 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll 12:39:45.0666 5844 C:\Program Files\CyberLink\PowerDVD DX\msvcp71.dll - ok 12:39:45.0666 5844 [ D87F1FD34AF36E24C4C37C8CFCA9FE80 ] C:\Program Files\DellSupport\gtagnt.dll 12:39:45.0666 5844 C:\Program Files\DellSupport\gtagnt.dll - ok 12:39:45.0682 5844 [ B7D321DB3D2F223FF5010D491AB6BD4B ] C:\Program Files\DellSupport\cfgdata.dll 12:39:45.0682 5844 C:\Program Files\DellSupport\cfgdata.dll - ok 12:39:45.0682 5844 [ 57602070F70951FA322F54B6574928E9 ] C:\Windows\System32\net.exe 12:39:45.0682 5844 C:\Windows\System32\net.exe - ok 12:39:45.0682 5844 [ 295363D4317820AED0D527E15B90A8ED ] C:\Windows\System32\pdh.dll 12:39:45.0682 5844 C:\Windows\System32\pdh.dll - ok 12:39:45.0698 5844 [ DF1F51D2938A403BFE671B13A12FA434 ] C:\Windows\System32\vdmdbg.dll 12:39:45.0713 5844 C:\Windows\System32\vdmdbg.dll - ok 12:39:45.0729 5844 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll 12:39:45.0729 5844 C:\Windows\System32\wbem\wmiprov.dll - ok 12:39:45.0729 5844 [ 4235107CAA0BCE7E872C4355329FC06E ] C:\Program Files\DellSupport\actmgr.dll 12:39:45.0729 5844 C:\Program Files\DellSupport\actmgr.dll - ok 12:39:45.0729 5844 [ 6B2574E3DC0FD35AB79676A36ED27F74 ] C:\Program Files\Symantec AntiVirus\SavUI.exe 12:39:45.0729 5844 C:\Program Files\Symantec AntiVirus\SavUI.exe - ok 12:39:45.0744 5844 [ 89D91075333013FF359213028787D4EE ] C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll 12:39:45.0744 5844 C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll - ok 12:39:45.0744 5844 [ 0486B27A7A31EDFA9F92A7F6BBC964E5 ] C:\Windows\System32\stapi32.dll 12:39:45.0744 5844 C:\Windows\System32\stapi32.dll - ok 12:39:45.0760 5844 [ E46A4765F8E6D631C9C9CB0B083602F5 ] C:\Program Files\Windows Media Player\wmpnssci.dll 12:39:45.0760 5844 C:\Program Files\Windows Media Player\wmpnssci.dll - ok 12:39:45.0760 5844 [ 205A365BD0D26637189AF931DC37B79A ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccEmlPxy.dll 12:39:45.0760 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccEmlPxy.dll - ok 12:39:45.0760 5844 [ 648AB74D9C104FB500B6C4EEDC6A8772 ] C:\Windows\System32\wmpmde.dll 12:39:45.0760 5844 C:\Windows\System32\wmpmde.dll - ok 12:39:45.0776 5844 [ BA812B7A161385730E44450FBA07316F ] C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll 12:39:45.0776 5844 C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll - ok 12:39:45.0791 5844 [ 67D16247C56C26A4F0D79D1A7F272B8F ] C:\Windows\System32\mf.dll 12:39:45.0791 5844 C:\Windows\System32\mf.dll - ok 12:39:45.0791 5844 [ 2495C4204C63678F8FD5D488CA7DAD26 ] C:\Windows\System32\evr.dll 12:39:45.0791 5844 C:\Windows\System32\evr.dll - ok 12:39:45.0791 5844 [ 3A2EEE8444A8E5C1A454C57B2198F5FC ] C:\Windows\System32\ntlanman.dll 12:39:45.0791 5844 C:\Windows\System32\ntlanman.dll - ok 12:39:45.0807 5844 [ 582EFE56FC0858E58A6CEBA2A64B02C7 ] C:\Windows\System32\drprov.dll 12:39:45.0807 5844 C:\Windows\System32\drprov.dll - ok 12:39:45.0807 5844 [ 4DF10CE50010D70152944B51E03588B0 ] C:\Windows\System32\wmdrmsdk.dll 12:39:45.0807 5844 C:\Windows\System32\wmdrmsdk.dll - ok 12:39:45.0822 5844 [ CFBD2E1FE18B50748A76703A2DC6D4E3 ] C:\Windows\System32\davclnt.dll 12:39:45.0822 5844 C:\Windows\System32\davclnt.dll - ok 12:39:45.0822 5844 [ EFD278F8129EE12F1D4AE0250494B791 ] C:\Windows\System32\dxva2.dll 12:39:45.0822 5844 C:\Windows\System32\dxva2.dll - ok 12:39:45.0822 5844 [ 015E99A7634B93E8BB0380C70F3D2CC3 ] C:\Windows\System32\wmp.dll 12:39:45.0822 5844 C:\Windows\System32\wmp.dll - ok 12:39:45.0838 5844 [ 38000D312118CD654A569FFF93A91442 ] C:\Program Files\Symantec AntiVirus\SAVCProd.dll 12:39:45.0838 5844 C:\Program Files\Symantec AntiVirus\SAVCProd.dll - ok 12:39:45.0838 5844 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll 12:39:45.0838 5844 C:\Windows\System32\srchadmin.dll - ok 12:39:45.0854 5844 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll 12:39:45.0854 5844 C:\Windows\System32\webcheck.dll - ok 12:39:45.0854 5844 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll 12:39:45.0854 5844 C:\Windows\System32\mlang.dll - ok 12:39:45.0869 5844 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll 12:39:45.0869 5844 C:\Windows\System32\SyncCenter.dll - ok 12:39:45.0869 5844 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56 ] C:\Windows\System32\wscntfy.dll 12:39:45.0869 5844 C:\Windows\System32\wscntfy.dll - ok 12:39:45.0869 5844 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys 12:39:45.0869 5844 C:\Windows\System32\drivers\cdfs.sys - ok 12:39:45.0885 5844 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll 12:39:45.0885 5844 C:\Windows\System32\imapi2.dll - ok 12:39:45.0885 5844 [ 1409EB2C3CB92D612E124D52ED766359 ] C:\Program Files\Dell Support Center\bin\sprtmessage.dll 12:39:45.0885 5844 C:\Program Files\Dell Support Center\bin\sprtmessage.dll - ok 12:39:45.0900 5844 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl 12:39:45.0900 5844 C:\Windows\System32\bthprops.cpl - ok 12:39:45.0900 5844 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll 12:39:45.0900 5844 C:\Windows\System32\msvfw32.dll - ok 12:39:45.0900 5844 [ 9441A231C0AA0712F7CF3B10D9CFCF76 ] C:\Windows\System32\wmploc.DLL 12:39:45.0900 5844 C:\Windows\System32\wmploc.DLL - ok 12:39:45.0916 5844 [ 617F9A5813E69F6E9ED94B811EC75396 ] C:\Windows\System32\wmpps.dll 12:39:45.0916 5844 C:\Windows\System32\wmpps.dll - ok 12:39:45.0916 5844 [ A7C5909466BE1F685596AE0AE9939A2C ] C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll 12:39:45.0916 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll - ok 12:39:45.0916 5844 [ 3CC5076730CF551242EB8182998A4E85 ] C:\Program Files\Common Files\Symantec Shared\SymRedir.dll 12:39:45.0916 5844 C:\Program Files\Common Files\Symantec Shared\SymRedir.dll - ok 12:39:45.0932 5844 [ 10685A9A922E971B2B4D811A374A01E1 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll 12:39:45.0932 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll - ok 12:39:45.0932 5844 [ 7F4011A719BF30E3DBD84D3A0A45C91C ] C:\Windows\System32\drivers\symredrv.sys 12:39:45.0932 5844 C:\Windows\System32\drivers\symredrv.sys - ok 12:39:45.0947 5844 [ 00FF924142D90A147BCEE8975E39D9C0 ] C:\Program Files\Symantec AntiVirus\SavEmail.dll 12:39:45.0947 5844 C:\Program Files\Symantec AntiVirus\SavEmail.dll - ok 12:39:45.0947 5844 [ BF0CFC7156E22D24184CC53BC5A8A50A ] C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll 12:39:45.0947 5844 C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll - ok 12:39:45.0963 5844 [ 0547AF400AE6B4F8646148739E0F24FA ] C:\Program Files\Dell Support Center\bin\sprtevent.dll 12:39:45.0963 5844 C:\Program Files\Dell Support Center\bin\sprtevent.dll - ok 12:39:45.0963 5844 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\goopdate.dll 12:39:45.0963 5844 C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\goopdate.dll - ok 12:39:45.0978 5844 [ A395ABC175604A4F863A0ECF9EE794CA ] C:\Program Files\Dell Support Center\bin\sprtui.dll 12:39:45.0978 5844 C:\Program Files\Dell Support Center\bin\sprtui.dll - ok 12:39:45.0978 5844 [ 7AC23E98BEC7A2E9C9F5754506C50C14 ] C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll 12:39:45.0978 5844 C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll - ok 12:39:45.0994 5844 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe 12:39:45.0994 5844 C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok 12:39:45.0994 5844 [ 2EA4F4471281EF0E7295D12253F01DF3 ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\brkrsvch.dll 12:39:45.0994 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\brkrsvch.dll - ok 12:39:45.0994 5844 [ 896F1DAE48558CE96AF012C7E594CCC6 ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\grouph.dll 12:39:45.0994 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\grouph.dll - ok 12:39:46.0010 5844 [ D2C8BE14BCC8A49F9411557DB6028CAB ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\pnph.dll 12:39:46.0010 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\pnph.dll - ok 12:39:46.0010 5844 [ F08F525453D3AD31EC20AF779AE27040 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll 12:39:46.0010 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Utility.dll - ok 12:39:46.0025 5844 [ A8A5453F6DAA4BCACD02FBF2EF3F7C1F ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\qdiagh.dll 12:39:46.0025 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\qdiagh.dll - ok 12:39:46.0025 5844 [ 755AD13D0042329925E2FAF3D070326D ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgloadh.dll 12:39:46.0025 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgloadh.dll - ok 12:39:46.0041 5844 [ 6472D141970830F856778DE71EB93319 ] C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgregh.dll 12:39:46.0041 5844 C:\PROGRA~1\DELLSU~1\GTAction\handlers\trgregh.dll - ok 12:39:46.0041 5844 [ 7D1913E59C79AB565A73020F8BD13B40 ] C:\Program Files\DellSupport\trgmgr.dll 12:39:46.0041 5844 C:\Program Files\DellSupport\trgmgr.dll - ok 12:39:46.0041 5844 [ 7C5393905B52C3DC56A810C823DA4211 ] C:\Program Files\DellSupport\qdiagd.ocx 12:39:46.0041 5844 C:\Program Files\DellSupport\qdiagd.ocx - ok 12:39:46.0056 5844 [ 8F4757511BA745A81378CB93EB6C430D ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll 12:39:46.0056 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll - ok 12:39:46.0056 5844 [ 1BBC044533A77BE2519497966354B763 ] C:\Program Files\DellSupport\gdql_d.dll 12:39:46.0056 5844 C:\Program Files\DellSupport\gdql_d.dll - ok 12:39:46.0072 5844 [ 995A1C3E7B9B5E2AA4568B667627B4AE ] C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a92b3267\System.Windows.Forms.dll 12:39:46.0072 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a92b3267\System.Windows.Forms.dll - ok 12:39:46.0072 5844 [ A03D9D6408A723F264F1FB77298EC63B ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll 12:39:46.0072 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.dll - ok 12:39:46.0088 5844 [ 65062D18283065799715EA6001C07709 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll 12:39:46.0088 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XMLSettings.dll - ok 12:39:46.0088 5844 [ E75963624A3F55C90AC8A7C2E65072FF ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll 12:39:46.0088 5844 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok 12:39:46.0103 5844 [ 6E787792EDD9039B02D8244C02E57DC4 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll 12:39:46.0103 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll - ok 12:39:46.0103 5844 [ 07F649CD36F266BBE33B814FA678AA43 ] C:\Windows\System32\mshtml.dll 12:39:46.0103 5844 C:\Windows\System32\mshtml.dll - ok 12:39:46.0103 5844 [ AC6B8F8058EE27932F9AF8A2D959D201 ] C:\Windows\System32\msimtf.dll 12:39:46.0103 5844 C:\Windows\System32\msimtf.dll - ok 12:39:46.0119 5844 [ 02EF2C66653D28D964B03EF44A942BF0 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\timert.dll 12:39:46.0119 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\timert.dll - ok 12:39:46.0119 5844 [ 928C90E02E05244D2290C1551DF732C8 ] C:\Windows\System32\avicap32.dll 12:39:46.0119 5844 C:\Windows\System32\avicap32.dll - ok 12:39:46.0119 5844 [ A3FA99A16F10D44EDB7A8C340FA2EE1B ] C:\Windows\System32\jscript9.dll 12:39:46.0119 5844 C:\Windows\System32\jscript9.dll - ok 12:39:46.0134 5844 [ 96BA82BF1F1968E44FE80E5B6DE21E13 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\regt.dll 12:39:46.0134 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\regt.dll - ok 12:39:46.0134 5844 [ 8992F45DED6B63B919BDEB6D270FF9C8 ] C:\Windows\System32\wshom.ocx 12:39:46.0134 5844 C:\Windows\System32\wshom.ocx - ok 12:39:46.0134 5844 [ 3DB1530CDD7AEF2BCFA6FB77D097CDDA ] C:\Windows\System32\scrrun.dll 12:39:46.0134 5844 C:\Windows\System32\scrrun.dll - ok 12:39:46.0150 5844 [ E9B39C81C87E5B790FCE121DA9E02701 ] C:\Windows\System32\d2d1.dll 12:39:46.0150 5844 C:\Windows\System32\d2d1.dll - ok 12:39:46.0150 5844 [ 7BC0410ADF51083C2694AC19FF3C6847 ] C:\Program Files\Windows Defender\MpRtMon.dll 12:39:46.0150 5844 C:\Program Files\Windows Defender\MpRtMon.dll - ok 12:39:46.0166 5844 [ 01B46BEECE252636A678E9312E6031FD ] C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll 12:39:46.0166 5844 C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll - ok 12:39:46.0166 5844 [ A61ACA63218EB5C9439CE06E30021B6C ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll 12:39:46.0166 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.DataClad.DataAccess.dll - ok 12:39:46.0181 5844 [ 5FB486DB877DFBB52828D77F110EBA9D ] C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll 12:39:46.0181 5844 C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll - ok 12:39:46.0181 5844 [ BD7A81CFBA3ACFB5D82D180F6AD8635B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll 12:39:46.0181 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll - ok 12:39:46.0197 5844 [ CABD1B34BD05C986B4DBC18BC0E947EE ] C:\Windows\System32\DWrite.dll 12:39:46.0197 5844 C:\Windows\System32\DWrite.dll - ok 12:39:46.0197 5844 [ 3A72AB0BAF2DC1AE0BA6E1EE28FFCC0B ] C:\Windows\System32\msftedit.dll 12:39:46.0197 5844 C:\Windows\System32\msftedit.dll - ok 12:39:46.0197 5844 [ EE8E76761A4AEE5685D92A770A3B4B1F ] C:\Program Files\Dell Support Center\gs_agent\dsc.exe 12:39:46.0197 5844 C:\Program Files\Dell Support Center\gs_agent\dsc.exe - ok 12:39:46.0212 5844 [ 506B6592BF6116521F152DCCB39A6143 ] C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll 12:39:46.0212 5844 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok 12:39:46.0212 5844 [ 215AA9D65DABCF3CFB149B8D60F40346 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll 12:39:46.0212 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll - ok 12:39:46.0228 5844 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll 12:39:46.0228 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok 12:39:46.0228 5844 [ 448452164AF599409FFB40139873E5F9 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSproct.dll 12:39:46.0228 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSproct.dll - ok 12:39:46.0244 5844 [ 413F2D5F9D802688242C23B38F767ECB ] C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 12:39:46.0244 5844 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - ok 12:39:46.0244 5844 [ 3D293E0DFDFD4C17AB7E5D4E6065C0E7 ] C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSWnHnt.dll 12:39:46.0244 5844 C:\PROGRA~1\DELLSU~1\GTAction\triggers\DSWnHnt.dll - ok 12:39:46.0259 5844 [ 4A2A016491F169B5EC954D948565E251 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll 12:39:46.0259 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.BMU.dll - ok 12:39:46.0259 5844 [ 5256383D1D266A9EEFCDB270340C0E5C ] C:\Windows\System32\d3d10_1.dll 12:39:46.0259 5844 C:\Windows\System32\d3d10_1.dll - ok 12:39:46.0259 5844 [ B496B5322FC36979DDCA98B2BF43B150 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll 12:39:46.0259 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Interop.dll - ok 12:39:46.0275 5844 [ A441F5B43EAF4BD4E3ACFBE38841B46B ] C:\Windows\System32\d3d10_1core.dll 12:39:46.0275 5844 C:\Windows\System32\d3d10_1core.dll - ok 12:39:46.0275 5844 [ 4A4C71376ECA305D6DEA021F1A44816D ] C:\Windows\System32\d3d10warp.dll 12:39:46.0275 5844 C:\Windows\System32\d3d10warp.dll - ok 12:39:46.0290 5844 [ A5D073E47008E57CAE3BF51838DA0F93 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll 12:39:46.0290 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\SQLite.NET.dll - ok 12:39:46.0290 5844 [ F3455E60B905D95D22F7AB8A6B49ACCE ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll 12:39:46.0290 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll - ok 12:39:46.0306 5844 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll 12:39:46.0306 5844 C:\Windows\System32\msls31.dll - ok 12:39:46.0306 5844 [ 16BEF6B679947E4B3C113B3798F746DB ] C:\Program Files\DellSupport\AUInst.dll 12:39:46.0306 5844 C:\Program Files\DellSupport\AUInst.dll - ok 12:39:46.0306 5844 [ 631289583481C45C7342EFD57442B738 ] C:\Program Files\Common Files\microsoft shared\vgx\VGX.dll 12:39:46.0306 5844 C:\Program Files\Common Files\microsoft shared\vgx\VGX.dll - ok 12:39:46.0322 5844 [ 8B02D2ECC7EF6E1F6AF08459E3F741F6 ] C:\Windows\System32\d3d10.dll 12:39:46.0322 5844 C:\Windows\System32\d3d10.dll - ok 12:39:46.0322 5844 [ 9C7094F537782A82B6A29B4A7172E180 ] C:\Windows\System32\d3d10core.dll 12:39:46.0322 5844 C:\Windows\System32\d3d10core.dll - ok 12:39:46.0337 5844 [ 76A341458F3DCBD0B869690BE8CFA6E3 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll 12:39:46.0337 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll - ok 12:39:46.0353 5844 [ 3DF8BDD8A7203239ABABA6241F91B757 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll 12:39:46.0353 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll - ok 12:39:46.0353 5844 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:39:46.0353 5844 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok 12:39:46.0353 5844 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll 12:39:46.0353 5844 C:\Windows\System32\msvcr100_clr0400.dll - ok 12:39:46.0368 5844 [ D466680EE8965924052C62B39E591155 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Third-party.Security.dll 12:39:46.0368 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Tanagra.Third-party.Security.dll - ok 12:39:46.0368 5844 [ A9154A572DB92D409131B333DAF66C0C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll 12:39:46.0368 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll - ok 12:39:46.0384 5844 [ 05C245593DCB591A6B38A796D0C1975E ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 12:39:46.0384 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok 12:39:46.0384 5844 [ 14B1AF40195CF5DB586F39387A77AFB6 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll 12:39:46.0384 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok 12:39:46.0400 5844 [ 7A9DE8B16CF183D1038E49C9613275B7 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll 12:39:46.0400 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok 12:39:46.0400 5844 [ FB875FBE3BD042F6A69A4406178C561B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll 12:39:46.0400 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok 12:39:46.0415 5844 [ 304503DEE4D3F7989B8660C62CAFAE28 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe 12:39:46.0415 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok 12:39:46.0415 5844 [ 4BAEC13BCAA595639EBB5185278DEFEA ] C:\Windows\System32\fdWSD.dll 12:39:46.0415 5844 C:\Windows\System32\fdWSD.dll - ok 12:39:46.0415 5844 [ B5EF1DA337DB9859709A387638AC5E07 ] C:\Windows\System32\SearchProtocolHost.exe 12:39:46.0415 5844 C:\Windows\System32\SearchProtocolHost.exe - ok 12:39:46.0431 5844 [ 582BE479E7E286BB3B31C5A4C3DC3987 ] C:\Windows\System32\msshooks.dll 12:39:46.0431 5844 C:\Windows\System32\msshooks.dll - ok 12:39:46.0431 5844 [ 771AF583BC58373A84496CCD52C36E33 ] C:\Windows\System32\mssvp.dll 12:39:46.0431 5844 C:\Windows\System32\mssvp.dll - ok 12:39:46.0431 5844 [ 98C77FD99F3DB37B2C03F32B8F837B65 ] C:\Windows\System32\mapi32.dll 12:39:46.0431 5844 C:\Windows\System32\mapi32.dll - ok 12:39:46.0446 5844 [ 351319EF11C263C95FB721AC76F436D6 ] C:\Windows\System32\mssph.dll 12:39:46.0446 5844 C:\Windows\System32\mssph.dll - ok 12:39:46.0446 5844 [ E290E3FDF645DF29D00D6368B9127E30 ] C:\Windows\System32\msfeeds.dll 12:39:46.0446 5844 C:\Windows\System32\msfeeds.dll - ok 12:39:46.0462 5844 [ A1CD5CE96F0A5426DB9A2F793854D1B8 ] C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL 12:39:46.0462 5844 C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL - ok 12:39:46.0462 5844 [ C9EE7FF225EAC1CB9C78C413667CDB80 ] C:\Windows\System32\SearchFilterHost.exe 12:39:46.0462 5844 C:\Windows\System32\SearchFilterHost.exe - ok 12:39:46.0462 5844 [ 443C5961CACD4ABC16648874AF06E4A0 ] C:\Windows\System32\fdSSDP.dll 12:39:46.0462 5844 C:\Windows\System32\fdSSDP.dll - ok 12:39:46.0478 5844 [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe 12:39:46.0478 5844 C:\Windows\System32\mobsync.exe - ok 12:39:46.0478 5844 [ ABAEAEE763E287BDD39094C4165E1F3F ] C:\Windows\System32\fdProxy.dll 12:39:46.0478 5844 C:\Windows\System32\fdProxy.dll - ok 12:39:46.0493 5844 [ 8078F8F8F7A79E2E6B494523A828C585 ] C:\Windows\System32\msdtckrm.dll 12:39:46.0493 5844 C:\Windows\System32\msdtckrm.dll - ok 12:39:46.0493 5844 [ 7599E425947A595448DA778B610923BC ] C:\Program Files\Windows Media Player\wmpsyncmgr.dll 12:39:46.0493 5844 C:\Program Files\Windows Media Player\wmpsyncmgr.dll - ok 12:39:46.0493 5844 [ 0629259E3AF6BB0534FCECA208973404 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:39:46.0493 5844 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok 12:39:46.0509 5844 [ FD647CA82ACF232DBE5F20345647B948 ] C:\Windows\AppPatch\AcGenral.dll 12:39:46.0509 5844 C:\Windows\AppPatch\AcGenral.dll - ok 12:39:46.0509 5844 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll 12:39:46.0509 5844 C:\Windows\System32\wuapi.dll - ok 12:39:46.0524 5844 [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\Windows\System32\mspatcha.dll 12:39:46.0524 5844 C:\Windows\System32\mspatcha.dll - ok 12:39:46.0524 5844 ============================================================ 12:39:46.0524 5844 Scan finished 12:39:46.0524 5844 ============================================================ 12:39:46.0540 5836 Detected object count: 20 12:39:46.0540 5836 Actual detected object count: 20 12:42:42.0509 5836 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0509 5836 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 Bentley SELECT Server Gateway ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 Bentley SELECT Server Gateway ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 dsunidrv ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 dsunidrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0525 5836 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0525 5836 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 sp_rssrv ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 sp_rssrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 SRTSPL ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 SRTSPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0540 5836 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0540 5836 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0556 5836 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0556 5836 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:42:42.0556 5836 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user 12:42:42.0556 5836 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:44:36.0359 2120 Deinitialize success -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
12:39:42.0640 5844 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe 12:39:42.0640 5844 C:\Windows\explorer.exe - ok 12:39:42.0640 5844 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll 12:39:42.0640 5844 C:\Windows\System32\localspl.dll - ok 12:39:42.0656 5844 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll 12:39:42.0656 5844 C:\Windows\System32\sfc.dll - ok 12:39:42.0656 5844 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll 12:39:42.0656 5844 C:\Windows\System32\TSChannel.dll - ok 12:39:42.0656 5844 [ 22DC912B075F4D335EEF042F50FE4855 ] C:\Windows\System32\AdobePDF.dll 12:39:42.0656 5844 C:\Windows\System32\AdobePDF.dll - ok 12:39:42.0671 5844 [ 9CBE089DAD91F83843CFCA7E019927EF ] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll 12:39:42.0671 5844 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll - ok 12:39:42.0671 5844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe 12:39:42.0671 5844 C:\Program Files\Google\Update\GoogleUpdate.exe - ok 12:39:42.0687 5844 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\Windows\System32\mdimon.dll 12:39:42.0687 5844 C:\Windows\System32\mdimon.dll - ok 12:39:42.0687 5844 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll 12:39:42.0687 5844 C:\Windows\System32\shdocvw.dll - ok 12:39:42.0702 5844 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll 12:39:42.0702 5844 C:\Windows\System32\HotStartUserAgent.dll - ok 12:39:42.0702 5844 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll 12:39:42.0702 5844 C:\Windows\System32\mscoree.dll - ok 12:39:42.0718 5844 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll 12:39:42.0718 5844 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok 12:39:42.0718 5844 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll 12:39:42.0718 5844 C:\Windows\System32\PlaySndSrv.dll - ok 12:39:42.0718 5844 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll 12:39:42.0718 5844 C:\Windows\System32\MsCtfMonitor.dll - ok 12:39:42.0734 5844 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll 12:39:42.0734 5844 C:\Windows\System32\msi.dll - ok 12:39:42.0734 5844 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll 12:39:42.0734 5844 C:\Windows\System32\browseui.dll - ok 12:39:42.0749 5844 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll 12:39:42.0749 5844 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok 12:39:42.0749 5844 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll 12:39:42.0749 5844 C:\Windows\System32\msutb.dll - ok 12:39:42.0749 5844 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll 12:39:42.0749 5844 C:\Windows\System32\TMM.dll - ok 12:39:42.0765 5844 [ F28ADCF2E9B3574F25089A69B03DC756 ] C:\Windows\System32\AcSignIcon.dll 12:39:42.0765 5844 C:\Windows\System32\AcSignIcon.dll - ok 12:39:42.0765 5844 [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll 12:39:42.0765 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok 12:39:42.0780 5844 [ 773E0B3E52D00AAE61AAAD1DD87FEBEF ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll 12:39:42.0780 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok 12:39:42.0780 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll 12:39:42.0780 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok 12:39:42.0780 5844 [ 686B224B4987C22B153FBB545FEE9657 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll 12:39:42.0780 5844 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll - ok 12:39:42.0796 5844 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll 12:39:42.0796 5844 C:\Windows\System32\d3d9.dll - ok 12:39:42.0796 5844 [ 9090454E6772F7CFBCE240BF4DC5F7E8 ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll 12:39:42.0796 5844 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80ENU.dll - ok 12:39:42.0812 5844 [ 6D74290856347CF8682277A54B433D4B ] C:\Users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll 12:39:42.0812 5844 C:\Users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok 12:39:42.0812 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcp71.dll 12:39:42.0812 5844 C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok 12:39:42.0827 5844 [ D3B05D063A0929BFCA6C6D7FE2F3129C ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll 12:39:42.0827 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok 12:39:42.0827 5844 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll 12:39:42.0827 5844 C:\Windows\System32\cscapi.dll - ok 12:39:42.0827 5844 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll 12:39:42.0827 5844 C:\Windows\System32\dwmredir.dll - ok 12:39:42.0843 5844 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll 12:39:42.0843 5844 C:\Windows\System32\milcore.dll - ok 12:39:42.0843 5844 [ 6FE5C4B61EC85D746ADFA9FFF8C2AC58 ] C:\Windows\System32\HPZ3LLHN.DLL 12:39:42.0843 5844 C:\Windows\System32\HPZ3LLHN.DLL - ok 12:39:42.0858 5844 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll 12:39:42.0858 5844 C:\Windows\System32\d3d8thk.dll - ok 12:39:42.0858 5844 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL 12:39:42.0858 5844 C:\Windows\System32\QAGENT.DLL - ok 12:39:42.0858 5844 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL 12:39:42.0858 5844 C:\Windows\System32\QUTIL.DLL - ok 12:39:42.0874 5844 [ AF238673651EFC0226EA74239B502A6F ] C:\Windows\System32\pdf995mon.dll 12:39:42.0874 5844 C:\Windows\System32\pdf995mon.dll - ok 12:39:42.0874 5844 [ 82FC59A500AA685F833E61E3A1BB7DAF ] C:\Windows\System32\nvd3dum.dll 12:39:42.0874 5844 C:\Windows\System32\nvd3dum.dll - ok 12:39:42.0890 5844 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\Windows\System32\msonpmon.dll 12:39:42.0890 5844 C:\Windows\System32\msonpmon.dll - ok 12:39:42.0890 5844 [ 0483F6206AF4D038DC0DA776B1E22070 ] C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6dfd059\mscorlib.dll 12:39:42.0890 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6dfd059\mscorlib.dll - ok 12:39:42.0905 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcr71.dll 12:39:42.0905 5844 C:\Users\Mario\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok 12:39:42.0905 5844 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll 12:39:42.0905 5844 C:\Windows\System32\tcpmon.dll - ok 12:39:42.0905 5844 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll 12:39:42.0905 5844 C:\Windows\System32\EhStorShell.dll - ok 12:39:42.0921 5844 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll 12:39:42.0921 5844 C:\Windows\System32\snmpapi.dll - ok 12:39:42.0921 5844 [ 91BE165519A0A0523A98B9E1F5031CAC ] C:\Program Files\Google\Drive\googledrivesync32.dll 12:39:42.0921 5844 C:\Program Files\Google\Drive\googledrivesync32.dll - ok 12:39:42.0936 5844 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll 12:39:42.0936 5844 C:\Windows\System32\wsnmp32.dll - ok 12:39:42.0936 5844 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll 12:39:42.0936 5844 C:\Windows\System32\msxml6.dll - ok 12:39:42.0936 5844 [ 515383A387685564CA99542739D48E55 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll 12:39:42.0936 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok 12:39:42.0952 5844 [ 0716C52D0A75F8A3CDB120875F523A43 ] C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll 12:39:42.0952 5844 C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - ok 12:39:42.0952 5844 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll 12:39:42.0952 5844 C:\Windows\System32\tcpmib.dll - ok 12:39:42.0968 5844 [ 2F1C8714F66F3F0DDCB6D5A16F8CB32E ] C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll 12:39:42.0968 5844 C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - ok 12:39:42.0968 5844 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll 12:39:42.0968 5844 C:\Windows\System32\mgmtapi.dll - ok 12:39:42.0968 5844 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll 12:39:42.0968 5844 C:\Windows\System32\uDWM.dll - ok 12:39:42.0983 5844 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll 12:39:42.0983 5844 C:\Windows\System32\usbmon.dll - ok 12:39:42.0983 5844 [ 408416EB4F50DAB83625481C0B4E6692 ] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll 12:39:42.0983 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll - ok 12:39:42.0999 5844 [ 6DE5C66E434A9C1729575763D891C6C2 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcp90.dll 12:39:42.0999 5844 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcp90.dll - ok 12:39:42.0999 5844 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll 12:39:42.0999 5844 C:\Windows\System32\WSDMon.dll - ok 12:39:42.0999 5844 [ 5AFAB23E1A41B7B361B9FE20A5AC5C6F ] C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e0084a03\System.dll 12:39:42.0999 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e0084a03\System.dll - ok 12:39:43.0014 5844 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll 12:39:43.0014 5844 C:\Windows\System32\WSDApi.dll - ok 12:39:43.0014 5844 [ D9011D2091C6B037A5075C27A470188C ] C:\Windows\System32\httpapi.dll 12:39:43.0014 5844 C:\Windows\System32\httpapi.dll - ok 12:39:43.0030 5844 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll 12:39:43.0030 5844 C:\Windows\System32\cfgmgr32.dll - ok 12:39:43.0030 5844 [ AAAE543C535ED596ECAD2AB8761C2C6F ] C:\Windows\System32\dxgi.dll 12:39:43.0030 5844 C:\Windows\System32\dxgi.dll - ok 12:39:43.0030 5844 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll 12:39:43.0030 5844 C:\Windows\System32\fundisc.dll - ok 12:39:43.0046 5844 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll 12:39:43.0046 5844 C:\Windows\System32\msxml3.dll - ok 12:39:43.0046 5844 [ E7D91D008FE76423962B91C43C88E4EB ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcr90.dll 12:39:43.0046 5844 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcr90.dll - ok 12:39:43.0061 5844 [ 801DECF3A583C270E5C398FCD082E3DD ] C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL 12:39:43.0061 5844 C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL - ok 12:39:43.0061 5844 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 12:39:43.0061 5844 C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - ok 12:39:43.0061 5844 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll 12:39:43.0061 5844 C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll - ok 12:39:43.0077 5844 [ F348280907B38FDBDB3CEF55D456E149 ] C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll 12:39:43.0077 5844 C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll - ok 12:39:43.0077 5844 [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll 12:39:43.0077 5844 C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll - ok 12:39:43.0092 5844 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files\Microsoft Office\Office12\GrooveNew.dll 12:39:43.0092 5844 C:\Program Files\Microsoft Office\Office12\GrooveNew.dll - ok 12:39:43.0092 5844 [ 3E9A33113D663D8BD5ED38858E669652 ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll 12:39:43.0092 5844 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll - ok 12:39:43.0108 5844 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll 12:39:43.0108 5844 C:\Windows\System32\imageres.dll - ok 12:39:43.0108 5844 [ 28BD81378C1D1B267E66827B628114DD ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll 12:39:43.0108 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok 12:39:43.0108 5844 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll 12:39:43.0108 5844 C:\Windows\System32\win32spl.dll - ok 12:39:43.0124 5844 [ 8EF51657459A18090C95C04ACD5D83B2 ] C:\Windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll 12:39:43.0124 5844 C:\Windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - ok 12:39:43.0124 5844 [ 33128A1A1E0AB2F17EBD19A03BECE04C ] C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Common.dll 12:39:43.0124 5844 C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Common.dll - ok 12:39:43.0139 5844 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe 12:39:43.0139 5844 C:\Program Files\Bonjour\mDNSResponder.exe - ok 12:39:43.0139 5844 [ E4C96FF933C3AFE0C355F0382A99D752 ] C:\Program Files\Bentley\SELECTserver\Bentley.logging.dll 12:39:43.0139 5844 C:\Program Files\Bentley\SELECTserver\Bentley.logging.dll - ok 12:39:43.0155 5844 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll 12:39:43.0155 5844 C:\Windows\System32\netrap.dll - ok 12:39:43.0155 5844 [ 7AB63B775A5F61A3E5FF0A84FCBB2025 ] C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Database.Shared.dll 12:39:43.0155 5844 C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.Database.Shared.dll - ok 12:39:43.0155 5844 [ 1896E7F1F4B41BDD08C6A90058026BBC ] C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Configuration.dll 12:39:43.0155 5844 C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Configuration.dll - ok 12:39:43.0170 5844 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll 12:39:43.0170 5844 C:\Windows\System32\printcom.dll - ok 12:39:43.0170 5844 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll 12:39:43.0170 5844 C:\Windows\System32\SensApi.dll - ok 12:39:43.0186 5844 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll 12:39:43.0186 5844 C:\Windows\System32\vssapi.dll - ok 12:39:43.0186 5844 [ A713CA5E01700C06B7E0BB21D57AED9D ] C:\Program Files\Bentley\SELECTserver\Bentley.logging.log4net.dll 12:39:43.0186 5844 C:\Program Files\Bentley\SELECTserver\Bentley.logging.log4net.dll - ok 12:39:43.0202 5844 [ F432260E59AAE3284ED7E795264C16D0 ] C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 12:39:43.0202 5844 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe - ok 12:39:43.0202 5844 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll 12:39:43.0202 5844 C:\Windows\System32\inetpp.dll - ok 12:39:43.0217 5844 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll 12:39:43.0217 5844 C:\Windows\System32\vsstrace.dll - ok 12:39:43.0233 5844 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll 12:39:43.0233 5844 C:\Windows\System32\cryptnet.dll - ok 12:39:43.0233 5844 [ 1A60302F6153B4A11B0510642333239C ] C:\Windows\System32\vpnapi.dll 12:39:43.0233 5844 C:\Windows\System32\vpnapi.dll - ok 12:39:43.0248 5844 [ 992B1994668D8FB07EEBF610F41FEB0B ] C:\Windows\System32\msvcirt.dll 12:39:43.0248 5844 C:\Windows\System32\msvcirt.dll - ok 12:39:43.0248 5844 [ 2310A32BB0164552A311BFA02102A3D6 ] C:\Windows\System32\msvcp60.dll 12:39:43.0248 5844 C:\Windows\System32\msvcp60.dll - ok 12:39:43.0248 5844 [ C1561312448395907CBFC0A2D9B98C62 ] C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll 12:39:43.0248 5844 C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - ok 12:39:43.0264 5844 [ EF24642D5FB52A1EEF56DE9E47CBB993 ] C:\Windows\System32\mfc42.dll 12:39:43.0264 5844 C:\Windows\System32\mfc42.dll - ok 12:39:43.0264 5844 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll 12:39:43.0264 5844 C:\Windows\System32\odbc32.dll - ok 12:39:43.0280 5844 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll 12:39:43.0280 5844 C:\Windows\System32\odbcint.dll - ok 12:39:43.0280 5844 [ A5205B3AF85B1477AB2C2A1E12201598 ] C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll 12:39:43.0280 5844 C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - ok 12:39:43.0295 5844 [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] C:\Windows\System32\drivers\CVPNDRVA.sys 12:39:43.0295 5844 C:\Windows\System32\drivers\CVPNDRVA.sys - ok 12:39:43.0295 5844 [ FB937277E87F8468603F4E2D8CF9DB4A ] C:\Program Files\Symantec AntiVirus\DefWatch.exe 12:39:43.0295 5844 C:\Program Files\Symantec AntiVirus\DefWatch.exe - ok 12:39:43.0311 5844 [ C65A4DCA1B69D95407D77C86A32CC7C9 ] C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_379cfb60\System.Xml.dll 12:39:43.0311 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_379cfb60\System.Xml.dll - ok 12:39:43.0311 5844 [ 7DF281B808B9EEE4761B2BABEA0D9995 ] C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll 12:39:43.0311 5844 C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll - ok 12:39:43.0326 5844 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll 12:39:43.0326 5844 C:\Windows\System32\taskschd.dll - ok 12:39:43.0326 5844 [ 64FA28C15DD71A80BEF3527E1EF07DF6 ] C:\Program Files\DellSupport\Drivers\dsunidrv.sys 12:39:43.0326 5844 C:\Program Files\DellSupport\Drivers\dsunidrv.sys - ok 12:39:43.0326 5844 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll 12:39:43.0326 5844 C:\Windows\System32\wdscore.dll - ok 12:39:43.0342 5844 [ 0BCEE844A02747DD7F1E30352E619F2E ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 12:39:43.0342 5844 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok 12:39:43.0342 5844 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll 12:39:43.0342 5844 C:\Windows\System32\ncsi.dll - ok 12:39:43.0358 5844 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll 12:39:43.0358 5844 C:\Windows\System32\ssdpapi.dll - ok 12:39:43.0358 5844 [ 1171C834C5E6515765684C6938B609A1 ] C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe 12:39:43.0358 5844 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe - ok 12:39:43.0373 5844 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys 12:39:43.0373 5844 C:\Windows\System32\drivers\PEAuth.sys - ok 12:39:43.0373 5844 [ 6F640DC052CF77161A23E29261593793 ] C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll 12:39:43.0373 5844 C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - ok 12:39:43.0373 5844 [ F6204F0756157E47DAAA68BA1FBC7586 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll 12:39:43.0373 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll - ok 12:39:43.0389 5844 [ 51DB25324454E812195A5D1E4454BA9E ] C:\Program Files\Bentley\SELECTserver\Bentley.License.Library.NET.dll 12:39:43.0389 5844 C:\Program Files\Bentley\SELECTserver\Bentley.License.Library.NET.dll - ok 12:39:43.0389 5844 [ 236B31C60D401F1AB428CA14D808DC95 ] C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll 12:39:43.0389 5844 C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll - ok 12:39:43.0404 5844 [ D35233B57EA2E6AE67F65E114A967389 ] C:\Program Files\Bentley\SELECTserver\Bentley.liclib.dll 12:39:43.0404 5844 C:\Program Files\Bentley\SELECTserver\Bentley.liclib.dll - ok 12:39:43.0404 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Bentley\SELECTserver\msvcp71.dll 12:39:43.0404 5844 C:\Program Files\Bentley\SELECTserver\msvcp71.dll - ok 12:39:43.0420 5844 [ 99EB84256BFA43C3A2A32341EDB8189E ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe 12:39:43.0420 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe - ok 12:39:43.0420 5844 [ 0AF6AAA54F74F48049C8D042D67600C0 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll 12:39:43.0420 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll - ok 12:39:43.0420 5844 [ 24BB2810506502DAF47E956103A2FCE0 ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\alink.dll 12:39:43.0420 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\alink.dll - ok 12:39:43.0436 5844 [ 5C9D79CCBD4B1869EE331B35157EAB9F ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll 12:39:43.0436 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll - ok 12:39:43.0436 5844 [ DF695E9850F66CCCC70659975184DF2A ] C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll 12:39:43.0436 5844 C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - ok 12:39:43.0451 5844 [ 3AF693F9315CEA0AB54BD0D3B23D3027 ] C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cf894e71\System.Drawing.dll 12:39:43.0451 5844 C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cf894e71\System.Drawing.dll - ok 12:39:43.0451 5844 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll 12:39:43.0451 5844 C:\Windows\System32\IconCodecService.dll - ok 12:39:43.0467 5844 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll 12:39:43.0467 5844 C:\Windows\System32\esent.dll - ok 12:39:43.0467 5844 [ 4B32BF2B3DCC76AB97DF96B33302F0F5 ] C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll 12:39:43.0467 5844 C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - ok 12:39:43.0482 5844 [ AD91F75D7387043986DF5E5CA39C4266 ] C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll 12:39:43.0482 5844 C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll - ok 12:39:43.0482 5844 [ 4CCC82B2EE8ED6D744CC635325B18EDA ] C:\Windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe 12:39:43.0482 5844 C:\Windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe - ok 12:39:43.0498 5844 [ E43FBF47A18621AA0B6FB350E3026060 ] C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.LicenseManager.dll 12:39:43.0498 5844 C:\Program Files\Bentley\SELECTserver\Bin\Bentley.SelectServer.LicenseManager.dll - ok 12:39:43.0498 5844 [ 2D981B8CBD48D9E76C9CE58DF0D17DA2 ] C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll 12:39:43.0498 5844 C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll - ok 12:39:43.0514 5844 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe 12:39:43.0514 5844 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok 12:39:43.0514 5844 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys 12:39:43.0514 5844 C:\Windows\System32\drivers\fastfat.sys - ok 12:39:43.0514 5844 [ 4E87EF38A053F02E454935C8440EC91A ] C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe 12:39:43.0514 5844 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe - ok 12:39:43.0529 5844 [ D202BAA425176287017FFE1FB5D1B77C ] C:\Program Files\PostgreSQL\8.3\bin\libintl3.dll 12:39:43.0529 5844 C:\Program Files\PostgreSQL\8.3\bin\libintl3.dll - ok 12:39:43.0529 5844 [ 331F570AA7C20BC93DEB7B237B21CC9C ] C:\Program Files\PostgreSQL\8.3\bin\libiconv2.dll 12:39:43.0529 5844 C:\Program Files\PostgreSQL\8.3\bin\libiconv2.dll - ok 12:39:43.0545 5844 [ 4DAF88FE7A8CC7C8B0A8E4CF9355237B ] C:\Program Files\PostgreSQL\8.3\bin\libpq.dll 12:39:43.0545 5844 C:\Program Files\PostgreSQL\8.3\bin\libpq.dll - ok 12:39:43.0545 5844 [ 19174858C208FABFA5C79013D0E406CD ] C:\Program Files\PostgreSQL\8.3\bin\ssleay32.dll 12:39:43.0545 5844 C:\Program Files\PostgreSQL\8.3\bin\ssleay32.dll - ok 12:39:43.0560 5844 [ 29B0D8A99C2BD0B6D5093FACE4E5F52C ] C:\Program Files\PostgreSQL\8.3\bin\libeay32.dll 12:39:43.0560 5844 C:\Program Files\PostgreSQL\8.3\bin\libeay32.dll - ok 12:39:43.0560 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\PostgreSQL\8.3\bin\msvcr71.dll 12:39:43.0560 5844 C:\Program Files\PostgreSQL\8.3\bin\msvcr71.dll - ok 12:39:43.0560 5844 [ 249C1B8608B8C73DAC8E6AD7912B1271 ] C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll 12:39:43.0560 5844 C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll - ok 12:39:43.0576 5844 [ D2B96B34A34A9D2E3903C3A978F26857 ] C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll 12:39:43.0576 5844 C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll - ok 12:39:43.0576 5844 [ E8F42B0DC3CA94EED0E87E29FC788D21 ] C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll 12:39:43.0576 5844 C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll - ok 12:39:43.0576 5844 [ A1C71790ABF6B7EF920138C5942316AF ] C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll 12:39:43.0576 5844 C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll - ok 12:39:43.0592 5844 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL 12:39:43.0654 5844 C:\Windows\System32\IPSECSVC.DLL - ok 12:39:43.0670 5844 [ B0F7B0AE267A27747596F8E23465C938 ] C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 12:39:43.0670 5844 C:\Program Files\PostgreSQL\8.3\bin\postgres.exe - ok 12:39:43.0670 5844 [ 096D5E5683819F0D3B3F93428597A29C ] C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll 12:39:43.0670 5844 C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll - ok 12:39:43.0685 5844 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 12:39:43.0685 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe - ok 12:39:43.0685 5844 [ F6C66188DEF298E2C3827AF6FB2C0637 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll 12:39:43.0685 5844 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll - ok 12:39:43.0701 5844 [ 73AF5773BF5627FE771BF6809EC839F9 ] C:\Program Files\PostgreSQL\8.3\bin\iconv.dll 12:39:43.0701 5844 C:\Program Files\PostgreSQL\8.3\bin\iconv.dll - ok 12:39:43.0701 5844 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll 12:39:43.0701 5844 C:\Windows\System32\FwRemoteSvr.dll - ok 12:39:43.0716 5844 [ 3C03DB6F66C9792C9B6E30473E847CA2 ] C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll 12:39:43.0716 5844 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll - ok 12:39:43.0716 5844 [ 80E41408F6D641DC1C0F5353A0CC8125 ] C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll 12:39:43.0716 5844 C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll - ok 12:39:43.0732 5844 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll 12:39:43.0732 5844 C:\Windows\System32\mstask.dll - ok 12:39:43.0732 5844 [ 7609C14BB34922001C005668BB306A43 ] C:\Program Files\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll 12:39:43.0732 5844 C:\Program Files\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll - ok 12:39:43.0748 5844 [ 5FCE5B36991DBAA99DA9E9C62D8E60AC ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll 12:39:43.0748 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll - ok 12:39:43.0748 5844 [ 1BAC818025403333C11817DAFBCEE283 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll 12:39:43.0748 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll - ok 12:39:43.0748 5844 [ C7C30B24C8C57078654BA9574CE70E3D ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll 12:39:43.0748 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll - ok 12:39:43.0763 5844 [ 41857DA3EA7A2568E1AAE8FEDC8D8939 ] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll 12:39:43.0763 5844 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll - ok 12:39:43.0763 5844 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\Windows\System32\msxml4.dll 12:39:43.0763 5844 C:\Windows\System32\msxml4.dll - ok 12:39:43.0779 5844 [ D610CDEDF1F702EB0A86B0FBD9BB49E5 ] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 12:39:43.0779 5844 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - ok 12:39:43.0779 5844 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys 12:39:43.0779 5844 C:\Windows\System32\drivers\secdrv.sys - ok 12:39:43.0794 5844 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files\Skype\Updater\Updater.exe 12:39:43.0794 5844 C:\Program Files\Skype\Updater\Updater.exe - ok 12:39:43.0794 5844 [ 777115C9CC675BD98127660712D2F784 ] C:\Program Files\Dell Support Center\bin\sprtsvc.exe 12:39:43.0794 5844 C:\Program Files\Dell Support Center\bin\sprtsvc.exe - ok 12:39:43.0794 5844 [ 07B74B353CEDA9629092AE2AA3C53F90 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll 12:39:43.0794 5844 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok 12:39:43.0810 5844 [ 8E8D1251C52DE0256C076CAAA79AF327 ] C:\Program Files\Dell Support Center\bin\sprtsched.dll 12:39:43.0810 5844 C:\Program Files\Dell Support Center\bin\sprtsched.dll - ok 12:39:43.0810 5844 [ AA21CF891D0D8248ECA1E9BA201ACBEF ] C:\Program Files\Spyware Terminator\sp_rsser.exe 12:39:43.0810 5844 C:\Program Files\Spyware Terminator\sp_rsser.exe - ok 12:39:43.0826 5844 [ 0AB6629467D8F073B762FCA1D416BF2D ] C:\Program Files\Dell Support Center\bin\sprtfod.dll 12:39:43.0826 5844 C:\Program Files\Dell Support Center\bin\sprtfod.dll - ok 12:39:43.0826 5844 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll 12:39:43.0826 5844 C:\Windows\System32\shfolder.dll - ok 12:39:43.0826 5844 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll 12:39:43.0826 5844 C:\Windows\System32\wiatrace.dll - ok 12:39:43.0841 5844 [ 27DF2E313052DB2270972AD7CB15C8DB ] C:\Program Files\Dell Support Center\bin\sprtsync.dll 12:39:43.0841 5844 C:\Program Files\Dell Support Center\bin\sprtsync.dll - ok 12:39:43.0841 5844 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll 12:39:43.0841 5844 C:\Windows\System32\wsdchngr.dll - ok 12:39:43.0841 5844 [ E4D3F600CFF1E76950ABB0D790F2A1EF ] C:\Program Files\Dell Support Center\bin\sprtupdate.dll 12:39:43.0841 5844 C:\Program Files\Dell Support Center\bin\sprtupdate.dll - ok 12:39:43.0857 5844 [ 716CCAD4089663248F1D98B1FE3BB234 ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll 12:39:43.0857 5844 C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok 12:39:43.0857 5844 [ F5F08BF486998EFA8171CB09065B15D9 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll 12:39:43.0857 5844 C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok 12:39:43.0872 5844 [ 5C5209B04B1942A534259C2AB7BB1EEA ] C:\Program Files\Dell Support Center\bin\libeay32.dll 12:39:43.0872 5844 C:\Program Files\Dell Support Center\bin\libeay32.dll - ok 12:39:43.0872 5844 [ A548ACF535D81A96E1B38F76A2DE658F ] C:\Program Files\Symantec AntiVirus\Rtvscan.exe 12:39:43.0872 5844 C:\Program Files\Symantec AntiVirus\Rtvscan.exe - ok 12:39:43.0888 5844 [ AAB386DA22268B3F4B1B98B77D324126 ] C:\Windows\System32\cba.dll 12:39:43.0888 5844 C:\Windows\System32\cba.dll - ok 12:39:43.0904 5844 [ E045C58E45895065CC2763239460ECDB ] C:\Windows\System32\msgsys.dll 12:39:43.0904 5844 C:\Windows\System32\msgsys.dll - ok 12:39:43.0904 5844 [ 2E7B56837CDE8B1A875DF870E5200A2F ] C:\Windows\System32\nts.dll 12:39:43.0904 5844 C:\Windows\System32\nts.dll - ok 12:39:43.0904 5844 [ 1A58834E9C2AECCB3BD2A5801A9CDFE9 ] C:\Windows\System32\pds.dll 12:39:43.0904 5844 C:\Windows\System32\pds.dll - ok 12:39:43.0919 5844 [ 94B9215E224B555AC47839C9BCD39137 ] C:\Program Files\Symantec AntiVirus\NAVLU.dll 12:39:43.0919 5844 C:\Program Files\Symantec AntiVirus\NAVLU.dll - ok 12:39:43.0919 5844 [ 900A9D261859EC999C9C7243410C3203 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll 12:39:43.0919 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\HomeUtils9.dll - ok 12:39:43.0935 5844 [ 743E556A998074ED7EEB99CA495B2E5D ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll 12:39:43.0935 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll - ok 12:39:43.0935 5844 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Windows\System32\mfc71.dll 12:39:43.0935 5844 C:\Windows\System32\mfc71.dll - ok 12:39:43.0950 5844 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\System32\MFC71ENU.DLL 12:39:43.0950 5844 C:\Windows\System32\MFC71ENU.DLL - ok 12:39:43.0950 5844 [ 608C345A255D82A6289C2D468EB41FD7 ] C:\Windows\System32\drivers\tcpipreg.sys 12:39:43.0950 5844 C:\Windows\System32\drivers\tcpipreg.sys - ok 12:39:43.0950 5844 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll 12:39:43.0950 5844 C:\Windows\System32\msiltcfg.dll - ok 12:39:43.0966 5844 [ 300B4847E1157BDD7A306B18ED65A97E ] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 12:39:43.0966 5844 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe - ok 12:39:43.0966 5844 [ 138AB06ADBBF300AA804D7974A5AEC82 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe 12:39:43.0966 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe - ok 12:39:43.0982 5844 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll 12:39:43.0982 5844 C:\Windows\System32\icaapi.dll - ok 12:39:43.0982 5844 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll 12:39:43.0982 5844 C:\Windows\System32\sfc_os.dll - ok 12:39:43.0997 5844 [ 38FEAF71F0DACC4DBE3DF9EF347BEA60 ] C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL 12:39:43.0997 5844 C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL - ok 12:39:43.0997 5844 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll 12:39:43.0997 5844 C:\Windows\System32\wbem\wbemprox.dll - ok 12:39:43.0997 5844 [ 3C84FCA13C4EB607478A45F2D7E16DB3 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll 12:39:43.0997 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll - ok 12:39:44.0013 5844 [ 4E289C24E5BEB5FF9CF5B118AB96FDB0 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 12:39:44.0013 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok 12:39:44.0013 5844 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll 12:39:44.0013 5844 C:\Windows\System32\wbemcomn.dll - ok 12:39:44.0028 5844 [ DCA3FA9F9DD103DC39C24C85EF073DB1 ] C:\Windows\System32\icmp.dll 12:39:44.0028 5844 C:\Windows\System32\icmp.dll - ok 12:39:44.0028 5844 [ 143A247AB424D2AB25A94189D10484AA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll 12:39:44.0028 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll - ok 12:39:44.0044 5844 [ 48F7A3E0B70C815A5AE88BF7736103A9 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll 12:39:44.0044 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll - ok 12:39:44.0044 5844 [ F2533BD06936D2A9D9F4FD41CAEAA6E5 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll 12:39:44.0044 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll - ok 12:39:44.0044 5844 [ 3787A4BC97CE6C630F4B581425223D96 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll 12:39:44.0044 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok 12:39:44.0075 5844 [ E74AEDF39F5C7FA9F6C1FDCCBD7C648D ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\MemeoRemoteCore.dll 12:39:44.0075 5844 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\MemeoRemoteCore.dll - ok 12:39:44.0075 5844 [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll 12:39:44.0075 5844 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok 12:39:44.0091 5844 [ 9E248A8415937ED62DBDE943E6373049 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll 12:39:44.0091 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll - ok 12:39:44.0091 5844 [ A3A77A46B71724DDB609E289F430F38C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll 12:39:44.0091 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll - ok 12:39:44.0106 5844 [ A3DA2901494298675BA64C331CC3E815 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll 12:39:44.0106 5844 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll - ok 12:39:44.0106 5844 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll 12:39:44.0106 5844 C:\Windows\System32\wbem\WinMgmtR.dll - ok 12:39:44.0106 5844 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll 12:39:44.0106 5844 C:\Windows\System32\PortableDeviceApi.dll - ok 12:39:44.0122 5844 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll 12:39:44.0122 5844 C:\Windows\System32\PortableDeviceConnectApi.dll - ok 12:39:44.0122 5844 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll 12:39:44.0122 5844 C:\Windows\System32\tquery.dll - ok 12:39:44.0138 5844 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll 12:39:44.0138 5844 C:\Windows\System32\mssrch.dll - ok 12:39:44.0138 5844 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll 12:39:44.0138 5844 C:\Windows\System32\msidle.dll - ok 12:39:44.0153 5844 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll 12:39:44.0153 5844 C:\Windows\System32\netprofm.dll - ok 12:39:44.0153 5844 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll 12:39:44.0153 5844 C:\Windows\System32\Query.dll - ok 12:39:44.0169 5844 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll 12:39:44.0169 5844 C:\Windows\System32\npmproxy.dll - ok 12:39:44.0169 5844 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll 12:39:44.0169 5844 C:\Windows\System32\sqmapi.dll - ok 12:39:44.0169 5844 [ BF2156D8D9866983B55D95382131DC4A ] C:\Windows\System32\lsmproxy.dll 12:39:44.0169 5844 C:\Windows\System32\lsmproxy.dll - ok 12:39:44.0184 5844 [ F21F255B91CA4F04E4250DECD2067CBB ] C:\Windows\System32\bitsperf.dll 12:39:44.0184 5844 C:\Windows\System32\bitsperf.dll - ok 12:39:44.0184 5844 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll 12:39:44.0184 5844 C:\Windows\System32\pcadm.dll - ok 12:39:44.0200 5844 [ 632557F2495931D952161465AA177B3B ] C:\Windows\System32\bitsigd.dll 12:39:44.0200 5844 C:\Windows\System32\bitsigd.dll - ok 12:39:44.0200 5844 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll 12:39:44.0200 5844 C:\Windows\System32\diagperf.dll - ok 12:39:44.0216 5844 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll 12:39:44.0216 5844 C:\Windows\System32\mssprxy.dll - ok 12:39:44.0216 5844 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui 12:39:44.0216 5844 C:\Windows\System32\en-US\tquery.dll.mui - ok 12:39:44.0231 5844 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll 12:39:44.0231 5844 C:\Windows\System32\msscb.dll - ok 12:39:44.0231 5844 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll 12:39:44.0231 5844 C:\Windows\System32\netcfgx.dll - ok 12:39:44.0231 5844 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll 12:39:44.0231 5844 C:\Windows\System32\rastapi.dll - ok 12:39:44.0247 5844 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll 12:39:44.0247 5844 C:\Windows\System32\upnp.dll - ok 12:39:44.0247 5844 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll 12:39:44.0247 5844 C:\Windows\System32\hnetcfg.dll - ok 12:39:44.0247 5844 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll 12:39:44.0247 5844 C:\Windows\System32\pnpts.dll - ok 12:39:44.0262 5844 [ B96B60EC821F86D445C9739A0F3DED59 ] C:\Windows\System32\unimdm.tsp 12:39:44.0262 5844 C:\Windows\System32\unimdm.tsp - ok 12:39:44.0262 5844 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll 12:39:44.0262 5844 C:\Windows\System32\wbem\wbemcore.dll - ok 12:39:44.0278 5844 [ DFBAADF1B624DC71E88D34D86B3595BE ] C:\Windows\System32\uniplat.dll 12:39:44.0278 5844 C:\Windows\System32\uniplat.dll - ok 12:39:44.0278 5844 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll 12:39:44.0278 5844 C:\Windows\System32\wbem\esscli.dll - ok 12:39:44.0294 5844 [ 953193A9DEA40348C1086D171F6440AE ] C:\Windows\System32\kmddsp.tsp 12:39:44.0294 5844 C:\Windows\System32\kmddsp.tsp - ok 12:39:44.0294 5844 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll 12:39:44.0294 5844 C:\Windows\System32\wbem\fastprox.dll - ok 12:39:44.0309 5844 [ 2F6776ACEFE41EE889C464EA407918F2 ] C:\Windows\System32\ndptsp.tsp 12:39:44.0309 5844 C:\Windows\System32\ndptsp.tsp - ok 12:39:44.0325 5844 [ B4B59AC042EE3733A862F26CBC0B17FC ] C:\Windows\System32\hidphone.tsp 12:39:44.0325 5844 C:\Windows\System32\hidphone.tsp - ok 12:39:44.0325 5844 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll 12:39:44.0325 5844 C:\Windows\System32\wbem\wbemsvc.dll - ok 12:39:44.0325 5844 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll 12:39:44.0325 5844 C:\Windows\System32\wbem\wmiutils.dll - ok 12:39:44.0340 5844 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll 12:39:44.0340 5844 C:\Windows\System32\wbem\repdrvfs.dll - ok 12:39:44.0340 5844 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll 12:39:44.0340 5844 C:\Windows\System32\rasppp.dll - ok 12:39:44.0356 5844 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll 12:39:44.0356 5844 C:\Windows\System32\mprapi.dll - ok 12:39:44.0356 5844 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe 12:39:44.0356 5844 C:\Windows\System32\runonce.exe - ok 12:39:44.0356 5844 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll 12:39:44.0356 5844 C:\Windows\System32\rasqec.dll - ok 12:39:44.0372 5844 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll 12:39:44.0372 5844 C:\Windows\System32\raschap.dll - ok 12:39:44.0372 5844 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll 12:39:44.0372 5844 C:\Windows\System32\rastls.dll - ok 12:39:44.0372 5844 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll 12:39:44.0372 5844 C:\Windows\System32\cryptui.dll - ok 12:39:44.0387 5844 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll 12:39:44.0387 5844 C:\Windows\System32\wbem\WmiPrvSD.dll - ok 12:39:44.0387 5844 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe 12:39:44.0387 5844 C:\Windows\System32\cmd.exe - ok 12:39:44.0403 5844 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll 12:39:44.0403 5844 C:\Windows\System32\wbem\wbemess.dll - ok 12:39:44.0403 5844 [ 10F13FFF542FEC4A2C4FA734EEBE56B9 ] C:\Windows\System32\qmgrprxy.dll 12:39:44.0403 5844 C:\Windows\System32\qmgrprxy.dll - ok 12:39:44.0418 5844 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\System32\ieframe.dll 12:39:44.0418 5844 C:\Windows\System32\ieframe.dll - ok 12:39:44.0418 5844 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll 12:39:44.0418 5844 C:\Windows\System32\wbem\NCProv.dll - ok 12:39:44.0434 5844 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe 12:39:44.0434 5844 C:\Windows\System32\wbem\WmiPrvSE.exe - ok 12:39:44.0434 5844 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll 12:39:44.0434 5844 C:\Windows\System32\wbem\wbemcons.dll - ok 12:39:44.0450 5844 [ A9206960C92F5377E453EA4F32AB3346 ] C:\Program Files\Common Files\Symantec Shared\SSC\ScsComms.dll 12:39:44.0450 5844 C:\Program Files\Common Files\Symantec Shared\SSC\ScsComms.dll - ok 12:39:44.0450 5844 [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll 12:39:44.0450 5844 C:\Windows\System32\wbem\cimwin32.dll - ok 12:39:44.0465 5844 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll 12:39:44.0465 5844 C:\Windows\System32\framedynos.dll - ok 12:39:44.0465 5844 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll 12:39:44.0465 5844 C:\Windows\System32\wmi.dll - ok 12:39:44.0465 5844 [ 24422E879BAEA2B69C9B131548D16888 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll 12:39:44.0465 5844 C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok 12:39:44.0481 5844 [ 4386CD92BA73C860AB0F8CC62434B2EA ] C:\Program Files\Symantec AntiVirus\I2ldvp3.dll 12:39:44.0481 5844 C:\Program Files\Symantec AntiVirus\I2ldvp3.dll - ok 12:39:44.0481 5844 [ ABAC02B5FE10D703251374C6FB187B83 ] C:\Program Files\Common Files\Symantec Shared\ccDec.dll 12:39:44.0481 5844 C:\Program Files\Common Files\Symantec Shared\ccDec.dll - ok 12:39:44.0496 5844 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Mario\AppData\Local\Temp\DC1FF712-4F29-4892-BE9C-4EA429F07EB4.exe 12:39:44.0496 5844 C:\Users\Mario\AppData\Local\Temp\DC1FF712-4F29-4892-BE9C-4EA429F07EB4.exe - ok 12:39:44.0496 5844 [ AB2F99FC684EEB007CF048666C4CD7D8 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\DecSDK.dll 12:39:44.0496 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\DecSDK.dll - ok 12:39:44.0512 5844 [ 545446BA4583B471739AFFE9625F7D39 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll 12:39:44.0512 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll - ok 12:39:44.0512 5844 [ DCFD4B0B4654F6A070873C8C75A458DF ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll 12:39:44.0512 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll - ok 12:39:44.0528 5844 [ A0E10B03C91DA932C85875E0587F30C7 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll 12:39:44.0528 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll - ok 12:39:44.0528 5844 [ 33B3051F2A2BEF1474DCBD8879F62AAB ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll 12:39:44.0528 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll - ok 12:39:44.0543 5844 [ E58C5C07812E99FFCE7A9A88495C39CA ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll 12:39:44.0543 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll - ok 12:39:44.0543 5844 [ B1C720D4D4FE004625808915F8D85377 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll 12:39:44.0543 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll - ok 12:39:44.0543 5844 [ AADAF917CB38A78CFADBED3855EC00A3 ] C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll 12:39:44.0543 5844 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll - ok -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
12:39:13.0031 5844 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:39:13.0250 5844 tdx - ok 12:39:13.0312 5844 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 12:39:13.0343 5844 TermDD - ok 12:39:13.0437 5844 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 12:39:13.0593 5844 TermService - ok 12:39:13.0764 5844 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 12:39:13.0796 5844 Themes - ok 12:39:13.0842 5844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 12:39:13.0889 5844 THREADORDER - ok 12:39:13.0983 5844 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 12:39:14.0217 5844 TrkWks - ok 12:39:14.0513 5844 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:39:14.0638 5844 TrustedInstaller - ok 12:39:14.0700 5844 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:39:14.0763 5844 tssecsrv - ok 12:39:14.0919 5844 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 12:39:14.0981 5844 tunmp - ok 12:39:15.0246 5844 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:39:15.0340 5844 tunnel - ok 12:39:15.0387 5844 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 12:39:15.0418 5844 uagp35 - ok 12:39:15.0621 5844 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:39:16.0042 5844 udfs - ok 12:39:16.0104 5844 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:39:16.0245 5844 UI0Detect - ok 12:39:16.0338 5844 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:39:16.0370 5844 uliagpkx - ok 12:39:16.0494 5844 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 12:39:16.0806 5844 uliahci - ok 12:39:16.0869 5844 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 12:39:16.0962 5844 UlSata - ok 12:39:17.0025 5844 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 12:39:17.0072 5844 ulsata2 - ok 12:39:17.0134 5844 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 12:39:17.0196 5844 umbus - ok 12:39:17.0290 5844 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys 12:39:17.0352 5844 UMPass - ok 12:39:17.0462 5844 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 12:39:17.0540 5844 upnphost - ok 12:39:17.0680 5844 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 12:39:17.0820 5844 USBAAPL - ok 12:39:17.0930 5844 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:39:18.0023 5844 usbccgp - ok 12:39:18.0132 5844 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:39:18.0351 5844 usbcir - ok 12:39:18.0491 5844 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 12:39:18.0600 5844 usbehci - ok 12:39:18.0694 5844 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:39:18.0741 5844 usbhub - ok 12:39:18.0803 5844 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:39:18.0897 5844 usbohci - ok 12:39:18.0959 5844 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:39:19.0037 5844 usbprint - ok 12:39:19.0162 5844 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:39:19.0209 5844 USBSTOR - ok 12:39:19.0349 5844 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 12:39:19.0380 5844 usbuhci - ok 12:39:19.0505 5844 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 12:39:19.0536 5844 UxSms - ok 12:39:19.0724 5844 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 12:39:19.0848 5844 vds - ok 12:39:19.0942 5844 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:39:20.0020 5844 vga - ok 12:39:20.0160 5844 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 12:39:20.0254 5844 VgaSave - ok 12:39:20.0332 5844 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys 12:39:20.0348 5844 viaagp - ok 12:39:20.0488 5844 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 12:39:20.0691 5844 ViaC7 - ok 12:39:20.0753 5844 [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide C:\Windows\system32\drivers\viaide.sys 12:39:20.0784 5844 viaide - ok 12:39:20.0878 5844 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:39:20.0909 5844 volmgr - ok 12:39:21.0159 5844 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:39:21.0299 5844 volmgrx - ok 12:39:21.0424 5844 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:39:21.0455 5844 volsnap - ok 12:39:21.0549 5844 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 12:39:21.0674 5844 vsmraid - ok 12:39:22.0485 5844 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 12:39:22.0750 5844 VSS - ok 12:39:22.0812 5844 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 12:39:22.0859 5844 W32Time - ok 12:39:22.0906 5844 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 12:39:23.0000 5844 WacomPen - ok 12:39:23.0062 5844 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 12:39:23.0202 5844 Wanarp - ok 12:39:23.0234 5844 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:39:23.0265 5844 Wanarpv6 - ok 12:39:23.0530 5844 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:39:23.0561 5844 wcncsvc - ok 12:39:23.0655 5844 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:39:23.0702 5844 WcsPlugInService - ok 12:39:23.0889 5844 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 12:39:23.0936 5844 Wd - ok 12:39:23.0982 5844 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys 12:39:24.0107 5844 WDC_SAM - ok 12:39:24.0294 5844 [ 300B4847E1157BDD7A306B18ED65A97E ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 12:39:24.0341 5844 WDDMService ( UnsignedFile.Multi.Generic ) - warning 12:39:24.0341 5844 WDDMService - detected UnsignedFile.Multi.Generic (1) 12:39:24.0591 5844 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:39:24.0669 5844 Wdf01000 - ok 12:39:24.0731 5844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:39:24.0794 5844 WdiServiceHost - ok 12:39:24.0809 5844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:39:24.0840 5844 WdiSystemHost - ok 12:39:25.0277 5844 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe 12:39:25.0324 5844 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning 12:39:25.0324 5844 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1) 12:39:25.0386 5844 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 12:39:25.0433 5844 WebClient - ok 12:39:25.0574 5844 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:39:25.0652 5844 Wecsvc - ok 12:39:25.0730 5844 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:39:25.0776 5844 wercplsupport - ok 12:39:25.0948 5844 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 12:39:26.0010 5844 WerSvc - ok 12:39:26.0338 5844 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 12:39:26.0369 5844 WinDefend - ok 12:39:26.0369 5844 WinHttpAutoProxySvc - ok 12:39:26.0775 5844 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:39:26.0806 5844 Winmgmt - ok 12:39:27.0274 5844 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 12:39:27.0399 5844 WinRM - ok 12:39:27.0680 5844 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 12:39:27.0804 5844 Wlansvc - ok 12:39:28.0007 5844 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:39:28.0210 5844 WmiAcpi - ok 12:39:28.0319 5844 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:39:28.0413 5844 wmiApSrv - ok 12:39:28.0787 5844 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 12:39:28.0943 5844 WMPNetworkSvc - ok 12:39:29.0037 5844 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:39:29.0115 5844 WPCSvc - ok 12:39:29.0162 5844 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:39:29.0349 5844 WPDBusEnum - ok 12:39:29.0474 5844 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 12:39:29.0520 5844 WpdUsb - ok 12:39:30.0238 5844 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 12:39:30.0550 5844 WPFFontCache_v0400 - ok 12:39:30.0612 5844 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:39:30.0706 5844 ws2ifsl - ok 12:39:30.0800 5844 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 12:39:30.0831 5844 wscsvc - ok 12:39:30.0831 5844 WSearch - ok 12:39:31.0283 5844 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 12:39:31.0626 5844 wuauserv - ok 12:39:31.0876 5844 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:39:32.0094 5844 WudfPf - ok 12:39:32.0188 5844 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:39:32.0297 5844 WUDFRd - ok 12:39:32.0406 5844 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:39:32.0484 5844 wudfsvc - ok 12:39:32.0484 5844 ================ Scan global =============================== 12:39:32.0640 5844 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 12:39:32.0781 5844 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 12:39:32.0921 5844 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 12:39:33.0062 5844 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 12:39:33.0108 5844 [Global] - ok 12:39:33.0108 5844 ================ Scan MBR ================================== 12:39:33.0171 5844 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 12:39:39.0239 5844 \Device\Harddisk0\DR0 - ok 12:39:39.0255 5844 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1 12:39:39.0458 5844 \Device\Harddisk1\DR1 - ok 12:39:39.0458 5844 ================ Scan VBR ================================== 12:39:39.0489 5844 [ AA10A8A29399887039B811387402C3A5 ] \Device\Harddisk0\DR0\Partition1 12:39:39.0504 5844 \Device\Harddisk0\DR0\Partition1 - ok 12:39:39.0536 5844 [ 62ABD247F3BA0E5274CB6FB0F132001B ] \Device\Harddisk0\DR0\Partition2 12:39:39.0536 5844 \Device\Harddisk0\DR0\Partition2 - ok 12:39:39.0551 5844 [ F500ABC5DFBC21AA0DCF08B88777E65B ] \Device\Harddisk1\DR1\Partition1 12:39:39.0551 5844 \Device\Harddisk1\DR1\Partition1 - ok 12:39:39.0551 5844 ================ Scan active images ======================== 12:39:39.0551 5844 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys 12:39:39.0551 5844 C:\Windows\System32\drivers\crashdmp.sys - ok 12:39:39.0567 5844 [ E9F704CA833BD24BFAA3B4A59707633A ] C:\Windows\System32\drivers\iaStor.sys 12:39:39.0567 5844 C:\Windows\System32\drivers\iaStor.sys - ok 12:39:39.0567 5844 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys 12:39:39.0567 5844 C:\Windows\System32\drivers\tunnel.sys - ok 12:39:39.0582 5844 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS 12:39:39.0582 5844 C:\Windows\System32\drivers\TUNMP.SYS - ok 12:39:39.0582 5844 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys 12:39:39.0582 5844 C:\Windows\System32\drivers\intelppm.sys - ok 12:39:39.0582 5844 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] C:\Windows\System32\drivers\nvlddmkm.sys 12:39:39.0582 5844 C:\Windows\System32\drivers\nvlddmkm.sys - ok 12:39:39.0598 5844 [ 5D41063463FC5D4C34B45FCD8487A29F ] C:\Windows\System32\drivers\nvBridge.kmd 12:39:39.0598 5844 C:\Windows\System32\drivers\nvBridge.kmd - ok 12:39:39.0598 5844 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys 12:39:39.0598 5844 C:\Windows\System32\drivers\dxgkrnl.sys - ok 12:39:39.0598 5844 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys 12:39:39.0598 5844 C:\Windows\System32\drivers\watchdog.sys - ok 12:39:39.0614 5844 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] C:\Windows\System32\drivers\e1e6032.sys 12:39:39.0614 5844 C:\Windows\System32\drivers\e1e6032.sys - ok 12:39:39.0614 5844 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys 12:39:39.0614 5844 C:\Windows\System32\drivers\usbport.sys - ok 12:39:39.0629 5844 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys 12:39:39.0629 5844 C:\Windows\System32\drivers\usbuhci.sys - ok 12:39:39.0629 5844 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys 12:39:39.0629 5844 C:\Windows\System32\drivers\usbehci.sys - ok 12:39:39.0629 5844 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys 12:39:39.0629 5844 C:\Windows\System32\drivers\hdaudbus.sys - ok 12:39:39.0645 5844 [ 5230CDB7E715F3A3B4A882E254CDD35D ] C:\Windows\System32\drivers\DLACDBHM.SYS 12:39:39.0645 5844 C:\Windows\System32\drivers\DLACDBHM.SYS - ok 12:39:39.0645 5844 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys 12:39:39.0645 5844 C:\Windows\System32\drivers\cdrom.sys - ok 12:39:39.0660 5844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\Windows\System32\drivers\GEARAspiWDM.sys 12:39:39.0660 5844 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok 12:39:39.0660 5844 [ 7B4FDFBE97C047175E613AA96F3DE987 ] C:\Windows\System32\drivers\dne2000.sys 12:39:39.0660 5844 C:\Windows\System32\drivers\dne2000.sys - ok 12:39:39.0676 5844 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys 12:39:39.0676 5844 C:\Windows\System32\drivers\Storport.sys - ok 12:39:39.0676 5844 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys 12:39:39.0676 5844 C:\Windows\System32\drivers\msiscsi.sys - ok 12:39:39.0676 5844 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys 12:39:39.0676 5844 C:\Windows\System32\drivers\rasl2tp.sys - ok 12:39:39.0692 5844 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys 12:39:39.0692 5844 C:\Windows\System32\drivers\tdi.sys - ok 12:39:39.0692 5844 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys 12:39:39.0692 5844 C:\Windows\System32\drivers\ndistapi.sys - ok 12:39:39.0707 5844 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys 12:39:39.0707 5844 C:\Windows\System32\drivers\ndiswan.sys - ok 12:39:39.0707 5844 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys 12:39:39.0707 5844 C:\Windows\System32\drivers\raspppoe.sys - ok 12:39:39.0707 5844 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys 12:39:39.0707 5844 C:\Windows\System32\drivers\raspptp.sys - ok 12:39:39.0723 5844 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys 12:39:39.0723 5844 C:\Windows\System32\drivers\rassstp.sys - ok 12:39:39.0723 5844 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys 12:39:39.0723 5844 C:\Windows\System32\drivers\kbdclass.sys - ok 12:39:39.0738 5844 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys 12:39:39.0738 5844 C:\Windows\System32\drivers\termdd.sys - ok 12:39:39.0738 5844 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys 12:39:39.0738 5844 C:\Windows\System32\drivers\mouclass.sys - ok 12:39:39.0754 5844 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys 12:39:39.0754 5844 C:\Windows\System32\drivers\ks.sys - ok 12:39:39.0754 5844 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys 12:39:39.0754 5844 C:\Windows\System32\drivers\swenum.sys - ok 12:39:39.0754 5844 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys 12:39:39.0754 5844 C:\Windows\System32\drivers\mssmbios.sys - ok 12:39:39.0770 5844 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys 12:39:39.0770 5844 C:\Windows\System32\drivers\umbus.sys - ok 12:39:39.0770 5844 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys 12:39:39.0770 5844 C:\Windows\System32\drivers\usbhub.sys - ok 12:39:39.0785 5844 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys 12:39:39.0785 5844 C:\Windows\System32\drivers\ndproxy.sys - ok 12:39:39.0785 5844 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys 12:39:39.0785 5844 C:\Windows\System32\drivers\drmk.sys - ok 12:39:39.0785 5844 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys 12:39:39.0785 5844 C:\Windows\System32\drivers\portcls.sys - ok 12:39:39.0801 5844 [ 9CEA131B5EB0EA653F6B3EA80B54956D ] C:\Windows\System32\drivers\stwrt.sys 12:39:39.0801 5844 C:\Windows\System32\drivers\stwrt.sys - ok 12:39:39.0801 5844 [ 1B2A1C6BC76E1EBE8BC2F4A4F3D43E23 ] C:\Windows\System32\drivers\srtsp.sys 12:39:39.0801 5844 C:\Windows\System32\drivers\srtsp.sys - ok 12:39:39.0816 5844 [ D02812F89E18C6FB32F901BE1E10BC17 ] C:\Windows\System32\drivers\srtspx.sys 12:39:39.0816 5844 C:\Windows\System32\drivers\srtspx.sys - ok 12:39:39.0816 5844 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys 12:39:39.0816 5844 C:\Windows\System32\drivers\usbccgp.sys - ok 12:39:39.0832 5844 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys 12:39:39.0832 5844 C:\Windows\System32\drivers\usbd.sys - ok 12:39:39.0832 5844 [ 826F699B69E88A3920C70F344DD42D88 ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS 12:39:39.0832 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS - ok 12:39:39.0832 5844 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys 12:39:39.0832 5844 C:\Windows\System32\drivers\hidclass.sys - ok 12:39:39.0848 5844 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys 12:39:39.0848 5844 C:\Windows\System32\drivers\hidparse.sys - ok 12:39:39.0848 5844 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys 12:39:39.0848 5844 C:\Windows\System32\drivers\hidusb.sys - ok 12:39:39.0863 5844 [ 9D98270B5F10A4C84E8DA417C30756E1 ] C:\Windows\System32\drivers\SYMEVENT.SYS 12:39:39.0863 5844 C:\Windows\System32\drivers\SYMEVENT.SYS - ok 12:39:39.0863 5844 [ 8E4C77AD9BB279900C00F870CC0C674B ] C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS 12:39:39.0863 5844 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS - ok 12:39:39.0863 5844 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys 12:39:39.0863 5844 C:\Windows\System32\drivers\kbdhid.sys - ok 12:39:39.0879 5844 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys 12:39:39.0879 5844 C:\Windows\System32\drivers\mouhid.sys - ok 12:39:39.0879 5844 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys 12:39:39.0879 5844 C:\Windows\System32\drivers\fs_rec.sys - ok 12:39:39.0894 5844 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys 12:39:39.0894 5844 C:\Windows\System32\drivers\null.sys - ok 12:39:39.0894 5844 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys 12:39:39.0894 5844 C:\Windows\System32\drivers\beep.sys - ok 12:39:39.0894 5844 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] C:\Windows\System32\drivers\DLARTL_M.SYS 12:39:39.0894 5844 C:\Windows\System32\drivers\DLARTL_M.SYS - ok 12:39:39.0910 5844 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys 12:39:39.0910 5844 C:\Windows\System32\drivers\vga.sys - ok 12:39:39.0910 5844 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys 12:39:39.0910 5844 C:\Windows\System32\drivers\videoprt.sys - ok 12:39:39.0926 5844 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys 12:39:39.0926 5844 C:\Windows\System32\drivers\RDPCDD.sys - ok 12:39:39.0926 5844 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys 12:39:39.0926 5844 C:\Windows\System32\drivers\RDPENCDD.sys - ok 12:39:39.0941 5844 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys 12:39:39.0941 5844 C:\Windows\System32\drivers\msfs.sys - ok 12:39:39.0941 5844 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys 12:39:39.0941 5844 C:\Windows\System32\drivers\npfs.sys - ok 12:39:39.0941 5844 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys 12:39:39.0941 5844 C:\Windows\System32\drivers\rasacd.sys - ok 12:39:39.0957 5844 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys 12:39:39.0957 5844 C:\Windows\System32\drivers\tdx.sys - ok 12:39:39.0957 5844 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys 12:39:39.0957 5844 C:\Windows\System32\drivers\smb.sys - ok 12:39:39.0972 5844 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys 12:39:39.0972 5844 C:\Windows\System32\drivers\afd.sys - ok 12:39:39.0972 5844 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys 12:39:39.0972 5844 C:\Windows\System32\drivers\netbt.sys - ok 12:39:39.0972 5844 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys 12:39:39.0988 5844 C:\Windows\System32\drivers\pacer.sys - ok 12:39:39.0988 5844 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys 12:39:39.0988 5844 C:\Windows\System32\drivers\netbios.sys - ok 12:39:39.0988 5844 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys 12:39:39.0988 5844 C:\Windows\System32\drivers\wanarp.sys - ok 12:39:40.0004 5844 [ 2F03CBDB0F22278D05D5D616C993AB58 ] C:\Windows\System32\drivers\symtdi.sys 12:39:40.0004 5844 C:\Windows\System32\drivers\symtdi.sys - ok 12:39:40.0004 5844 [ 8831252BCF05FCFB5ABD116A22E552D8 ] C:\Windows\System32\drivers\sp_rsdrv2.sys 12:39:40.0004 5844 C:\Windows\System32\drivers\sp_rsdrv2.sys - ok 12:39:40.0019 5844 [ 905782BCF15B6E5AF9905B77923C7FA2 ] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 12:39:40.0019 5844 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys - ok 12:39:40.0019 5844 [ 16B1ABE7F3E35F21DAC57592B6C5D464 ] C:\Windows\System32\drivers\scdemu.sys 12:39:40.0019 5844 C:\Windows\System32\drivers\scdemu.sys - ok 12:39:40.0035 5844 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys 12:39:40.0035 5844 C:\Windows\System32\drivers\rdbss.sys - ok 12:39:40.0035 5844 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys 12:39:40.0035 5844 C:\Windows\System32\drivers\nsiproxy.sys - ok 12:39:40.0050 5844 [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 12:39:40.0050 5844 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok 12:39:40.0050 5844 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 12:39:40.0050 5844 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok 12:39:40.0066 5844 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys 12:39:40.0066 5844 C:\Windows\System32\drivers\dfsc.sys - ok 12:39:40.0066 5844 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe 12:39:40.0066 5844 C:\Windows\System32\smss.exe - ok 12:39:40.0066 5844 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll 12:39:40.0066 5844 C:\Windows\System32\ntdll.dll - ok 12:39:40.0082 5844 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe 12:39:40.0082 5844 C:\Windows\System32\autochk.exe - ok 12:39:40.0082 5844 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll 12:39:40.0082 5844 C:\Windows\System32\shlwapi.dll - ok 12:39:40.0097 5844 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll 12:39:40.0097 5844 C:\Windows\System32\user32.dll - ok 12:39:40.0097 5844 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll 12:39:40.0097 5844 C:\Windows\System32\comdlg32.dll - ok 12:39:40.0113 5844 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\System32\wininet.dll 12:39:40.0113 5844 C:\Windows\System32\wininet.dll - ok 12:39:40.0113 5844 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll 12:39:40.0113 5844 C:\Windows\System32\setupapi.dll - ok 12:39:40.0128 5844 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll 12:39:40.0128 5844 C:\Windows\System32\usp10.dll - ok 12:39:40.0128 5844 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll 12:39:40.0128 5844 C:\Windows\System32\ole32.dll - ok 12:39:40.0144 5844 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll 12:39:40.0144 5844 C:\Windows\System32\nsi.dll - ok 12:39:40.0144 5844 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll 12:39:40.0144 5844 C:\Windows\System32\Wldap32.dll - ok 12:39:40.0160 5844 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll 12:39:40.0160 5844 C:\Windows\System32\rpcrt4.dll - ok 12:39:40.0160 5844 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll 12:39:40.0160 5844 C:\Windows\System32\imm32.dll - ok 12:39:40.0175 5844 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll 12:39:40.0175 5844 C:\Windows\System32\shell32.dll - ok 12:39:40.0175 5844 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll 12:39:40.0175 5844 C:\Windows\System32\oleaut32.dll - ok 12:39:40.0191 5844 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll 12:39:40.0191 5844 C:\Windows\System32\msvcrt.dll - ok 12:39:40.0191 5844 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll 12:39:40.0191 5844 C:\Windows\System32\clbcatq.dll - ok 12:39:40.0206 5844 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\System32\urlmon.dll 12:39:40.0206 5844 C:\Windows\System32\urlmon.dll - ok 12:39:40.0206 5844 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll 12:39:40.0206 5844 C:\Windows\System32\imagehlp.dll - ok 12:39:40.0206 5844 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll 12:39:40.0206 5844 C:\Windows\System32\lpk.dll - ok 12:39:40.0222 5844 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll 12:39:40.0222 5844 C:\Windows\System32\msctf.dll - ok 12:39:40.0222 5844 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll 12:39:40.0222 5844 C:\Windows\System32\gdi32.dll - ok 12:39:40.0238 5844 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\System32\iertutil.dll 12:39:40.0238 5844 C:\Windows\System32\iertutil.dll - ok 12:39:40.0238 5844 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll 12:39:40.0238 5844 C:\Windows\System32\normaliz.dll - ok 12:39:40.0238 5844 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll 12:39:40.0238 5844 C:\Windows\System32\advapi32.dll - ok 12:39:40.0253 5844 [ DC3105CC925A0D47F61B54E66AB730FC ] C:\Windows\System32\kernel32.dll 12:39:40.0253 5844 C:\Windows\System32\kernel32.dll - ok 12:39:40.0269 5844 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll 12:39:40.0269 5844 C:\Windows\System32\ws2_32.dll - ok 12:39:40.0269 5844 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll 12:39:40.0269 5844 C:\Windows\System32\comctl32.dll - ok 12:39:40.0269 5844 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll 12:39:40.0269 5844 C:\Windows\System32\psapi.dll - ok 12:39:40.0284 5844 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys 12:39:40.0284 5844 C:\Windows\System32\drivers\dxapi.sys - ok 12:39:40.0284 5844 [ F167606EC2C01D804FC72F8F84E73E19 ] C:\Windows\System32\win32k.sys 12:39:40.0284 5844 C:\Windows\System32\win32k.sys - ok 12:39:40.0300 5844 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe 12:39:40.0300 5844 C:\Windows\System32\csrss.exe - ok 12:39:40.0300 5844 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll 12:39:40.0300 5844 C:\Windows\System32\csrsrv.dll - ok 12:39:40.0316 5844 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll 12:39:40.0316 5844 C:\Windows\System32\basesrv.dll - ok 12:39:40.0316 5844 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll 12:39:40.0316 5844 C:\Windows\System32\winsrv.dll - ok 12:39:40.0316 5844 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys 12:39:40.0316 5844 C:\Windows\System32\drivers\monitor.sys - ok 12:39:40.0331 5844 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll 12:39:40.0331 5844 C:\Windows\System32\tsddd.dll - ok 12:39:40.0331 5844 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe 12:39:40.0331 5844 C:\Windows\System32\wininit.exe - ok 12:39:40.0347 5844 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll 12:39:40.0347 5844 C:\Windows\System32\userenv.dll - ok 12:39:40.0347 5844 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll 12:39:40.0347 5844 C:\Windows\System32\secur32.dll - ok 12:39:40.0347 5844 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL 12:39:40.0347 5844 C:\Windows\System32\KBDUS.DLL - ok 12:39:40.0362 5844 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll 12:39:40.0362 5844 C:\Windows\System32\cdd.dll - ok 12:39:40.0362 5844 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll 12:39:40.0362 5844 C:\Windows\System32\WlS0WndH.dll - ok 12:39:40.0362 5844 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll 12:39:40.0362 5844 C:\Windows\System32\apphelp.dll - ok 12:39:40.0378 5844 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe 12:39:40.0378 5844 C:\Windows\System32\services.exe - ok 12:39:40.0378 5844 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll 12:39:40.0378 5844 C:\Windows\System32\sxs.dll - ok 12:39:40.0394 5844 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe 12:39:40.0394 5844 C:\Windows\System32\winlogon.exe - ok 12:39:40.0394 5844 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll 12:39:40.0394 5844 C:\Windows\System32\winsta.dll - ok 12:39:40.0394 5844 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe 12:39:40.0394 5844 C:\Windows\System32\lsass.exe - ok 12:39:40.0409 5844 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll 12:39:40.0409 5844 C:\Windows\System32\scesrv.dll - ok 12:39:40.0409 5844 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll 12:39:40.0409 5844 C:\Windows\System32\authz.dll - ok 12:39:40.0425 5844 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll 12:39:40.0425 5844 C:\Windows\System32\lsasrv.dll - ok 12:39:40.0425 5844 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll 12:39:40.0425 5844 C:\Windows\System32\netapi32.dll - ok 12:39:40.0425 5844 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe 12:39:40.0425 5844 C:\Windows\System32\lsm.exe - ok 12:39:40.0440 5844 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll 12:39:40.0440 5844 C:\Windows\System32\sysntfy.dll - ok 12:39:40.0440 5844 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll 12:39:40.0440 5844 C:\Windows\System32\wmsgapi.dll - ok 12:39:40.0456 5844 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll 12:39:40.0456 5844 C:\Windows\System32\ncobjapi.dll - ok 12:39:40.0456 5844 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll 12:39:40.0456 5844 C:\Windows\System32\samsrv.dll - ok 12:39:40.0456 5844 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll 12:39:40.0456 5844 C:\Windows\System32\aelupsvc.dll - ok 12:39:40.0472 5844 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe 12:39:40.0472 5844 C:\Windows\System32\alg.exe - ok 12:39:40.0472 5844 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll 12:39:40.0472 5844 C:\Windows\System32\cryptdll.dll - ok 12:39:40.0487 5844 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll 12:39:40.0487 5844 C:\Windows\System32\appinfo.dll - ok 12:39:40.0487 5844 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll 12:39:40.0487 5844 C:\Windows\System32\audiosrv.dll - ok 12:39:40.0487 5844 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll 12:39:40.0487 5844 C:\Windows\System32\dnsapi.dll - ok 12:39:40.0503 5844 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll 12:39:40.0503 5844 C:\Windows\System32\samlib.dll - ok 12:39:40.0503 5844 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL 12:39:40.0503 5844 C:\Windows\System32\BFE.DLL - ok 12:39:40.0518 5844 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll 12:39:40.0518 5844 C:\Windows\System32\msasn1.dll - ok 12:39:40.0518 5844 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll 12:39:40.0518 5844 C:\Windows\System32\ntdsapi.dll - ok 12:39:40.0518 5844 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll 12:39:40.0518 5844 C:\Windows\System32\feclient.dll - ok 12:39:40.0534 5844 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll 12:39:40.0534 5844 C:\Windows\System32\qmgr.dll - ok 12:39:40.0534 5844 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll 12:39:40.0534 5844 C:\Windows\System32\mpr.dll - ok 12:39:40.0550 5844 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll 12:39:40.0550 5844 C:\Windows\System32\browser.dll - ok 12:39:40.0550 5844 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll 12:39:40.0550 5844 C:\Windows\System32\crypt32.dll - ok 12:39:40.0550 5844 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll 12:39:40.0550 5844 C:\Windows\System32\certprop.dll - ok 12:39:40.0565 5844 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll 12:39:40.0565 5844 C:\Windows\System32\comres.dll - ok 12:39:40.0565 5844 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll 12:39:40.0565 5844 C:\Windows\System32\SLC.dll - ok 12:39:40.0581 5844 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll 12:39:40.0581 5844 C:\Windows\System32\cryptsvc.dll - ok 12:39:40.0581 5844 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll 12:39:40.0581 5844 C:\Windows\System32\wevtapi.dll - ok 12:39:40.0581 5844 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll 12:39:40.0581 5844 C:\Windows\System32\dfsrres.dll - ok 12:39:40.0596 5844 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll 12:39:40.0596 5844 C:\Windows\System32\oleres.dll - ok 12:39:40.0596 5844 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll 12:39:40.0596 5844 C:\Windows\System32\dhcpcsvc.dll - ok 12:39:40.0612 5844 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL 12:39:40.0612 5844 C:\Windows\System32\IPHLPAPI.DLL - ok 12:39:40.0612 5844 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll 12:39:40.0612 5844 C:\Windows\System32\winnsi.dll - ok 12:39:40.0612 5844 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll 12:39:40.0612 5844 C:\Windows\System32\dhcpcsvc6.dll - ok 12:39:40.0628 5844 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll 12:39:40.0628 5844 C:\Windows\System32\cngaudit.dll - ok 12:39:40.0628 5844 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll 12:39:40.0628 5844 C:\Windows\System32\ncrypt.dll - ok 12:39:40.0643 5844 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll 12:39:40.0643 5844 C:\Windows\System32\bcrypt.dll - ok 12:39:40.0643 5844 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll 12:39:40.0643 5844 C:\Windows\System32\credssp.dll - ok 12:39:40.0643 5844 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll 12:39:40.0643 5844 C:\Windows\System32\dot3svc.dll - ok 12:39:40.0659 5844 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll 12:39:40.0659 5844 C:\Windows\System32\dps.dll - ok 12:39:40.0659 5844 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll 12:39:40.0659 5844 C:\Windows\System32\msprivs.dll - ok 12:39:40.0674 5844 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll 12:39:40.0674 5844 C:\Windows\System32\eapsvc.dll - ok 12:39:40.0674 5844 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll 12:39:40.0674 5844 C:\Windows\System32\emdmgmt.dll - ok 12:39:40.0690 5844 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll 12:39:40.0690 5844 C:\Windows\System32\kerberos.dll - ok 12:39:40.0690 5844 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll 12:39:40.0690 5844 C:\Windows\System32\wevtsvc.dll - ok 12:39:40.0690 5844 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll 12:39:40.0690 5844 C:\Windows\System32\wship6.dll - ok 12:39:40.0706 5844 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL 12:39:40.0706 5844 C:\Windows\System32\WSHTCPIP.DLL - ok 12:39:40.0706 5844 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll 12:39:40.0706 5844 C:\Windows\System32\fdPHost.dll - ok 12:39:40.0721 5844 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll 12:39:40.0721 5844 C:\Windows\System32\FDResPub.dll - ok 12:39:40.0721 5844 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll 12:39:40.0721 5844 C:\Windows\System32\wshqos.dll - ok 12:39:40.0737 5844 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll 12:39:40.0737 5844 C:\Windows\System32\nlasvc.dll - ok 12:39:40.0737 5844 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll 12:39:40.0737 5844 C:\Windows\System32\NapiNSP.dll - ok 12:39:40.0737 5844 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll 12:39:40.0737 5844 C:\Windows\System32\pnrpnsp.dll - ok 12:39:40.0752 5844 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll 12:39:40.0752 5844 C:\Windows\System32\FntCache.dll - ok 12:39:40.0752 5844 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll 12:39:40.0752 5844 C:\Windows\System32\mswsock.dll - ok 12:39:40.0768 5844 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll 12:39:40.0768 5844 C:\Windows\System32\msv1_0.dll - ok 12:39:40.0768 5844 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe 12:39:40.0768 5844 C:\Windows\System32\PresentationHost.exe - ok 12:39:40.0768 5844 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll 12:39:40.0768 5844 C:\Windows\System32\netlogon.dll - ok 12:39:40.0784 5844 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll 12:39:40.0784 5844 C:\Windows\System32\gpapi.dll - ok 12:39:40.0784 5844 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll 12:39:40.0784 5844 C:\Windows\System32\hidserv.dll - ok 12:39:40.0799 5844 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL 12:39:40.0799 5844 C:\Windows\System32\KMSVC.DLL - ok 12:39:40.0799 5844 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll 12:39:40.0799 5844 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok 12:39:40.0815 5844 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll 12:39:40.0815 5844 C:\Windows\System32\winbrand.dll - ok 12:39:40.0815 5844 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL 12:39:40.0815 5844 C:\Windows\System32\IKEEXT.DLL - ok 12:39:40.0830 5844 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll 12:39:40.0830 5844 C:\Windows\System32\IPBusEnum.dll - ok 12:39:40.0830 5844 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll 12:39:40.0830 5844 C:\Windows\System32\rascfg.dll - ok 12:39:40.0830 5844 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll 12:39:40.0830 5844 C:\Windows\System32\iphlpsvc.dll - ok 12:39:40.0846 5844 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll 12:39:40.0846 5844 C:\Windows\System32\schannel.dll - ok 12:39:40.0846 5844 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll 12:39:40.0846 5844 C:\Windows\System32\keyiso.dll - ok 12:39:40.0862 5844 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll 12:39:40.0862 5844 C:\Windows\System32\srvsvc.dll - ok 12:39:40.0862 5844 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll 12:39:40.0862 5844 C:\Windows\System32\lltdres.dll - ok 12:39:40.0862 5844 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll 12:39:40.0862 5844 C:\Windows\System32\wkssvc.dll - ok 12:39:40.0877 5844 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll 12:39:40.0877 5844 C:\Windows\System32\lmhsvc.dll - ok 12:39:40.0877 5844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll 12:39:40.0877 5844 C:\Windows\System32\mmcss.dll - ok 12:39:40.0893 5844 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll 12:39:40.0893 5844 C:\Windows\System32\FirewallAPI.dll - ok 12:39:40.0893 5844 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll 12:39:40.0893 5844 C:\Windows\System32\wdigest.dll - ok 12:39:40.0893 5844 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll 12:39:40.0893 5844 C:\Windows\System32\rsaenh.dll - ok 12:39:40.0908 5844 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll 12:39:40.0908 5844 C:\Windows\System32\TSpkg.dll - ok 12:39:40.0908 5844 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll 12:39:40.0908 5844 C:\Windows\System32\iscsidsc.dll - ok 12:39:40.0924 5844 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll 12:39:40.0924 5844 C:\Windows\System32\msimsg.dll - ok 12:39:40.0924 5844 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL 12:39:40.0924 5844 C:\Windows\System32\QAGENTRT.DLL - ok 12:39:40.0924 5844 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll 12:39:40.0924 5844 C:\Windows\System32\netman.dll - ok 12:39:40.0940 5844 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll 12:39:40.0940 5844 C:\Windows\System32\netprof.dll - ok 12:39:40.0940 5844 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll 12:39:40.0940 5844 C:\Windows\System32\nsisvc.dll - ok 12:39:40.0940 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll 12:39:40.0940 5844 C:\Windows\System32\p2psvc.dll - ok 12:39:40.0955 5844 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll 12:39:40.0955 5844 C:\Windows\System32\pcasvc.dll - ok 12:39:40.0955 5844 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll 12:39:40.0955 5844 C:\Windows\System32\pla.dll - ok 12:39:40.0971 5844 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll 12:39:40.0971 5844 C:\Windows\System32\umpnpmgr.dll - ok 12:39:40.0971 5844 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll 12:39:40.0971 5844 C:\Windows\System32\polstore.dll - ok 12:39:40.0971 5844 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll 12:39:40.0971 5844 C:\Windows\System32\profsvc.dll - ok 12:39:40.0986 5844 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll 12:39:40.0986 5844 C:\Windows\System32\psbase.dll - ok 12:39:40.0986 5844 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll 12:39:40.0986 5844 C:\Windows\System32\qwave.dll - ok 12:39:41.0002 5844 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys 12:39:41.0002 5844 C:\Windows\System32\drivers\qwavedrv.sys - ok 12:39:41.0002 5844 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll 12:39:41.0002 5844 C:\Windows\System32\rasauto.dll - ok 12:39:41.0002 5844 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll 12:39:41.0002 5844 C:\Windows\System32\rasmans.dll - ok 12:39:41.0018 5844 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll 12:39:41.0018 5844 C:\Windows\System32\sstpsvc.dll - ok 12:39:41.0018 5844 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll 12:39:41.0018 5844 C:\Windows\System32\mprdim.dll - ok 12:39:41.0033 5844 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll 12:39:41.0033 5844 C:\Windows\System32\regsvc.dll - ok 12:39:41.0033 5844 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe 12:39:41.0033 5844 C:\Windows\System32\Locator.exe - ok 12:39:41.0033 5844 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll 12:39:41.0033 5844 C:\Windows\System32\SCardSvr.dll - ok 12:39:41.0049 5844 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll 12:39:41.0049 5844 C:\Windows\System32\schedsvc.dll - ok 12:39:41.0049 5844 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll 12:39:41.0049 5844 C:\Windows\System32\sdrsvc.dll - ok 12:39:41.0064 5844 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll 12:39:41.0064 5844 C:\Windows\System32\seclogon.dll - ok 12:39:41.0064 5844 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll 12:39:41.0064 5844 C:\Windows\System32\Sens.dll - ok 12:39:41.0064 5844 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll 12:39:41.0064 5844 C:\Windows\System32\SessEnv.dll - ok 12:39:41.0080 5844 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll 12:39:41.0080 5844 C:\Windows\System32\ipnathlp.dll - ok 12:39:41.0080 5844 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll 12:39:41.0080 5844 C:\Windows\System32\shsvcs.dll - ok 12:39:41.0096 5844 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe 12:39:41.0096 5844 C:\Windows\System32\SLsvc.exe - ok 12:39:41.0096 5844 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll 12:39:41.0096 5844 C:\Windows\System32\SLUINotify.dll - ok 12:39:41.0096 5844 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll 12:39:41.0096 5844 C:\Windows\System32\tcpipcfg.dll - ok 12:39:41.0111 5844 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe 12:39:41.0111 5844 C:\Windows\System32\snmptrap.exe - ok 12:39:41.0111 5844 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe 12:39:41.0111 5844 C:\Windows\System32\spoolsv.exe - ok 12:39:41.0127 5844 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll 12:39:41.0127 5844 C:\Windows\System32\ssdpsrv.dll - ok 12:39:41.0127 5844 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll 12:39:41.0127 5844 C:\Windows\System32\wiaservc.dll - ok 12:39:41.0127 5844 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll 12:39:41.0127 5844 C:\Windows\System32\swprv.dll - ok 12:39:41.0142 5844 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll 12:39:41.0142 5844 C:\Windows\System32\sysmain.dll - ok 12:39:41.0142 5844 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll 12:39:41.0142 5844 C:\Windows\System32\TabSvc.dll - ok 12:39:41.0158 5844 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll 12:39:41.0158 5844 C:\Windows\System32\tapisrv.dll - ok 12:39:41.0158 5844 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll 12:39:41.0158 5844 C:\Windows\System32\tbssvc.dll - ok 12:39:41.0158 5844 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll 12:39:41.0158 5844 C:\Windows\System32\termsrv.dll - ok 12:39:41.0174 5844 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll 12:39:41.0174 5844 C:\Windows\System32\trkwks.dll - ok 12:39:41.0189 5844 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe 12:39:41.0189 5844 C:\Windows\servicing\TrustedInstaller.exe - ok 12:39:41.0189 5844 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe 12:39:41.0189 5844 C:\Windows\System32\UI0Detect.exe - ok 12:39:41.0189 5844 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll 12:39:41.0189 5844 C:\Windows\System32\upnphost.dll - ok 12:39:41.0205 5844 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe 12:39:41.0205 5844 C:\Windows\System32\dwm.exe - ok 12:39:41.0205 5844 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe 12:39:41.0205 5844 C:\Windows\System32\vds.exe - ok 12:39:41.0220 5844 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe 12:39:41.0220 5844 C:\Windows\System32\VSSVC.exe - ok 12:39:41.0220 5844 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll 12:39:41.0220 5844 C:\Windows\System32\w32time.dll - ok 12:39:41.0220 5844 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll 12:39:41.0220 5844 C:\Windows\System32\wcncsvc.dll - ok 12:39:41.0236 5844 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll 12:39:41.0236 5844 C:\Windows\System32\WcsPlugInService.dll - ok 12:39:41.0236 5844 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] C:\Windows\System32\drivers\Wdf01000.sys 12:39:41.0236 5844 C:\Windows\System32\drivers\Wdf01000.sys - ok 12:39:41.0252 5844 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll 12:39:41.0252 5844 C:\Windows\System32\wdi.dll - ok 12:39:41.0252 5844 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll 12:39:41.0252 5844 C:\Windows\System32\WebClnt.dll - ok 12:39:41.0252 5844 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll 12:39:41.0252 5844 C:\Windows\System32\wecsvc.dll - ok 12:39:41.0267 5844 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll 12:39:41.0267 5844 C:\Windows\System32\wercplsupport.dll - ok 12:39:41.0283 5844 [ 62DB790A860CDFC4278D2F03CC5675D8 ] C:\Program Files\Windows Defender\MsMpRes.dll 12:39:41.0283 5844 C:\Program Files\Windows Defender\MsMpRes.dll - ok 12:39:41.0283 5844 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll 12:39:41.0283 5844 C:\Windows\System32\wersvc.dll - ok 12:39:41.0283 5844 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll 12:39:41.0283 5844 C:\Windows\System32\winhttp.dll - ok 12:39:41.0298 5844 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll 12:39:41.0298 5844 C:\Windows\System32\wbem\WMIsvc.dll - ok 12:39:41.0298 5844 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll 12:39:41.0298 5844 C:\Windows\System32\WsmSvc.dll - ok 12:39:41.0314 5844 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll 12:39:41.0314 5844 C:\Windows\System32\wlansvc.dll - ok 12:39:41.0314 5844 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe 12:39:41.0314 5844 C:\Windows\System32\wbem\WmiApSrv.exe - ok 12:39:41.0314 5844 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe 12:39:41.0314 5844 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok 12:39:41.0330 5844 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll 12:39:41.0330 5844 C:\Windows\System32\wpcsvc.dll - ok 12:39:41.0330 5844 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll 12:39:41.0330 5844 C:\Windows\System32\wpdbusenum.dll - ok 12:39:41.0345 5844 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 12:39:41.0345 5844 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok 12:39:41.0345 5844 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll 12:39:41.0345 5844 C:\Windows\System32\wscsvc.dll - ok 12:39:41.0345 5844 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe 12:39:41.0345 5844 C:\Windows\System32\SearchIndexer.exe - ok 12:39:41.0361 5844 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll 12:39:41.0361 5844 C:\Windows\System32\wuaueng.dll - ok 12:39:41.0361 5844 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys 12:39:41.0361 5844 C:\Windows\System32\drivers\WUDFPf.sys - ok 12:39:41.0376 5844 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll 12:39:41.0376 5844 C:\Windows\System32\WUDFSvc.dll - ok 12:39:41.0376 5844 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll 12:39:41.0376 5844 C:\Windows\System32\scecli.dll - ok 12:39:41.0376 5844 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll 12:39:41.0376 5844 C:\Windows\System32\ntmarta.dll - ok 12:39:41.0392 5844 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe 12:39:41.0392 5844 C:\Windows\System32\svchost.exe - ok 12:39:41.0392 5844 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll 12:39:41.0392 5844 C:\Windows\System32\powrprof.dll - ok 12:39:41.0408 5844 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys 12:39:41.0408 5844 C:\Windows\System32\drivers\luafv.sys - ok 12:39:41.0408 5844 [ FFC371525AA55D1BAE18715EBCB8797C ] C:\Windows\System32\drivers\DRVNDDM.SYS 12:39:41.0408 5844 C:\Windows\System32\drivers\DRVNDDM.SYS - ok 12:39:41.0408 5844 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] C:\Windows\System32\DLA\DLADResM.SYS 12:39:41.0408 5844 C:\Windows\System32\DLA\DLADResM.SYS - ok 12:39:41.0423 5844 [ 24400137E387A24410C52A591F3CFB4D ] C:\Windows\System32\DLA\DLAIFS_M.SYS 12:39:41.0423 5844 C:\Windows\System32\DLA\DLAIFS_M.SYS - ok 12:39:41.0423 5844 [ 29A303FECEB28641ECEBDAE89EB71C63 ] C:\Windows\System32\DLA\DLAOPIOM.SYS 12:39:41.0423 5844 C:\Windows\System32\DLA\DLAOPIOM.SYS - ok 12:39:41.0439 5844 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] C:\Windows\System32\DLA\DLAPoolM.SYS 12:39:41.0454 5844 C:\Windows\System32\DLA\DLAPoolM.SYS - ok 12:39:41.0470 5844 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] C:\Windows\System32\nvvsvc.exe 12:39:41.0470 5844 C:\Windows\System32\nvvsvc.exe - ok 12:39:41.0470 5844 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll 12:39:41.0470 5844 C:\Windows\System32\wtsapi32.dll - ok 12:39:41.0486 5844 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll 12:39:41.0486 5844 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok 12:39:41.0486 5844 [ F0359F7CE712D69ACEF0886BDB4792ED ] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 12:39:41.0486 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok 12:39:41.0486 5844 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll 12:39:41.0486 5844 C:\Windows\System32\version.dll - ok 12:39:41.0501 5844 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv 12:39:41.0501 5844 C:\Windows\System32\winspool.drv - ok 12:39:41.0501 5844 [ 0C0D2C6E4921B5DB345E067647A5A91B ] C:\Windows\System32\atmfd.dll 12:39:41.0501 5844 C:\Windows\System32\atmfd.dll - ok 12:39:41.0517 5844 [ 145E7826A07D98628924A9B06F6273AB ] C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll 12:39:41.0517 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvstres.dll - ok 12:39:41.0517 5844 [ 7AD857422AFA068A39A4B4BBF7FCC49C ] C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll 12:39:41.0517 5844 C:\Program Files\NVIDIA Corporation\3D Vision\nvwl.dll - ok 12:39:41.0532 5844 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll 12:39:41.0532 5844 C:\Windows\System32\wintrust.dll - ok 12:39:41.0532 5844 [ A53723176D0002FEB486EFF8E17812F2 ] C:\Windows\System32\DLA\DLABMFSM.SYS 12:39:41.0532 5844 C:\Windows\System32\DLA\DLABMFSM.SYS - ok 12:39:41.0532 5844 [ D4587063ACEA776699251E177D719586 ] C:\Windows\System32\DLA\DLABOIOM.SYS 12:39:41.0532 5844 C:\Windows\System32\DLA\DLABOIOM.SYS - ok 12:39:41.0548 5844 [ B953498C35A31E5AC98F49ADBCF3E627 ] C:\Windows\System32\DLA\DLAUDFAM.SYS 12:39:41.0548 5844 C:\Windows\System32\DLA\DLAUDFAM.SYS - ok 12:39:41.0548 5844 [ 4897704C093C1F59CE58FC65E1E1EF1E ] C:\Windows\System32\DLA\DLAUDF_M.SYS 12:39:41.0548 5844 C:\Windows\System32\DLA\DLAUDF_M.SYS - ok 12:39:41.0564 5844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll 12:39:41.0564 5844 C:\Windows\System32\rpcss.dll - ok 12:39:41.0564 5844 [ 4575AA12561C5648483403541D0D7F2B ] C:\Program Files\Windows Defender\MpSvc.dll 12:39:41.0564 5844 C:\Program Files\Windows Defender\MpSvc.dll - ok 12:39:41.0579 5844 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe 12:39:41.0579 5844 C:\Windows\System32\LogonUI.exe - ok 12:39:41.0579 5844 [ 1BD363738B672A394EBE3B8A78EAB9D3 ] C:\Program Files\Windows Defender\MpClient.dll 12:39:41.0579 5844 C:\Program Files\Windows Defender\MpClient.dll - ok 12:39:41.0579 5844 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll 12:39:41.0579 5844 C:\Windows\System32\authui.dll - ok 12:39:41.0595 5844 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll 12:39:41.0595 5844 C:\Windows\System32\msimg32.dll - ok 12:39:41.0595 5844 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll 12:39:41.0595 5844 C:\Windows\System32\cabinet.dll - ok 12:39:41.0610 5844 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll 12:39:41.0610 5844 C:\Windows\System32\uxtheme.dll - ok 12:39:41.0610 5844 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll 12:39:41.0610 5844 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok 12:39:41.0626 5844 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll 12:39:41.0626 5844 C:\Windows\System32\duser.dll - ok 12:39:41.0626 5844 [ DA887F28054D78EE8637BEBB924A2DB5 ] C:\Windows\System32\slwga.dll 12:39:41.0626 5844 C:\Windows\System32\slwga.dll - ok 12:39:41.0642 5844 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll 12:39:41.0642 5844 C:\Windows\System32\xmllite.dll - ok 12:39:41.0642 5844 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll 12:39:41.0642 5844 C:\Windows\System32\p2pcollab.dll - ok 12:39:41.0657 5844 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll 12:39:41.0657 5844 C:\Windows\System32\SmartcardCredentialProvider.dll - ok 12:39:41.0657 5844 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll 12:39:41.0657 5844 C:\Windows\System32\rasplap.dll - ok 12:39:41.0657 5844 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll 12:39:41.0657 5844 C:\Windows\System32\rasapi32.dll - ok 12:39:41.0673 5844 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll 12:39:41.0673 5844 C:\Windows\System32\rasman.dll - ok 12:39:41.0673 5844 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll 12:39:41.0673 5844 C:\Windows\System32\rtutils.dll - ok 12:39:41.0673 5844 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll 12:39:41.0688 5844 C:\Windows\System32\tapi32.dll - ok 12:39:41.0688 5844 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll 12:39:41.0688 5844 C:\Windows\System32\winmm.dll - ok 12:39:41.0688 5844 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll 12:39:41.0688 5844 C:\Windows\System32\oleacc.dll - ok 12:39:41.0704 5844 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll 12:39:41.0704 5844 C:\Windows\System32\WinSCard.dll - ok 12:39:41.0704 5844 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll 12:39:41.0704 5844 C:\Windows\System32\shgina.dll - ok 12:39:41.0704 5844 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll 12:39:41.0704 5844 C:\Windows\System32\shacct.dll - ok 12:39:41.0720 5844 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll 12:39:41.0720 5844 C:\Windows\System32\propsys.dll - ok 12:39:41.0720 5844 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpengine.dll 12:39:41.0720 5844 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpengine.dll - ok 12:39:41.0720 5844 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasbase.vdm 12:39:41.0720 5844 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasbase.vdm - ok 12:39:41.0735 5844 [ E1BD3BF5BEE672EC61B1B6D61A27F804 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasdlta.vdm 12:39:41.0735 5844 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC6C61F-1D0B-46D7-879A-6E57FCB8C5DC}\mpasdlta.vdm - ok 12:39:41.0735 5844 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys 12:39:41.0735 5844 C:\Windows\System32\drivers\fltMgr.sys - ok 12:39:41.0751 5844 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll 12:39:41.0751 5844 C:\Windows\System32\MMDevAPI.dll - ok 12:39:41.0751 5844 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll 12:39:41.0751 5844 C:\Windows\System32\avrt.dll - ok 12:39:41.0751 5844 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll 12:39:41.0766 5844 C:\Windows\System32\adtschema.dll - ok 12:39:41.0766 5844 [ 22F73612087430A94DBE912AB58E0C79 ] C:\Windows\System32\ci.dll 12:39:41.0766 5844 C:\Windows\System32\ci.dll - ok 12:39:41.0766 5844 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL 12:39:41.0766 5844 C:\Windows\System32\PSHED.DLL - ok 12:39:41.0782 5844 [ 97FEF831AB90BEE128C9AF390E243F80 ] C:\Windows\System32\drivers\drmkaud.sys 12:39:41.0782 5844 C:\Windows\System32\drivers\drmkaud.sys - ok 12:39:41.0782 5844 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe 12:39:41.0782 5844 C:\Windows\System32\audiodg.exe - ok 12:39:41.0798 5844 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll 12:39:41.0798 5844 C:\Windows\System32\gpsvc.dll - ok 12:39:41.0798 5844 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll 12:39:41.0798 5844 C:\Windows\System32\nlaapi.dll - ok 12:39:41.0813 5844 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll 12:39:41.0813 5844 C:\Windows\System32\atl.dll - ok 12:39:41.0813 5844 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll 12:39:41.0813 5844 C:\Windows\System32\es.dll - ok 12:39:41.0813 5844 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys 12:39:41.0813 5844 C:\Windows\System32\drivers\spsys.sys - ok 12:39:41.0829 5844 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll 12:39:41.0829 5844 C:\Windows\System32\uxsms.dll - ok 12:39:41.0829 5844 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll 12:39:41.0829 5844 C:\Windows\System32\hid.dll - ok 12:39:41.0844 5844 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll 12:39:41.0844 5844 C:\Windows\System32\WUDFPlatform.dll - ok 12:39:41.0844 5844 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys 12:39:41.0844 5844 C:\Windows\System32\drivers\lltdio.sys - ok 12:39:41.0860 5844 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys 12:39:41.0860 5844 C:\Windows\System32\drivers\rspndr.sys - ok 12:39:41.0860 5844 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll 12:39:41.0860 5844 C:\Windows\System32\WindowsCodecs.dll - ok 12:39:41.0876 5844 [ C71F2B4D0151CFEDE5D405C5D60B6FCE ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 12:39:41.0876 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok 12:39:41.0876 5844 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll 12:39:41.0876 5844 C:\Windows\System32\dnsrslvr.dll - ok 12:39:41.0876 5844 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 12:39:41.0876 5844 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - ok 12:39:41.0891 5844 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Windows\System32\msvcp71.dll 12:39:41.0891 5844 C:\Windows\System32\msvcp71.dll - ok 12:39:41.0891 5844 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\System32\msvcr71.dll 12:39:41.0891 5844 C:\Windows\System32\msvcr71.dll - ok 12:39:41.0907 5844 [ C84A3E2A295D6A0C7D46BCB17B0BE295 ] C:\Program Files\Common Files\Symantec Shared\ccL60U.dll 12:39:41.0907 5844 C:\Program Files\Common Files\Symantec Shared\ccL60U.dll - ok 12:39:41.0907 5844 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll 12:39:41.0907 5844 C:\Windows\System32\dbghelp.dll - ok 12:39:41.0922 5844 [ 749ABA9C6E9D5CD0FBCBA8820F0B8B5C ] C:\Program Files\Common Files\Symantec Shared\SymNeti.dll 12:39:41.0922 5844 C:\Program Files\Common Files\Symantec Shared\SymNeti.dll - ok 12:39:41.0922 5844 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll 12:39:41.0922 5844 C:\Windows\System32\wsock32.dll - ok 12:39:41.0922 5844 [ 9C167BB694823E91663268B9F903D2CA ] C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll 12:39:41.0922 5844 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll - ok 12:39:41.0938 5844 [ 7D33F2009086256D21E4408D8AB4F2CE ] C:\Program Files\Common Files\Symantec Shared\ccSvc.dll 12:39:41.0938 5844 C:\Program Files\Common Files\Symantec Shared\ccSvc.dll - ok 12:39:41.0938 5844 [ 1170C75A713A38622709DD56307EA754 ] C:\Program Files\Common Files\Symantec Shared\ccSet.dll 12:39:41.0938 5844 C:\Program Files\Common Files\Symantec Shared\ccSet.dll - ok 12:39:41.0954 5844 [ 3F0FA6D9AA344012EC31CF979576DD9C ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetPlg.dll 12:39:41.0954 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetPlg.dll - ok 12:39:41.0954 5844 [ 359D05C93E20FB1E653AFF1BBD5F9825 ] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSvc.dll 12:39:41.0954 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSvc.dll - ok 12:39:41.0969 5844 [ DC5FB71C1FD81198F77961FCDB41FAFC ] C:\Program Files\Common Files\Symantec Shared\ccL60.dll 12:39:41.0969 5844 C:\Program Files\Common Files\Symantec Shared\ccL60.dll - ok 12:39:41.0969 5844 [ E73763D1C5A06862DE75D9D1F2B03B8B ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtPlg.dll 12:39:41.0969 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtPlg.dll - ok 12:39:41.0969 5844 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv 12:39:41.0969 5844 C:\Windows\System32\wdmaud.drv - ok 12:39:41.0985 5844 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll 12:39:41.0985 5844 C:\Windows\System32\ksuser.dll - ok 12:39:41.0985 5844 [ 1AD0F8346FEC3337834D6B5A19DB9291 ] C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll 12:39:41.0985 5844 C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll - ok 12:39:41.0985 5844 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll 12:39:41.0985 5844 C:\Windows\System32\AudioSes.dll - ok 12:39:42.0000 5844 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll 12:39:42.0000 5844 C:\Windows\System32\AudioEng.dll - ok 12:39:42.0000 5844 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll 12:39:42.0000 5844 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok 12:39:42.0016 5844 [ FE5A8FFC7FD8FBF4BE2BE53C2F0CD2BE ] C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEvt.dll 12:39:42.0016 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEvt.dll - ok 12:39:42.0016 5844 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll 12:39:42.0016 5844 C:\Windows\System32\ktmw32.dll - ok 12:39:42.0016 5844 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv 12:39:42.0016 5844 C:\Windows\System32\msacm32.drv - ok 12:39:42.0032 5844 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll 12:39:42.0032 5844 C:\Windows\System32\msacm32.dll - ok 12:39:42.0032 5844 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll 12:39:42.0032 5844 C:\Windows\System32\midimap.dll - ok 12:39:42.0047 5844 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll 12:39:42.0047 5844 C:\Windows\System32\taskcomp.dll - ok 12:39:42.0047 5844 [ 7D1F2AFE12BAFC4C18C5A0E3C6866E38 ] C:\Program Files\Windows Defender\MpRtPlug.dll 12:39:42.0047 5844 C:\Program Files\Windows Defender\MpRtPlug.dll - ok 12:39:42.0063 5844 [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll 12:39:42.0063 5844 C:\Windows\System32\tdh.dll - ok 12:39:42.0063 5844 [ EA4DAC53650DC65E7D56D9F28D98C64E ] C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\Srtsp32.dll 12:39:42.0063 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\Srtsp32.dll - ok 12:39:42.0063 5844 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] C:\Windows\System32\drivers\http.sys 12:39:42.0063 5844 C:\Windows\System32\drivers\http.sys - ok 12:39:42.0078 5844 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll 12:39:42.0078 5844 C:\Windows\System32\wscapi.dll - ok 12:39:42.0078 5844 [ 50DCD40A177E6C84F36D555D7F727655 ] C:\Program Files\Common Files\Symantec Shared\ccProSub.dll 12:39:42.0078 5844 C:\Program Files\Common Files\Symantec Shared\ccProSub.dll - ok 12:39:42.0094 5844 [ 132C031B41B0E5786E9FEA5B0FE50EA8 ] C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetEvt.dll 12:39:42.0094 5844 C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetEvt.dll - ok 12:39:42.0094 5844 [ 8F2097E8B174F38178570C611464935F ] C:\Windows\System32\atl71.dll 12:39:42.0094 5844 C:\Windows\System32\atl71.dll - ok 12:39:42.0094 5844 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll 12:39:42.0094 5844 C:\Windows\System32\wiarpc.dll - ok 12:39:42.0110 5844 [ DEC53E152E18541D3D585794D99F02B7 ] C:\Windows\System32\nvsvc.dll 12:39:42.0110 5844 C:\Windows\System32\nvsvc.dll - ok 12:39:42.0110 5844 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll 12:39:42.0110 5844 C:\Windows\System32\spoolss.dll - ok 12:39:42.0125 5844 [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll 12:39:42.0125 5844 C:\Windows\System32\AUDIOKSE.dll - ok 12:39:42.0125 5844 [ DD749A6F27E53F003DE6177C96904D81 ] C:\Windows\System32\stapo.dll 12:39:42.0125 5844 C:\Windows\System32\stapo.dll - ok 12:39:42.0141 5844 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys 12:39:42.0141 5844 C:\Windows\System32\drivers\srvnet.sys - ok 12:39:42.0141 5844 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL 12:39:42.0141 5844 C:\Windows\System32\FWPUCLNT.DLL - ok 12:39:42.0141 5844 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys 12:39:42.0141 5844 C:\Windows\System32\drivers\bowser.sys - ok 12:39:42.0156 5844 [ 11695C9D4ADB2E9C6C5B0B6447F4EAD7 ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll 12:39:42.0156 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok 12:39:42.0156 5844 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll 12:39:42.0156 5844 C:\Windows\System32\mscms.dll - ok 12:39:42.0172 5844 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll 12:39:42.0172 5844 C:\Windows\System32\dwmapi.dll - ok 12:39:42.0172 5844 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys 12:39:42.0172 5844 C:\Windows\System32\drivers\mpsdrv.sys - ok 12:39:42.0172 5844 [ 82CEA0395524AACFEB58BA1448E8325C ] C:\Windows\System32\drivers\mrxdav.sys 12:39:42.0172 5844 C:\Windows\System32\drivers\mrxdav.sys - ok 12:39:42.0188 5844 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll 12:39:42.0188 5844 C:\Windows\System32\MPSSVC.dll - ok 12:39:42.0203 5844 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys 12:39:42.0203 5844 C:\Windows\System32\drivers\mrxsmb.sys - ok 12:39:42.0203 5844 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys 12:39:42.0203 5844 C:\Windows\System32\drivers\mrxsmb10.sys - ok 12:39:42.0203 5844 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys 12:39:42.0203 5844 C:\Windows\System32\drivers\mrxsmb20.sys - ok 12:39:42.0219 5844 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys 12:39:42.0219 5844 C:\Windows\System32\drivers\srv2.sys - ok 12:39:42.0219 5844 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys 12:39:42.0219 5844 C:\Windows\System32\drivers\srv.sys - ok 12:39:42.0234 5844 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll 12:39:42.0234 5844 C:\Windows\System32\netmsg.dll - ok 12:39:42.0234 5844 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll 12:39:42.0234 5844 C:\Windows\System32\sscore.dll - ok 12:39:42.0250 5844 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll 12:39:42.0250 5844 C:\Windows\System32\clusapi.dll - ok 12:39:42.0250 5844 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll 12:39:42.0250 5844 C:\Windows\System32\wfapigp.dll - ok 12:39:42.0250 5844 [ F654842D0653472BB37BBD016CFED0E3 ] C:\Windows\System32\ctapo32.dll 12:39:42.0250 5844 C:\Windows\System32\ctapo32.dll - ok 12:39:42.0266 5844 [ 1311171CF8F6D2954441EF2A42693035 ] C:\Windows\System32\WsmRes.dll 12:39:42.0266 5844 C:\Windows\System32\WsmRes.dll - ok 12:39:42.0266 5844 [ CEDE7CB889F5BAE7B6FA90C8BBA79498 ] C:\Windows\System32\nvapi.dll 12:39:42.0266 5844 C:\Windows\System32\nvapi.dll - ok 12:39:42.0266 5844 [ E230F3776F373F4C5E788794B53101E4 ] C:\Windows\System32\plasrv.exe 12:39:42.0266 5844 C:\Windows\System32\plasrv.exe - ok 12:39:42.0281 5844 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll 12:39:42.0281 5844 C:\Windows\System32\activeds.dll - ok 12:39:42.0297 5844 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll 12:39:42.0297 5844 C:\Windows\System32\adsldpc.dll - ok 12:39:42.0297 5844 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll 12:39:42.0297 5844 C:\Windows\System32\WMALFXGFXDSP.dll - ok 12:39:42.0297 5844 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll 12:39:42.0297 5844 C:\Windows\System32\credui.dll - ok 12:39:42.0312 5844 [ 4ED8382D5F1C9D2028FBDA35E3B2DD47 ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll 12:39:42.0312 5844 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok 12:39:42.0312 5844 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll 12:39:42.0312 5844 C:\Windows\System32\resutils.dll - ok 12:39:42.0328 5844 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:39:42.0328 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok 12:39:42.0328 5844 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll 12:39:42.0328 5844 C:\Windows\System32\mfplat.dll - ok 12:39:42.0344 5844 [ 04D603957DA11F2A401D114B7FF9BF36 ] C:\Program Files\NVIDIA Corporation\Display\nvuir.dll 12:39:42.0344 5844 C:\Program Files\NVIDIA Corporation\Display\nvuir.dll - ok 12:39:42.0344 5844 [ 572CBECE3BAA034CD3AF3CBBA5A6F8F2 ] C:\Windows\System32\nvsvcr.dll 12:39:42.0344 5844 C:\Windows\System32\nvsvcr.dll - ok 12:39:42.0344 5844 [ 4E78E6587B4D5B014874E5938B3FBF5F ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll 12:39:42.0344 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok 12:39:42.0359 5844 [ 3B313DD380E041BE611577D5ADC7DC97 ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll 12:39:42.0359 5844 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok 12:39:42.0359 5844 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll 12:39:42.0359 5844 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok 12:39:42.0375 5844 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll 12:39:42.0375 5844 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok 12:39:42.0375 5844 [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll 12:39:42.0375 5844 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok 12:39:42.0390 5844 [ 8B22CF51B907E3A221267CF1E502993A ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll 12:39:42.0390 5844 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok 12:39:42.0390 5844 [ 054B87C872292A960B9B8A834B34DFA7 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll 12:39:42.0390 5844 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok 12:39:42.0406 5844 [ D8D46A439659B8B43A41B266E4646527 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll 12:39:42.0406 5844 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok 12:39:42.0406 5844 [ 794950DB77AA590C2964ECA0A5874A09 ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll 12:39:42.0406 5844 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok 12:39:42.0406 5844 [ 250BF888DDBE88D61EB19A9D4957C794 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll 12:39:42.0406 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok 12:39:42.0422 5844 [ 8A6A3A6750E99EDC2AD7B9C79FDCF419 ] C:\Windows\System32\PhysX.cpl 12:39:42.0422 5844 C:\Windows\System32\PhysX.cpl - ok 12:39:42.0422 5844 [ 9BA2B36132A41AEBDA66C1D90F8470C2 ] C:\Windows\System32\nvcpl.dll 12:39:42.0422 5844 C:\Windows\System32\nvcpl.dll - ok 12:39:42.0437 5844 [ 4B555106290BD117334E9A08761C035A ] C:\Windows\System32\rundll32.exe 12:39:42.0437 5844 C:\Windows\System32\rundll32.exe - ok 12:39:42.0437 5844 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll 12:39:42.0437 5844 C:\Windows\System32\shimeng.dll - ok 12:39:42.0437 5844 [ D6804F089CBB6749E95124E7C4D80900 ] C:\Windows\AppPatch\AcLayers.dll 12:39:42.0437 5844 C:\Windows\AppPatch\AcLayers.dll - ok 12:39:42.0453 5844 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll 12:39:42.0453 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok 12:39:42.0468 5844 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll 12:39:42.0468 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok 12:39:42.0468 5844 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll 12:39:42.0468 5844 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok 12:39:42.0468 5844 [ 37CF2461CB5E40C4CFAB82C8FC79A2BC ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll 12:39:42.0468 5844 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok 12:39:42.0484 5844 [ 500BBC336E6273A3035CED554ACB1EF6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll 12:39:42.0484 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok 12:39:42.0484 5844 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll 12:39:42.0484 5844 C:\Windows\System32\dnssd.dll - ok 12:39:42.0500 5844 [ 5922444C2C55E2DC6CDDB7902A85BF8A ] C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe 12:39:42.0500 5844 C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe - ok 12:39:42.0500 5844 [ C440345A38FDA337AFB7333863CC8533 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll 12:39:42.0500 5844 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok 12:39:42.0515 5844 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 12:39:42.0515 5844 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok 12:39:42.0515 5844 [ FC33CBBB9CADCEC307DA010FE763D04C ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll 12:39:42.0515 5844 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok 12:39:42.0531 5844 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll 12:39:42.0531 5844 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok 12:39:42.0531 5844 [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 12:39:42.0531 5844 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok 12:39:42.0546 5844 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe 12:39:42.0546 5844 C:\Windows\System32\dllhost.exe - ok 12:39:42.0546 5844 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe 12:39:42.0546 5844 C:\Windows\System32\AtBroker.exe - ok 12:39:42.0562 5844 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll 12:39:42.0593 5844 C:\Windows\System32\winrnr.dll - ok 12:39:42.0593 5844 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll 12:39:42.0593 5844 C:\Program Files\Bonjour\mdnsNSP.dll - ok 12:39:42.0609 5844 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll 12:39:42.0609 5844 C:\Windows\System32\rasadhlp.dll - ok 12:39:42.0609 5844 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe 12:39:42.0609 5844 C:\Windows\System32\userinit.exe - ok 12:39:42.0624 5844 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe 12:39:42.0624 5844 C:\Windows\System32\taskeng.exe - ok 12:39:42.0624 5844 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll 12:39:42.0624 5844 C:\Windows\System32\umb.dll - ok -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
The log file is too long, so I am splitting it into 3 parts. 12:34:14.0144 2180 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 12:34:14.0191 2180 ============================================================ 12:34:14.0191 2180 Current date / time: 2012/12/15 12:34:14.0191 12:34:14.0191 2180 SystemInfo: 12:34:14.0191 2180 12:34:14.0191 2180 OS Version: 6.0.6002 ServicePack: 2.0 12:34:14.0191 2180 Product type: Workstation 12:34:14.0191 2180 ComputerName: NOFACE 12:34:14.0191 2180 UserName: Mario 12:34:14.0191 2180 Windows directory: C:\Windows 12:34:14.0191 2180 System windows directory: C:\Windows 12:34:14.0191 2180 Processor architecture: Intel x86 12:34:14.0191 2180 Number of processors: 2 12:34:14.0191 2180 Page size: 0x1000 12:34:14.0191 2180 Boot type: Normal boot 12:34:14.0191 2180 ============================================================ 12:34:14.0783 2180 BG loaded 12:34:15.0595 2180 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:34:15.0626 2180 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:34:15.0844 2180 ============================================================ 12:34:15.0844 2180 \Device\Harddisk0\DR0: 12:34:15.0891 2180 MBR partitions: 12:34:15.0891 2180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000 12:34:15.0891 2180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800 12:34:15.0891 2180 \Device\Harddisk1\DR1: 12:34:15.0891 2180 MBR partitions: 12:34:15.0891 2180 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000 12:34:15.0891 2180 ============================================================ 12:34:16.0094 2180 C: <-> \Device\Harddisk0\DR0\Partition2 12:34:16.0234 2180 D: <-> \Device\Harddisk0\DR0\Partition1 12:34:16.0234 2180 F: <-> \Device\Harddisk1\DR1\Partition1 12:34:16.0234 2180 ============================================================ 12:34:16.0234 2180 Initialize success 12:34:16.0234 2180 ============================================================ 12:37:20.0663 5844 ============================================================ 12:37:20.0663 5844 Scan started 12:37:20.0663 5844 Mode: Manual; SigCheck; TDLFS; 12:37:20.0663 5844 ============================================================ 12:37:23.0659 5844 ================ Scan system memory ======================== 12:37:23.0659 5844 System memory - ok 12:37:23.0659 5844 ================ Scan services ============================= 12:37:23.0939 5844 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 12:37:24.0064 5844 ACPI - ok 12:37:24.0251 5844 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe 12:37:24.0283 5844 Adobe Version Cue CS3 - ok 12:37:24.0376 5844 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 12:37:26.0092 5844 AdobeFlashPlayerUpdateSvc - ok 12:37:26.0420 5844 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 12:37:26.0794 5844 adp94xx - ok 12:37:26.0825 5844 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 12:37:26.0872 5844 adpahci - ok 12:37:26.0888 5844 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 12:37:26.0903 5844 adpu160m - ok 12:37:26.0935 5844 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 12:37:26.0950 5844 adpu320 - ok 12:37:27.0075 5844 [ E111E51C5FB8627A61E76BDE63B5D810 ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe 12:37:27.0153 5844 ADVService ( UnsignedFile.Multi.Generic ) - warning 12:37:27.0153 5844 ADVService - detected UnsignedFile.Multi.Generic (1) 12:37:27.0309 5844 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:37:28.0151 5844 AeLookupSvc - ok 12:37:28.0214 5844 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 12:37:28.0261 5844 AFD - ok 12:37:28.0307 5844 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys 12:37:28.0339 5844 agp440 - ok 12:37:28.0370 5844 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 12:37:28.0385 5844 aic78xx - ok 12:37:28.0448 5844 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 12:37:29.0337 5844 ALG - ok 12:37:29.0368 5844 [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide C:\Windows\system32\drivers\aliide.sys 12:37:29.0399 5844 aliide - ok 12:37:29.0462 5844 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys 12:37:29.0493 5844 amdagp - ok 12:37:29.0524 5844 [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide C:\Windows\system32\drivers\amdide.sys 12:37:29.0555 5844 amdide - ok 12:37:29.0587 5844 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 12:37:31.0115 5844 AmdK7 - ok 12:37:31.0147 5844 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 12:37:31.0256 5844 AmdK8 - ok 12:37:31.0303 5844 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 12:37:31.0396 5844 Appinfo - ok 12:37:31.0630 5844 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:37:31.0646 5844 Apple Mobile Device - ok 12:37:31.0724 5844 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 12:37:31.0755 5844 arc - ok 12:37:31.0786 5844 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 12:37:31.0817 5844 arcsas - ok 12:37:31.0864 5844 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:37:31.0927 5844 AsyncMac - ok 12:37:31.0958 5844 [ 9E7E85EC61D1C9C3171CC08427108863 ] atapi C:\Windows\system32\drivers\atapi.sys 12:37:31.0989 5844 atapi - ok 12:37:32.0083 5844 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:37:32.0129 5844 AudioEndpointBuilder - ok 12:37:32.0192 5844 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 12:37:32.0207 5844 Audiosrv - ok 12:37:32.0410 5844 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe 12:37:32.0441 5844 Autodesk Licensing Service - ok 12:37:32.0504 5844 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 12:37:32.0597 5844 Beep - ok 12:37:32.0831 5844 [ 5922444C2C55E2DC6CDDB7902A85BF8A ] Bentley SELECT Server Gateway C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe 12:37:32.0894 5844 Bentley SELECT Server Gateway ( UnsignedFile.Multi.Generic ) - warning 12:37:32.0894 5844 Bentley SELECT Server Gateway - detected UnsignedFile.Multi.Generic (1) 12:37:33.0190 5844 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 12:37:33.0268 5844 BFE - ok 12:37:33.0471 5844 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 12:37:33.0549 5844 BITS - ok 12:37:33.0549 5844 blbdrive - ok 12:37:33.0799 5844 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:37:33.0830 5844 Bonjour Service - ok 12:37:33.0939 5844 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:37:34.0048 5844 bowser - ok 12:37:34.0126 5844 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 12:37:34.0282 5844 BrFiltLo - ok 12:37:34.0313 5844 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 12:37:34.0485 5844 BrFiltUp - ok 12:37:34.0547 5844 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 12:37:34.0625 5844 Browser - ok 12:37:34.0750 5844 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 12:37:34.0937 5844 Brserid - ok 12:37:34.0984 5844 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 12:37:35.0047 5844 BrSerWdm - ok 12:37:35.0140 5844 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 12:37:35.0265 5844 BrUsbMdm - ok 12:37:35.0343 5844 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 12:37:35.0499 5844 BrUsbSer - ok 12:37:35.0546 5844 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 12:37:35.0639 5844 BTHMODEM - ok 12:37:35.0811 5844 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 12:37:35.0827 5844 ccEvtMgr - ok 12:37:35.0842 5844 [ 47312A6AF7D84F99EA9EB7B0DE5440BC ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 12:37:35.0858 5844 ccSetMgr - ok 12:37:35.0967 5844 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:37:36.0076 5844 cdfs - ok 12:37:36.0154 5844 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 12:37:36.0232 5844 cdrom - ok 12:37:36.0295 5844 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 12:37:36.0388 5844 CertPropSvc - ok 12:37:36.0513 5844 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 12:37:36.0591 5844 circlass - ok 12:37:36.0669 5844 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 12:37:36.0700 5844 CLFS - ok 12:37:36.0919 5844 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:37:36.0950 5844 clr_optimization_v2.0.50727_32 - ok 12:37:37.0433 5844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:37:37.0777 5844 clr_optimization_v4.0.30319_32 - ok 12:37:37.0886 5844 [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:37:37.0933 5844 cmdide - ok 12:37:37.0979 5844 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 12:37:38.0011 5844 Compbatt - ok 12:37:38.0026 5844 COMSysApp - ok 12:37:38.0073 5844 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 12:37:38.0104 5844 crcdisk - ok 12:37:38.0229 5844 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 12:37:38.0323 5844 Crusoe - ok 12:37:38.0432 5844 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:37:38.0510 5844 CryptSvc - ok 12:37:38.0557 5844 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 12:37:38.0603 5844 CVirtA - ok 12:37:38.0728 5844 [ F432260E59AAE3284ED7E795264C16D0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 12:37:38.0775 5844 CVPND - ok 12:37:38.0884 5844 [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 12:37:38.0931 5844 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 12:37:38.0931 5844 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 12:37:38.0993 5844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:37:39.0103 5844 DcomLaunch - ok 12:37:39.0181 5844 [ FB937277E87F8468603F4E2D8CF9DB4A ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe 12:37:39.0181 5844 DefWatch - ok 12:37:39.0243 5844 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:37:39.0337 5844 DfsC - ok 12:37:39.0836 5844 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 12:37:40.0460 5844 DFSR - ok 12:37:40.0553 5844 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 12:37:40.0600 5844 Dhcp - ok 12:37:40.0647 5844 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 12:37:40.0678 5844 disk - ok 12:37:40.0772 5844 [ A53723176D0002FEB486EFF8E17812F2 ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS 12:37:40.0803 5844 DLABMFSM - ok 12:37:40.0834 5844 [ D4587063ACEA776699251E177D719586 ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS 12:37:40.0865 5844 DLABOIOM - ok 12:37:40.0943 5844 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS 12:37:40.0959 5844 DLACDBHM - ok 12:37:41.0006 5844 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS 12:37:41.0021 5844 DLADResM - ok 12:37:41.0068 5844 [ 24400137E387A24410C52A591F3CFB4D ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS 12:37:41.0099 5844 DLAIFS_M - ok 12:37:41.0146 5844 [ 29A303FECEB28641ECEBDAE89EB71C63 ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS 12:37:41.0177 5844 DLAOPIOM - ok 12:37:41.0193 5844 [ C93E33A22A1AE0C5508F3FB1F6D0A50C ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS 12:37:41.0224 5844 DLAPoolM - ok 12:37:41.0271 5844 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS 12:37:41.0302 5844 DLARTL_M - ok 12:37:41.0333 5844 [ B953498C35A31E5AC98F49ADBCF3E627 ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS 12:37:41.0365 5844 DLAUDFAM - ok 12:37:41.0411 5844 [ 4897704C093C1F59CE58FC65E1E1EF1E ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS 12:37:41.0443 5844 DLAUDF_M - ok 12:37:41.0521 5844 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys 12:37:41.0536 5844 DNE - ok 12:37:41.0599 5844 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:37:41.0708 5844 Dnscache - ok 12:37:41.0801 5844 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 12:37:41.0833 5844 dot3svc - ok 12:37:41.0895 5844 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 12:37:41.0942 5844 DPS - ok 12:37:41.0973 5844 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:37:42.0020 5844 drmkaud - ok 12:37:42.0067 5844 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS 12:37:42.0098 5844 DRVMCDB - ok 12:37:42.0113 5844 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS 12:37:42.0145 5844 DRVNDDM - ok 12:37:42.0223 5844 [ 01D5B95D0A12A916BBDC258629113258 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe 12:37:42.0254 5844 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning 12:37:42.0254 5844 DSBrokerService - detected UnsignedFile.Multi.Generic (1) 12:37:42.0379 5844 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 12:37:42.0441 5844 DSproct ( UnsignedFile.Multi.Generic ) - warning 12:37:42.0441 5844 DSproct - detected UnsignedFile.Multi.Generic (1) 12:37:42.0488 5844 [ 64FA28C15DD71A80BEF3527E1EF07DF6 ] dsunidrv C:\Program Files\DellSupport\Drivers\dsunidrv.sys 12:37:42.0488 5844 dsunidrv ( UnsignedFile.Multi.Generic ) - warning 12:37:42.0488 5844 dsunidrv - detected UnsignedFile.Multi.Generic (1) 12:37:42.0722 5844 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:37:42.0753 5844 DXGKrnl - ok 12:37:42.0893 5844 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys 12:37:42.0956 5844 e1express - ok 12:37:43.0003 5844 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 12:37:43.0081 5844 E1G60 - ok 12:37:43.0127 5844 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 12:37:43.0159 5844 EapHost - ok 12:37:43.0237 5844 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 12:37:43.0252 5844 Ecache - ok 12:37:43.0330 5844 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 12:37:43.0393 5844 eeCtrl - ok 12:37:43.0502 5844 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 12:37:43.0533 5844 elxstor - ok 12:37:43.0689 5844 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 12:37:43.0954 5844 EMDMgmt - ok 12:37:44.0017 5844 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 12:37:44.0048 5844 EraserUtilRebootDrv - ok 12:37:44.0266 5844 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 12:37:44.0344 5844 EventSystem - ok 12:37:44.0438 5844 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 12:37:44.0547 5844 exfat - ok 12:37:44.0609 5844 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:37:44.0641 5844 fastfat - ok 12:37:44.0687 5844 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:37:44.0765 5844 fdc - ok 12:37:44.0843 5844 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 12:37:44.0890 5844 fdPHost - ok 12:37:44.0921 5844 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 12:37:44.0999 5844 FDResPub - ok 12:37:45.0062 5844 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:37:45.0077 5844 FileInfo - ok 12:37:45.0171 5844 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:37:45.0218 5844 Filetrace - ok 12:37:45.0343 5844 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 12:37:45.0577 5844 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 12:37:45.0577 5844 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 12:37:45.0608 5844 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:37:45.0701 5844 flpydisk - ok 12:37:45.0779 5844 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:37:45.0795 5844 FltMgr - ok 12:37:46.0076 5844 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 12:37:46.0154 5844 FontCache - ok 12:37:46.0357 5844 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 12:37:46.0372 5844 FontCache3.0.0.0 - ok 12:37:46.0435 5844 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:37:46.0513 5844 Fs_Rec - ok 12:37:46.0591 5844 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 12:37:46.0606 5844 gagp30kx - ok 12:37:46.0637 5844 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys 12:37:46.0637 5844 GEARAspiWDM - ok 12:37:46.0778 5844 GoogleDesktopManager-051210-111108 - ok 12:37:46.0871 5844 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 12:37:46.0903 5844 gpsvc - ok 12:37:46.0996 5844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 12:37:47.0012 5844 gupdate - ok 12:37:47.0012 5844 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 12:37:47.0027 5844 gupdatem - ok 12:37:47.0090 5844 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:37:47.0183 5844 HdAudAddService - ok 12:37:47.0371 5844 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 12:37:47.0464 5844 HDAudBus - ok 12:37:47.0589 5844 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 12:37:47.0683 5844 HidBth - ok 12:37:47.0714 5844 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 12:37:47.0807 5844 HidIr - ok 12:37:47.0885 5844 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 12:37:47.0995 5844 hidserv - ok 12:37:48.0041 5844 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:37:48.0104 5844 HidUsb - ok 12:37:48.0135 5844 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:37:48.0182 5844 hkmsvc - ok 12:37:48.0197 5844 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 12:37:48.0229 5844 HpCISSs - ok 12:37:48.0291 5844 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:37:48.0369 5844 HTTP - ok 12:37:48.0400 5844 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 12:37:48.0416 5844 i2omp - ok 12:37:48.0463 5844 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 12:37:48.0634 5844 i8042prt - ok 12:37:48.0712 5844 [ 0BCEE844A02747DD7F1E30352E619F2E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 12:37:48.0743 5844 IAANTMON ( UnsignedFile.Multi.Generic ) - warning 12:37:48.0743 5844 IAANTMON - detected UnsignedFile.Multi.Generic (1) 12:37:48.0821 5844 [ E9F704CA833BD24BFAA3B4A59707633A ] iaStor C:\Windows\system32\drivers\iastor.sys 12:37:48.0884 5844 iaStor - ok 12:37:48.0993 5844 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 12:37:49.0087 5844 iaStorV - ok 12:37:49.0196 5844 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 12:37:49.0227 5844 IDriverT ( UnsignedFile.Multi.Generic ) - warning 12:37:49.0227 5844 IDriverT - detected UnsignedFile.Multi.Generic (1) 12:37:49.0321 5844 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:37:49.0383 5844 idsvc - ok 12:37:49.0414 5844 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 12:37:49.0445 5844 iirsp - ok 12:37:49.0617 5844 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 12:37:49.0679 5844 IKEEXT - ok 12:37:49.0711 5844 [ 1B16626BEAE3A52E611FC681CD796F86 ] intelide C:\Windows\system32\drivers\intelide.sys 12:37:49.0742 5844 intelide - ok 12:37:49.0789 5844 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:37:49.0835 5844 intelppm - ok 12:37:49.0945 5844 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:37:50.0023 5844 IPBusEnum - ok 12:37:50.0054 5844 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:37:50.0132 5844 IpFilterDriver - ok 12:37:50.0194 5844 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:37:50.0241 5844 iphlpsvc - ok 12:37:50.0241 5844 IpInIp - ok 12:37:50.0303 5844 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 12:37:50.0381 5844 IPMIDRV - ok 12:37:50.0491 5844 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 12:37:50.0615 5844 IPNAT - ok 12:37:50.0896 5844 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 12:37:50.0943 5844 iPod Service - ok 12:37:51.0021 5844 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:37:54.0172 5844 IRENUM - ok 12:37:54.0250 5844 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:37:54.0281 5844 isapnp - ok 12:37:54.0375 5844 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 12:37:54.0391 5844 iScsiPrt - ok 12:37:54.0422 5844 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 12:37:54.0469 5844 iteatapi - ok 12:37:54.0500 5844 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 12:37:54.0531 5844 iteraid - ok 12:37:54.0578 5844 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 12:37:54.0593 5844 kbdclass - ok 12:37:54.0656 5844 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 12:37:54.0671 5844 kbdhid - ok 12:37:54.0749 5844 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 12:37:54.0843 5844 KeyIso - ok 12:37:54.0983 5844 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:37:55.0233 5844 KSecDD - ok 12:37:55.0373 5844 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 12:37:55.0483 5844 KtmRm - ok 12:37:55.0529 5844 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 12:37:55.0701 5844 LanmanServer - ok 12:37:55.0763 5844 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:37:55.0810 5844 LanmanWorkstation - ok 12:37:55.0997 5844 [ 3C7FCBBC35E0A52CE9B12E9CC4F5B991 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 12:37:56.0668 5844 LiveUpdate - ok 12:37:56.0777 5844 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:37:56.0824 5844 lltdio - ok 12:37:56.0902 5844 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:37:57.0058 5844 lltdsvc - ok 12:37:57.0105 5844 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:37:57.0167 5844 lmhosts - ok 12:37:57.0214 5844 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 12:37:57.0230 5844 LSI_FC - ok 12:37:57.0277 5844 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 12:37:57.0292 5844 LSI_SAS - ok 12:37:57.0355 5844 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 12:37:57.0386 5844 LSI_SCSI - ok 12:37:57.0433 5844 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 12:37:57.0495 5844 luafv - ok 12:37:57.0620 5844 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe 12:38:00.0989 5844 McComponentHostService - ok 12:38:01.0083 5844 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 12:38:01.0114 5844 megasas - ok 12:38:01.0395 5844 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 12:38:01.0426 5844 Microsoft Office Groove Audit Service - ok 12:38:01.0457 5844 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 12:38:01.0504 5844 MMCSS - ok 12:38:01.0551 5844 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 12:38:01.0613 5844 Modem - ok 12:38:01.0660 5844 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:38:01.0707 5844 monitor - ok 12:38:01.0754 5844 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:38:01.0769 5844 mouclass - ok 12:38:01.0801 5844 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:38:01.0863 5844 mouhid - ok 12:38:01.0894 5844 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 12:38:01.0925 5844 MountMgr - ok 12:38:02.0066 5844 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 12:38:02.0097 5844 MozillaMaintenance - ok 12:38:02.0159 5844 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 12:38:02.0222 5844 mpio - ok 12:38:02.0269 5844 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:38:02.0284 5844 mpsdrv - ok 12:38:02.0440 5844 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 12:38:02.0503 5844 MpsSvc - ok 12:38:02.0581 5844 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 12:38:02.0612 5844 Mraid35x - ok 12:38:02.0659 5844 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:38:02.0674 5844 MRxDAV - ok 12:38:02.0768 5844 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:38:02.0846 5844 mrxsmb - ok 12:38:02.0939 5844 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:38:02.0986 5844 mrxsmb10 - ok 12:38:03.0017 5844 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:38:03.0064 5844 mrxsmb20 - ok 12:38:03.0142 5844 [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci C:\Windows\system32\drivers\msahci.sys 12:38:03.0158 5844 msahci - ok 12:38:03.0173 5844 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:38:03.0205 5844 msdsm - ok 12:38:03.0251 5844 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 12:38:03.0329 5844 MSDTC - ok 12:38:03.0407 5844 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:38:03.0485 5844 Msfs - ok 12:38:03.0595 5844 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:38:03.0610 5844 msisadrv - ok 12:38:03.0673 5844 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:38:03.0766 5844 MSiSCSI - ok 12:38:03.0766 5844 msiserver - ok 12:38:03.0813 5844 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:38:03.0891 5844 MSKSSRV - ok 12:38:03.0938 5844 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:38:04.0016 5844 MSPCLOCK - ok 12:38:04.0546 5844 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:38:04.0593 5844 MSPQM - ok 12:38:04.0640 5844 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:38:04.0655 5844 MsRPC - ok 12:38:04.0702 5844 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 12:38:04.0718 5844 mssmbios - ok 12:38:04.0827 5844 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:38:04.0889 5844 MSTEE - ok 12:38:04.0936 5844 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 12:38:04.0967 5844 Mup - ok 12:38:05.0077 5844 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 12:38:05.0139 5844 napagent - ok 12:38:05.0170 5844 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:38:05.0233 5844 NativeWifiP - ok 12:38:05.0841 5844 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS 12:38:05.0872 5844 NAVENG - ok 12:38:06.0028 5844 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS 12:38:06.0106 5844 NAVEX15 - ok 12:38:06.0278 5844 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:38:06.0371 5844 NDIS - ok 12:38:06.0434 5844 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:38:06.0449 5844 NdisTapi - ok 12:38:06.0481 5844 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:38:06.0652 5844 Ndisuio - ok 12:38:06.0808 5844 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:38:06.0886 5844 NdisWan - ok 12:38:06.0949 5844 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:38:06.0964 5844 NDProxy - ok 12:38:07.0027 5844 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:38:07.0058 5844 NetBIOS - ok 12:38:07.0167 5844 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 12:38:07.0276 5844 netbt - ok 12:38:07.0323 5844 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 12:38:07.0510 5844 Netlogon - ok 12:38:07.0604 5844 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 12:38:07.0666 5844 Netman - ok 12:38:07.0760 5844 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 12:38:07.0791 5844 netprofm - ok 12:38:07.0885 5844 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:38:07.0947 5844 NetTcpPortSharing - ok 12:38:08.0009 5844 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 12:38:08.0134 5844 nfrd960 - ok 12:38:08.0228 5844 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 12:38:08.0290 5844 NlaSvc - ok 12:38:08.0337 5844 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:38:08.0446 5844 Npfs - ok 12:38:08.0493 5844 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 12:38:08.0555 5844 nsi - ok 12:38:08.0587 5844 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:38:08.0665 5844 nsiproxy - ok 12:38:09.0195 5844 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:38:09.0647 5844 Ntfs - ok 12:38:09.0710 5844 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 12:38:10.0006 5844 ntrigdigi - ok 12:38:10.0053 5844 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 12:38:10.0396 5844 Null - ok 12:38:12.0845 5844 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:38:15.0794 5844 nvlddmkm - ok 12:38:15.0872 5844 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:38:15.0934 5844 nvraid - ok 12:38:15.0965 5844 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:38:15.0997 5844 nvstor - ok 12:38:16.0699 5844 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe 12:38:16.0777 5844 nvsvc - ok 12:38:20.0177 5844 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:38:20.0630 5844 nvUpdatusService - ok 12:38:20.0739 5844 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:38:20.0755 5844 nv_agp - ok 12:38:20.0770 5844 NwlnkFlt - ok 12:38:20.0770 5844 NwlnkFwd - ok 12:38:22.0018 5844 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 12:38:22.0408 5844 odserv - ok 12:38:22.0486 5844 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:38:23.0032 5844 ohci1394 - ok 12:38:23.0219 5844 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:38:23.0453 5844 ose - ok 12:38:25.0185 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 12:38:25.0731 5844 p2pimsvc - ok 12:38:26.0168 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 12:38:26.0277 5844 p2psvc - ok 12:38:26.0527 5844 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 12:38:26.0776 5844 Parport - ok 12:38:26.0885 5844 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:38:26.0979 5844 partmgr - ok 12:38:27.0151 5844 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 12:38:27.0322 5844 Parvdm - ok 12:38:27.0400 5844 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 12:38:27.0634 5844 PcaSvc - ok 12:38:28.0009 5844 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 12:38:28.0133 5844 pci - ok 12:38:28.0367 5844 [ 54D23DC5B5072311116826FDB7F6E83E ] pciide C:\Windows\system32\drivers\pciide.sys 12:38:28.0601 5844 pciide - ok 12:38:28.0820 5844 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 12:38:29.0007 5844 pcmcia - ok 12:38:29.0709 5844 [ 1171C834C5E6515765684C6938B609A1 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe 12:38:29.0865 5844 PCToolsSSDMonitorSvc - ok 12:38:30.0302 5844 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:38:30.0723 5844 PEAUTH - ok 12:38:30.0895 5844 pgfilter - ok 12:38:31.0051 5844 [ 4E87EF38A053F02E454935C8440EC91A ] pgsql-8.3 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe 12:38:31.0285 5844 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning 12:38:31.0285 5844 pgsql-8.3 - detected UnsignedFile.Multi.Generic (1) 12:38:31.0456 5844 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 12:38:31.0784 5844 pla - ok 12:38:31.0815 5844 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:38:32.0002 5844 PlugPlay - ok 12:38:32.0096 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 12:38:32.0283 5844 PNRPAutoReg - ok 12:38:32.0673 5844 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 12:38:32.0876 5844 PNRPsvc - ok 12:38:33.0016 5844 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:38:33.0157 5844 PolicyAgent - ok 12:38:33.0250 5844 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:38:33.0359 5844 PptpMiniport - ok 12:38:33.0406 5844 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 12:38:33.0578 5844 Processor - ok 12:38:33.0656 5844 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 12:38:33.0718 5844 ProfSvc - ok 12:38:33.0749 5844 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 12:38:33.0952 5844 ProtectedStorage - ok 12:38:33.0999 5844 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 12:38:34.0077 5844 PSched - ok 12:38:34.0139 5844 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 12:38:34.0202 5844 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 12:38:34.0202 5844 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 12:38:34.0576 5844 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 12:38:35.0528 5844 ql2300 - ok 12:38:35.0653 5844 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 12:38:35.0731 5844 ql40xx - ok 12:38:36.0074 5844 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 12:38:38.0242 5844 QWAVE - ok 12:38:38.0367 5844 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:38:38.0539 5844 QWAVEdrv - ok 12:38:39.0381 5844 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys 12:38:40.0754 5844 R300 - ok 12:38:40.0832 5844 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:38:40.0910 5844 RasAcd - ok 12:38:41.0019 5844 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 12:38:41.0066 5844 RasAuto - ok 12:38:41.0128 5844 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:38:41.0222 5844 Rasl2tp - ok 12:38:41.0284 5844 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 12:38:41.0362 5844 RasMan - ok 12:38:41.0471 5844 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:38:41.0503 5844 RasPppoe - ok 12:38:41.0643 5844 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:38:41.0737 5844 RasSstp - ok 12:38:41.0783 5844 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:38:41.0939 5844 rdbss - ok 12:38:42.0189 5844 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:38:42.0236 5844 RDPCDD - ok 12:38:42.0329 5844 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 12:38:42.0501 5844 rdpdr - ok 12:38:42.0641 5844 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:38:42.0688 5844 RDPENCDD - ok 12:38:42.0813 5844 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:38:42.0922 5844 RDPWD - ok 12:38:43.0016 5844 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:38:43.0141 5844 RemoteAccess - ok 12:38:43.0234 5844 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:38:45.0778 5844 RemoteRegistry - ok 12:38:46.0464 5844 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 12:38:46.0808 5844 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning 12:38:46.0808 5844 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1) 12:38:46.0932 5844 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 12:38:46.0995 5844 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning 12:38:46.0995 5844 RoxWatch9 - detected UnsignedFile.Multi.Generic (1) 12:38:47.0057 5844 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 12:38:47.0244 5844 RpcLocator - ok 12:38:47.0385 5844 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 12:38:47.0432 5844 RpcSs - ok 12:38:47.0666 5844 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:38:47.0790 5844 rspndr - ok 12:38:47.0884 5844 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 12:38:47.0915 5844 SamSs - ok 12:38:48.0414 5844 [ DEE1270BD551E9A2633CD5180F22729E ] SandraDataSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe 12:38:48.0524 5844 SandraDataSrv - ok 12:38:48.0773 5844 [ 90A2A2E1B375784B506AC5C6B7733C25 ] SandraTheSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe 12:38:49.0116 5844 SandraTheSrv - ok 12:38:49.0584 5844 [ 3D6AB454353A7834A0919E4CDC77B566 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe 12:38:49.0616 5844 SavRoam - ok 12:38:49.0725 5844 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:38:49.0787 5844 sbp2port - ok 12:38:49.0881 5844 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:38:49.0928 5844 SCardSvr - ok 12:38:49.0990 5844 [ 16B1ABE7F3E35F21DAC57592B6C5D464 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys 12:38:50.0006 5844 SCDEmu ( UnsignedFile.Multi.Generic ) - warning 12:38:50.0006 5844 SCDEmu - detected UnsignedFile.Multi.Generic (1) 12:38:50.0286 5844 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 12:38:50.0489 5844 Schedule - ok 12:38:50.0552 5844 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 12:38:50.0583 5844 SCPolicySvc - ok 12:38:50.0692 5844 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:38:50.0770 5844 SDRSVC - ok 12:38:50.0864 5844 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:38:50.0910 5844 secdrv - ok 12:38:50.0988 5844 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 12:38:51.0035 5844 seclogon - ok 12:38:51.0144 5844 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 12:38:51.0238 5844 SENS - ok 12:38:51.0269 5844 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 12:38:51.0363 5844 Serenum - ok 12:38:51.0441 5844 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 12:38:51.0690 5844 Serial - ok 12:38:51.0784 5844 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 12:38:51.0909 5844 sermouse - ok 12:38:52.0034 5844 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 12:38:52.0065 5844 SessionEnv - ok 12:38:52.0127 5844 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:38:52.0283 5844 sffdisk - ok 12:38:52.0408 5844 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:38:52.0470 5844 sffp_mmc - ok 12:38:52.0548 5844 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:38:52.0626 5844 sffp_sd - ok 12:38:52.0704 5844 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 12:38:52.0860 5844 sfloppy - ok 12:38:52.0954 5844 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:38:53.0032 5844 SharedAccess - ok 12:38:53.0141 5844 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:38:53.0250 5844 ShellHWDetection - ok 12:38:53.0297 5844 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys 12:38:53.0328 5844 sisagp - ok 12:38:53.0422 5844 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 12:38:53.0547 5844 SiSRaid2 - ok 12:38:53.0672 5844 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 12:38:53.0718 5844 SiSRaid4 - ok 12:38:54.0046 5844 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 12:38:54.0670 5844 SkypeUpdate - ok 12:38:55.0731 5844 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 12:38:56.0105 5844 slsvc - ok 12:38:56.0292 5844 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 12:38:56.0417 5844 SLUINotify - ok 12:38:56.0620 5844 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:38:56.0714 5844 Smb - ok 12:38:56.0792 5844 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:38:56.0901 5844 SNMPTRAP - ok 12:38:57.0462 5844 [ 905782BCF15B6E5AF9905B77923C7FA2 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 12:38:57.0494 5844 SPBBCDrv - ok 12:38:57.0728 5844 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 12:38:57.0759 5844 spldr - ok 12:38:57.0821 5844 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 12:38:58.0055 5844 Spooler - ok 12:38:58.0305 5844 sprtsvc_dellsupportcenter - ok 12:38:58.0570 5844 [ 8831252BCF05FCFB5ABD116A22E552D8 ] sp_rsdrv2 C:\Windows\system32\drivers\sp_rsdrv2.sys 12:38:58.0726 5844 sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning 12:38:58.0726 5844 sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1) 12:38:59.0334 5844 [ AA21CF891D0D8248ECA1E9BA201ACBEF ] sp_rssrv C:\Program Files\Spyware Terminator\sp_rsser.exe 12:38:59.0366 5844 sp_rssrv ( UnsignedFile.Multi.Generic ) - warning 12:38:59.0366 5844 sp_rssrv - detected UnsignedFile.Multi.Generic (1) 12:38:59.0490 5844 [ 1B2A1C6BC76E1EBE8BC2F4A4F3D43E23 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS 12:38:59.0522 5844 SRTSP - ok 12:38:59.0600 5844 [ F01A7F6E60E95FE83345CF92728A32D4 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS 12:38:59.0678 5844 SRTSPL ( UnsignedFile.Multi.Generic ) - warning 12:38:59.0678 5844 SRTSPL - detected UnsignedFile.Multi.Generic (1) 12:38:59.0896 5844 [ D02812F89E18C6FB32F901BE1E10BC17 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS 12:38:59.0943 5844 SRTSPX - ok 12:39:00.0021 5844 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 12:39:00.0130 5844 srv - ok 12:39:00.0380 5844 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:39:00.0504 5844 srv2 - ok 12:39:00.0567 5844 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:39:00.0660 5844 srvnet - ok 12:39:00.0785 5844 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:39:00.0863 5844 SSDPSRV - ok 12:39:00.0941 5844 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:39:01.0004 5844 SstpSvc - ok 12:39:01.0331 5844 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 12:39:01.0440 5844 Stereo Service - ok 12:39:01.0721 5844 [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA C:\Windows\system32\drivers\stwrt.sys 12:39:01.0830 5844 STHDA - ok 12:39:02.0064 5844 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 12:39:02.0189 5844 stisvc - ok 12:39:02.0501 5844 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 12:39:02.0517 5844 stllssvr ( UnsignedFile.Multi.Generic ) - warning 12:39:02.0517 5844 stllssvr - detected UnsignedFile.Multi.Generic (1) 12:39:02.0642 5844 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 12:39:02.0673 5844 swenum - ok 12:39:02.0829 5844 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 12:39:02.0938 5844 swprv - ok 12:39:03.0422 5844 [ A548ACF535D81A96E1B38F76A2DE658F ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe 12:39:03.0718 5844 Symantec AntiVirus - ok 12:39:03.0780 5844 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 12:39:03.0843 5844 Symc8xx - ok 12:39:04.0046 5844 [ 9D98270B5F10A4C84E8DA417C30756E1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS 12:39:04.0124 5844 SymEvent - ok 12:39:04.0217 5844 [ 7F4011A719BF30E3DBD84D3A0A45C91C ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS 12:39:04.0264 5844 SYMREDRV - ok 12:39:04.0358 5844 [ 2F03CBDB0F22278D05D5D616C993AB58 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS 12:39:04.0389 5844 SYMTDI - ok 12:39:04.0592 5844 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 12:39:06.0994 5844 Sym_hi - ok 12:39:07.0025 5844 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 12:39:07.0150 5844 Sym_u3 - ok 12:39:07.0368 5844 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 12:39:07.0509 5844 SysMain - ok 12:39:07.0602 5844 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:39:07.0665 5844 TabletInputService - ok 12:39:07.0790 5844 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 12:39:07.0899 5844 TapiSrv - ok 12:39:07.0992 5844 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 12:39:08.0070 5844 TBS - ok 12:39:08.0414 5844 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:39:08.0928 5844 Tcpip - ok 12:39:09.0662 5844 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 12:39:09.0864 5844 Tcpip6 - ok 12:39:10.0020 5844 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:39:12.0672 5844 tcpipreg - ok 12:39:12.0704 5844 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:39:12.0797 5844 TDPIPE - ok 12:39:12.0891 5844 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:39:12.0953 5844 TDTCP - ok -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
I have uninstalled µTorrent. When I ran mbar.exe, a popup message appeared, to which I clicked 'No': "Registry value 'AppInit_Dlls' has been found, which may be caused by rootkit activity. Note: Press 'No' button if your'e not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press 'Yes' should this message appear again. Do you want to remove this value and restart the tool?" Another item: I have an external hard drive which I sometimes attach to my computer. This drive was not attached when Malwarebytes found the initial problem of this post, but I'm wondering if I should attach the drive while I run these cleaning processes. Thanks. Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2012.12.14.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Mario :: NOFACE [administrator] 12/14/2012 2:46:46 PM mbar-log-2012-12-14 (14-46-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 33774 Time elapsed: 29 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (PUM.UserWLoad) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Ransom) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\U (Trojan.Siredef.C) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\L (Trojan.Siredef.C) -> Delete on reboot. C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 1 C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\@ (Trojan.Siredef.C) -> Delete on reboot. (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.128000 GHz Memory total: 3218305024, free: 1146331136 ------------ Kernel report ------------ 12/14/2012 14:14:59 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iastor.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\DRVMCDB.SYS \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\e1e6032.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\System32\Drivers\DLACDBHM.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\dne2000.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\stwrt.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\SRTSP.SYS \SystemRoot\System32\Drivers\SRTSPX.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \??\C:\Windows\system32\Drivers\SYMEVENT.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\Drivers\SYMTDI.SYS \??\C:\Windows\system32\drivers\sp_rsdrv2.sys \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\DLA\DLADResM.SYS \SystemRoot\System32\DLA\DLAIFS_M.SYS \SystemRoot\System32\DLA\DLAOPIOM.SYS \SystemRoot\System32\DLA\DLAPoolM.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\DLA\DLABMFSM.SYS \SystemRoot\System32\DLA\DLABOIOM.SYS \SystemRoot\System32\DLA\DLAUDFAM.SYS \SystemRoot\System32\DLA\DLAUDF_M.SYS \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\Drivers\CVPNDRVA.sys \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVEX15.SYS \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121212.006\NAVENG.SYS \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\SYMREDRV.SYS \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8713e4b8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xffffffff85d06030 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8713eac8 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff85cf2030 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor Downloaded database version: v2012.12.14.09 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8713eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8703b108, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8713eac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff85cf2030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xffffffffb9de9bf8, 0xffffffff8713eac8, 0xffffffff874971e0 Lower DeviceData: 0xffffffff8ddb0a68, 0xffffffff85cf2030, 0xffffffff873da1d8 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 38000000 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 112392 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 112640 Numsec = 20971520 Partition 2 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 21084160 Numsec = 291411968 Partition file system is NTFS Partition is bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8713e4b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8713e138, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8713e4b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffffff85d06030, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xffffffffb9d81090, 0xffffffff8713e4b8, 0xffffffff87452040 Lower DeviceData: 0xffffffff89b1daa0, 0xffffffff85d06030, 0xffffffff87102898 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 9AE71CAD Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 976769024 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.dat" is compressed (flags = 1) Read File: File "C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\instance.dat" is compressed (flags = 1) Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\@ --> [Trojan.Siredef.C] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C] Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [PUM.UserWLoad] Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load --> [Trojan.Ransom] Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\U --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b\L --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-21-293651391-2175594108-1919989058-1000\$35f3192656ac3495b3b2336707e55e1b --> [Trojan.Siredef.C] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal successful. No system shutdown is required. ======================================= DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Mario at 15:08:05 on 2012-12-14 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1217 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Windows\sttray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418 mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418 BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [Google Update] "c:\users\mario\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ultimateHistory] c:\users\mario\appdata\roaming\8a1713\8A1713.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sigmatelSysTrayApp] sttray.exe mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe mRun: [RMAlert] "c:\program files\pc tools registry mechanic\Alert.exe" /PRODUCT=RM /R mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Z1] c:\users\mario\desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mario\appdata\roaming\mozilla\firefox\profiles\5xwdjfww.new profile1\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll FF - plugin: c:\users\mario\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\users\mario\appdata\roaming\move networks\plugins\npqmp071706000001.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmirage.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\NPSWF32.dll FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1" FileExt: .reg: regfile=regedit.exe "%1" %* ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-12-14 18:49:59 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\offreg.dll 2012-12-13 07:05:12 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-13 07:04:19 52584 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-13 07:03:14 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-12-13 06:57:54 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-13 06:57:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-13 06:57:40 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-13 06:57:40 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-13 06:57:39 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-13 06:57:39 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-13 06:57:37 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-13 06:57:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-13 06:57:36 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-13 06:57:36 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-13 06:57:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-13 05:29:42 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\mpengine.dll 2012-12-13 05:28:58 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-13 05:28:54 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-13 05:28:52 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 05:28:52 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 05:28:39 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 05:28:26 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-13 05:28:26 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-13 05:28:03 2048 ----a-w- c:\windows\system32\tzres.dll . ==================== Find3M ==================== . 2012-12-13 04:31:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-13 04:31:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-11 02:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-11 02:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-11 02:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-10-11 02:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-10-11 02:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-11 02:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll 2012-10-11 02:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-11 02:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-11 02:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll 2012-10-11 02:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll 2012-10-11 02:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-11 02:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll 2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll 2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 18:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe 2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 15:09:47.14 =============== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Mario at 15:08:05 on 2012-12-14 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1217 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Windows\sttray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418 mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418 BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [Google Update] "c:\users\mario\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ultimateHistory] c:\users\mario\appdata\roaming\8a1713\8A1713.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sigmatelSysTrayApp] sttray.exe mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe mRun: [RMAlert] "c:\program files\pc tools registry mechanic\Alert.exe" /PRODUCT=RM /R mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Z1] c:\users\mario\desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mario\appdata\roaming\mozilla\firefox\profiles\5xwdjfww.new profile1\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll FF - plugin: c:\users\mario\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\users\mario\appdata\roaming\move networks\plugins\npqmp071706000001.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmirage.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\NPSWF32.dll FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1" FileExt: .reg: regfile=regedit.exe "%1" %* ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-12-14 18:49:59 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\offreg.dll 2012-12-13 07:05:12 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-13 07:04:19 52584 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-13 07:03:14 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-12-13 06:57:54 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-13 06:57:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-13 06:57:40 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-13 06:57:40 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-13 06:57:39 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-13 06:57:39 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-13 06:57:37 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-13 06:57:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-13 06:57:36 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-13 06:57:36 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-13 06:57:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-13 05:29:42 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc6c61f-1d0b-46d7-879a-6e57fcb8c5dc}\mpengine.dll 2012-12-13 05:28:58 2048000 ----a-w- c:\windows\system32\win32k.sys 2012-12-13 05:28:54 75776 ----a-w- c:\windows\system32\synceng.dll 2012-12-13 05:28:52 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 05:28:52 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 05:28:39 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 05:28:26 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-13 05:28:26 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-13 05:28:03 2048 ----a-w- c:\windows\system32\tzres.dll . ==================== Find3M ==================== . 2012-12-13 04:31:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-13 04:31:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-11 02:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-11 02:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-11 02:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-10-11 02:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-10-11 02:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-11 02:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll 2012-10-11 02:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-11 02:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-11 02:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll 2012-10-11 02:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll 2012-10-11 02:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-11 02:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll 2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll 2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 18:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe 2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 15:09:47.14 =============== -
Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom
maa replied to maa's topic in Resolved Malware Removal Logs
Hello Maniac, I would like to proceed with the cleaning. Quick question - if I choose at some point to reformat & reinstall the OS, are there any files that can safely be transferred? For example, my music, movie, and photo collection? Thanks! -
Hello, When I run Malwarebytes, it finds two items, I select to remove, and yet after restart and rerunning Malwarebytes, the two items reappear: PUM.UserWLoad and Trojan.Ransom. I also get a popup message upon startup - I am attaching a screenshot. Below is the Malwarebytes log, followed by dds.txt and attach.txt. Thanks for any help you can give! Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.13.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Mario :: NOFACE [administrator] 12/12/2012 11:53:54 PM mbam-log-2012-12-12 (23-53-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 263795 Time elapsed: 15 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Mario\LOCALS~1\Temp\msewbax.com -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2 Run by Mario at 0:17:08 on 2012-12-13 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1345 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Windows\sttray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe F:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418 mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070418 uWindows: Load = c:\users\mario\locals~1\temp\msewbax.com BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [Google Update] "c:\users\mario\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ultimateHistory] c:\users\mario\appdata\roaming\8a1713\8A1713.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [sigmatelSysTrayApp] sttray.exe mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe mRun: [RMAlert] "c:\program files\pc tools registry mechanic\Alert.exe" /PRODUCT=RM /R mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files\stardock\fences\FencesMenu.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mario\appdata\roaming\mozilla\firefox\profiles\5xwdjfww.new profile1\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll FF - plugin: c:\users\mario\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\users\mario\appdata\roaming\move networks\plugins\npqmp071706000001.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmirage.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\NPSWF32.dll FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-7-7 142592] R2 Bentley SELECT Server Gateway;Bentley SELECT Server Gateway;c:\program files\bentley\selectserver\Bentley.SelectServer.Gateway.exe [2007-3-26 102400] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-22 21504] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-4-5 793048] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1" FileExt: .reg: regfile=regedit.exe "%1" %* ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-11-14 00:25:39 -------- d-----w- c:\users\mario\appdata\roaming\Papa 2012-11-14 00:25:38 -------- d-----w- c:\users\mario\appdata\roaming\Luagod 2012-11-14 00:25:38 -------- d-----w- c:\users\mario\appdata\roaming\Fuoda 2012-11-13 07:06:45 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba07b63b-26c0-4c02-8ac6-5fe1caf4687b}\mpengine.dll . ==================== Find3M ==================== . 2012-12-13 04:31:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-13 04:31:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 0:19:25.70 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume3 Install Date: 4/17/2007 2:35:27 PM System Uptime: 12/12/2012 11:46:17 PM (1 hours ago) . Motherboard: Dell Inc. | | 0CT017 Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 139 GiB total, 1.486 GiB free. D: is FIXED (NTFS) - 10 GiB total, 6.75 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 40.372 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP2224: 12/11/2012 9:35:40 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 7-Zip 4.57 Add or Remove Adobe Creative Suite 3 Master Collection Adobe Acrobat 8 Professional Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe Encore CS3 Adobe Encore CS3 Codecs Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Reader 8.1.3 Adobe Setup Adobe SING CS3 Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 AHV content for Acrobat and Flash Amazon Unbox Video AnswerWorks 5.0 English Runtime Any Video Converter 3.1.0 Apple Application Support Apple Mobile Device Support Apple Software Update AutoCAD 2002 AutoCAD 2008 - English Autodesk DWF Viewer 7 AutoHotkey 1.0.48.05 Bentley MicroStation V8 XM Edition 08.09.04.51 Bentley SELECT Server V8 XM Edition Bloomberg SFD Data Dictionary Bonjour CCleaner CinemaForge Cisco Connect Cisco Systems VPN Client 5.0.02.0090 Corel Paint Shop Pro Photo XI Corel Snapfire Plus Dell Support Center (Support Software) Dell System Customization Wizard DellSupport DHTML Editing Component DivX Content Uploader DivX Setup DNA Documentation & Support Launcher Dropbox Evernote v. 4.1 Fences Free iPod Video Converter 1.26 Full Tilt Poker.Net Games, Music, & Photos Launcher GameTime+ Google Chrome Google Desktop Google Drive Google Earth Google SketchUp 7.1 Google Talk (remove only) Google Update Helper GTK+ Runtime 2.12.1 rev b (remove only) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Matrix Storage Manager Internet Explorer Developer Toolbar iTunes Java 7 Update 7 Java Auto Updater JavaFX 2.1.1 K-Lite Codec Pack 2.27 Full LiveUpdate 3.2 (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.1.1000 McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Works MobileMe Control Panel Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSN Money Investment Toolbox MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NVIDIA Drivers NVIDIA PhysX NVIDIA Stereoscopic 3D Driver PC Tools Registry Mechanic 11.0 PDF Settings Pdf995 PeerBlock 1.1 (r518) Pidgin Poker Grapher Poker Tracker Version 2.16.03d PokerAce Hud (remove only) Pokerazor 1.28 PokerStars PokerStove version 1.23 PokerTracker 3 (remove only) PostgreSQL 8.3 PowerDVD PowerISO Qualxserve Service Agreement Quicken 2008 QuickTime RealPlayer RedistSysFiles Rhapsody Player Engine Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio MyDVD DE Roxio Update Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition SigmaTel Audio SiSoftware Sandra Lite XII.SP1 Skype™ 5.10 Sonic Activation Module Spyware Terminator Symantec AntiVirus Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) URL Assistant User's Guides VBA (2627.01) VC80CRTRedist - 8.0.50727.6195 VirtualDJ Home FREE Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English VLC media player 1.0.0 WD SmartWare WebEx Recorder and Player WinRAR archiver WinZip 15.5 Xvid 1.2.2 final uninstall . ==== Event Viewer Messages From Past Week ======== . 12/12/2012 11:47:27 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel. . 12/12/2012 11:45:29 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32. . ==== End Of File ===========================
